From 78c5b346df1004eefeaf3846b9acbe80a397f869 Mon Sep 17 00:00:00 2001 From: starlet-dx <15929766099@163.com> Date: Thu, 13 Feb 2025 18:28:23 +0800 Subject: [PATCH] Fix CVE-2024-8445 --- 389-ds-base.spec | 6 +++++- CVE-2024-8445.patch | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 CVE-2024-8445.patch diff --git a/389-ds-base.spec b/389-ds-base.spec index 5ab5293..96984a6 100644 --- a/389-ds-base.spec +++ b/389-ds-base.spec @@ -6,7 +6,7 @@ ExcludeArch: i686 Name: 389-ds-base Summary: Base 389 Directory Server Version: 1.4.3.36 -Release: 7 +Release: 8 License: GPLv3+ URL: https://www.port389.org Source0: https://github.com/389ds/389-ds-base/archive/refs/tags/389-ds-base-%{version}.tar.gz @@ -26,6 +26,7 @@ Patch8: remove-where-cockpit_present-is-called.patch Patch9: fix-dsidm-role-subtree-status-fails-with-TypeError.patch Patch10: fix-typo.patch Patch11: backport-Issue-5142-CLI-dsctl-dbgen-is-broken.patch +Patch12: CVE-2024-8445.patch BuildRequires: nspr-devel nss-devel >= 3.34 perl-generators openldap-devel libdb-devel cyrus-sasl-devel icu BuildRequires: libicu-devel pcre-devel cracklib-devel gcc-c++ net-snmp-devel lm_sensors-devel bzip2-devel @@ -366,6 +367,9 @@ exit 0 %{_mandir}/*/* %changelog +* Thu Feb 13 2025 yaoxin <1024769339@qq.com> - 1.4.3.36-8 +- Fix CVE-2024-8445 + * Wed Nov 27 2024 wangkai <13474090681@163.com> - 1.4.3.36-7 - Fix dsidm role subtree-status fails with TypeError - Fix name cockpit_present is not defined. diff --git a/CVE-2024-8445.patch b/CVE-2024-8445.patch new file mode 100644 index 0000000..1eb1e41 --- /dev/null +++ b/CVE-2024-8445.patch @@ -0,0 +1,34 @@ +From 1d3fddaac336f84e87ba399388f85734d79ebb95 Mon Sep 17 00:00:00 2001 +From: Pierre Rogier +Date: Mon, 23 Sep 2024 19:18:52 +0200 +Subject: [PATCH] Security fix for CVE-2024-8445 + +Description: +The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all +scenarios. In certain product versions, this issue may allow +an authenticated user to cause a server crash while modifying +`userPassword` using malformed input. + +References: +- https://access.redhat.com/security/cve/CVE-2024-8445 +- https://nvd.nist.gov/vuln/detail/cve-2024-8445 +- https://bugzilla.redhat.com/show_bug.cgi?id=2310110 +- https://nvd.nist.gov/vuln/detail/CVE-2024-2199 +- https://access.redhat.com/security/cve/CVE-2024-2199 +- https://bugzilla.redhat.com/show_bug.cgi?id=2267976 +--- + ldap/servers/slapd/modify.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c +index 669bb104ca..2fab346ec3 100644 +--- a/ldap/servers/slapd/modify.c ++++ b/ldap/servers/slapd/modify.c +@@ -940,6 +940,7 @@ op_shared_modify(Slapi_PBlock *pb, int pw_change, char *old_pw) + send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, NULL, "Unable to hash \"userPassword\" attribute, " + "check value is utf8 string.\n", 0, NULL); + valuearray_free(&va); ++ slapi_pblock_set(pb, SLAPI_MODIFY_MODS, (void *)slapi_mods_get_ldapmods_passout(&smods)); + goto free_and_return; + } + -- Gitee