!120 [sync] PR-119: Fix CVE-2024-8445

From: @openeuler-sync-bot Reviewed-by: @starlet-dx Signed-off-by: @starlet-dx
2025-02-13 09:20:11 +00:00 · 2025-02-13 09:20:11 +00:00 · 4784aff5a7
commit 4784aff5a7
parent 9ce9007b14 71aa1e1fae
2 changed files with 39 additions and 1 deletions
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@ -6,7 +6,7 @@ ExcludeArch:   i686
 Name:          389-ds-base
 Summary:       Base 389 Directory Server
 Version:       1.4.3.36
-Release:       8
+Release:       9
 License:       GPLv3+
 URL:           https://www.port389.org
 Source0:       https://github.com/389ds/389-ds-base/archive/refs/tags/389-ds-base-%{version}.tar.gz
@ -26,6 +26,7 @@ Patch8:        remove-where-cockpit_present-is-called.patch
 Patch9:        fix-dsidm-role-subtree-status-fails-with-TypeError.patch
 Patch10:       fix-typo.patch
 Patch11:       backport-Issue-5142-CLI-dsctl-dbgen-is-broken.patch
+Patch12:       CVE-2024-8445.patch

 BuildRequires: nspr-devel nss-devel >= 3.34 perl-generators openldap-devel libdb-devel cyrus-sasl-devel icu
 BuildRequires: libicu-devel pcre-devel cracklib-devel gcc-c++ net-snmp-devel lm_sensors-devel bzip2-devel
@ -388,6 +389,9 @@ exit 0
 %{_mandir}/*/*

 %changelog
+* Thu Feb 13 2025 yaoxin <1024769339@qq.com> - 1.4.3.36-9
+- Fix CVE-2024-8445
+
 * Wed Nov 27 2024 wangkai <13474090681@163.com> - 1.4.3.36-8
 - Fix dsidm role subtree-status fails with TypeError
 - Fix name cockpit_present is not defined.
--- a/CVE-2024-8445.patch
+++ b/CVE-2024-8445.patch
@ -0,0 +1,34 @@
+From 1d3fddaac336f84e87ba399388f85734d79ebb95 Mon Sep 17 00:00:00 2001
+From: Pierre Rogier <progier@redhat.com>
+Date: Mon, 23 Sep 2024 19:18:52 +0200
+Subject: [PATCH] Security fix for CVE-2024-8445
+
+Description:
+The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all
+scenarios. In certain product versions, this issue may allow
+an authenticated user to cause a server crash while modifying
+`userPassword` using malformed input.
+
+References:
+- https://access.redhat.com/security/cve/CVE-2024-8445
+- https://nvd.nist.gov/vuln/detail/cve-2024-8445
+- https://bugzilla.redhat.com/show_bug.cgi?id=2310110
+- https://nvd.nist.gov/vuln/detail/CVE-2024-2199
+- https://access.redhat.com/security/cve/CVE-2024-2199
+- https://bugzilla.redhat.com/show_bug.cgi?id=2267976
+---
+ ldap/servers/slapd/modify.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
+index 669bb104ca..2fab346ec3 100644
+--- a/ldap/servers/slapd/modify.c
+++ b/ldap/servers/slapd/modify.c
+@@ -940,6 +940,7 @@ op_shared_modify(Slapi_PBlock *pb, int pw_change, char *old_pw)
+                 send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, NULL, "Unable to hash \"userPassword\" attribute, "
+                     "check value is utf8 string.\n", 0, NULL);
+                 valuearray_free(&va);
+                slapi_pblock_set(pb, SLAPI_MODIFY_MODS, (void *)slapi_mods_get_ldapmods_passout(&smods));
+                 goto free_and_return;
+             }
+