diff --git a/0056-fix-cve-CVE-2022-47952-log-leaks-root-information.patch b/0056-fix-cve-CVE-2022-47952-log-leaks-root-information.patch new file mode 100644 index 0000000000000000000000000000000000000000..c82a86e2b3a38bfcebc54c91f8d5a25c4e4eeaee --- /dev/null +++ b/0056-fix-cve-CVE-2022-47952-log-leaks-root-information.patch @@ -0,0 +1,50 @@ +From 879297c6c83424af19a47040834fd89f808ef296 Mon Sep 17 00:00:00 2001 +From: "Neil.wrz" +Date: Thu, 12 Jan 2023 22:53:10 -0800 +Subject: [PATCH] update + +--- + src/lxc/cmd/lxc_user_nic.c | 14 +++++--------- + 1 file changed, 5 insertions(+), 9 deletions(-) + +diff --git a/src/lxc/cmd/lxc_user_nic.c b/src/lxc/cmd/lxc_user_nic.c +index fd34559..8b05262 100644 +--- a/src/lxc/cmd/lxc_user_nic.c ++++ b/src/lxc/cmd/lxc_user_nic.c +@@ -1113,20 +1113,16 @@ int main(int argc, char *argv[]) + } else if (request == LXC_USERNIC_DELETE) { + char opath[LXC_PROC_PID_FD_LEN]; + +- /* Open the path with O_PATH which will not trigger an actual +- * open(). Don't report an errno to the caller to not leak +- * information whether the path exists or not. +- * When stracing setuid is stripped so this is not a concern +- * either. +- */ ++ // Keep in mind CVE-2022-47952: It's crucial not to leak any ++ // information whether open() succeeded or failed. + netns_fd = open(args.pid, O_PATH | O_CLOEXEC); + if (netns_fd < 0) { +- usernic_error("Failed to open \"%s\"\n", args.pid); ++ usernic_error("Failed while opening netns file for \"%s\"\n", args.pid); + _exit(EXIT_FAILURE); + } + + if (!fhas_fs_type(netns_fd, NSFS_MAGIC)) { +- usernic_error("Path \"%s\" does not refer to a network namespace path\n", args.pid); ++ usernic_error("Failed while opening netns file for \"%s\"\n", args.pid); + close(netns_fd); + _exit(EXIT_FAILURE); + } +@@ -1140,7 +1136,7 @@ int main(int argc, char *argv[]) + /* Now get an fd that we can use in setns() calls. */ + ret = open(opath, O_RDONLY | O_CLOEXEC); + if (ret < 0) { +- CMD_SYSERROR("Failed to open \"%s\"\n", args.pid); ++ CMD_SYSERROR("Failed while opening netns file for \"%s\"\n", args.pid); + close(netns_fd); + _exit(EXIT_FAILURE); + } +-- +2.25.1 + diff --git a/lxc.spec b/lxc.spec index 9ef5500111ae7892efe38c9f48cc39dcc317b3ac..e49fca455038cae774206178dafd4d80da85f4de 100644 --- a/lxc.spec +++ b/lxc.spec @@ -1,4 +1,4 @@ -%global _release 2022102407 +%global _release 2022102408 Name: lxc Version: 4.0.3 @@ -63,6 +63,7 @@ Patch0052: 0052-add-lxc-attach-add-gids-option.patch Patch0053: 0053-change-the-suffi-parameter-in-lxc-attach-help-output.patch Patch0054: 0054-rollback-strprint-code-modified.patch Patch0055: 0055-add-sscanf-adapation-code-for-musl.patch +Patch0056: 0056-fix-cve-CVE-2022-47952-log-leaks-root-information.patch BuildRequires: systemd-units git libtool graphviz docbook2X doxygen chrpath BuildRequires: pkgconfig(libseccomp) @@ -243,6 +244,12 @@ make check %endif %changelog +* Fri Jan 13 2023 wangrunze - 4.0.3-2022102408 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: fix cve CVE-2022-47952 log leaks root information + * Wed Jan 04 2023 zhongtao - 4.0.3-2022102407 - Type:bugfix - ID:NA diff --git a/series.conf b/series.conf index 76f538636f29767086abb25658b4f3ecc254c245..dc10329e8bd72cc88173f4fc540d8f147a6bd537 100644 --- a/series.conf +++ b/series.conf @@ -53,3 +53,4 @@ 0053-change-the-suffi-parameter-in-lxc-attach-help-output.patch 0054-rollback-strprint-code-modified.patch 0055-add-sscanf-adapation-code-for-musl.patch +0056-fix-cve-CVE-2022-47952-log-leaks-root-information.patch \ No newline at end of file