From 61f91f718d3f06ef512aa49710c7195be9e5e0a3 Mon Sep 17 00:00:00 2001 From: Linux_zhang Date: Tue, 4 Mar 2025 11:37:21 +0800 Subject: [PATCH] fix CVE-2025-1390 (cherry picked from commit 58ed633f8c490f0ccf68b9282fe63c8ecc1215d5) --- ...otential-configuration-parsing-error.patch | 32 +++++++++++++++++++ libcap.spec | 6 +++- 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2025-1390-pam_cap-Fix-potential-configuration-parsing-error.patch diff --git a/backport-CVE-2025-1390-pam_cap-Fix-potential-configuration-parsing-error.patch b/backport-CVE-2025-1390-pam_cap-Fix-potential-configuration-parsing-error.patch new file mode 100644 index 0000000..c143fee --- /dev/null +++ b/backport-CVE-2025-1390-pam_cap-Fix-potential-configuration-parsing-error.patch @@ -0,0 +1,32 @@ +From 1ad42b66c3567481cc5fa22fc1ba1556a316d878 Mon Sep 17 00:00:00 2001 +From: Tianjia Zhang +Date: Mon, 17 Feb 2025 10:31:55 +0800 +Subject: [PATCH] pam_cap: Fix potential configuration parsing error + +The current configuration parsing does not actually skip user names +that do not start with @, but instead treats the name as a group +name for further parsing, which can result in matching unexpected +capability sets and may trigger potential security issues. Only +names starting with @ should be parsed as group names. + +Signed-off-by: Tianjia Zhang +Signed-off-by: Andrew G. Morgan +--- + pam_cap/pam_cap.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c +index 24de329..3ec99bb 100644 +--- a/pam_cap/pam_cap.c ++++ b/pam_cap/pam_cap.c +@@ -166,6 +166,7 @@ static char *read_capabilities_for_user(const char *user, const char *source) + + if (line[0] != '@') { + D(("user [%s] is not [%s] - skipping", user, line)); ++ continue; + } + + int i; +-- +2.33.0 + diff --git a/libcap.spec b/libcap.spec index a52a9c8..f9b3d5a 100644 --- a/libcap.spec +++ b/libcap.spec @@ -1,6 +1,6 @@ Name: libcap Version: 2.61 -Release: 7 +Release: 8 Summary: A library for getting and setting POSIX.1e draft 15 capabilities License: GPLv2 URL: https://sites.google.com/site/fullycapable @@ -17,6 +17,7 @@ Patch7: backport-There-was-a-small-memory-leak-in-pam_cap.so-when-lib.patch Patch8: backport-libcap-Ensure-the-XATTR_NAME_CAPS-is-define.patch Patch9: backport-getpcaps-fix-program-name-in-help-message.patch Patch10: backport-Stop-using-_pam_overwrite-in-pam_cap.c.patch +Patch11: backport-CVE-2025-1390-pam_cap-Fix-potential-configuration-parsing-error.patch BuildRequires: libattr-devel pam-devel perl-interpreter gcc @@ -80,6 +81,9 @@ chmod +x %{buildroot}/%{_libdir}/*.so.* %{_mandir}/man8/*.gz %changelog +* Tue Mar 04 2025 Linux_zhang - 2.61-8 +- fix CVE-2025-1390 + * Mon Mar 25 2024 yanglongkang - 2.61-7 - backport upstream patches: getcpcaps: fix program name in help message -- Gitee