packages/three-eight-nine-ds-base
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2024-8445

Browse Source 
(cherry picked from commit f6c41e79673553128e44635d28e256eaa51b4da8)
This commit is contained in:
starlet-dx 2025-02-13 17:46:26 +08:00 committed by openeuler-sync-bot
parent 9ce9007b14
commit 71aa1e1fae
2 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
389-ds-base.spec
View File

@ -6,7 +6,7 @@ ExcludeArch: i686
Name: 389-ds-base
Summary: Base 389 Directory Server
Version: 1.4.3.36
Release: 8
Release: 9
License: GPLv3+
URL: https://www.port389.org
Source0: https://github.com/389ds/389-ds-base/archive/refs/tags/389-ds-base-%{version}.tar.gz
@ -26,6 +26,7 @@ Patch8: remove-where-cockpit_present-is-called.patch
Patch9: fix-dsidm-role-subtree-status-fails-with-TypeError.patch
Patch10: fix-typo.patch
Patch11: backport-Issue-5142-CLI-dsctl-dbgen-is-broken.patch
Patch12: CVE-2024-8445.patch
BuildRequires: nspr-devel nss-devel >= 3.34 perl-generators openldap-devel libdb-devel cyrus-sasl-devel icu
BuildRequires: libicu-devel pcre-devel cracklib-devel gcc-c++ net-snmp-devel lm_sensors-devel bzip2-devel
@ -388,6 +389,9 @@ exit 0
%{_mandir}/*/*
%changelog
* Thu Feb 13 2025 yaoxin <1024769339@qq.com> - 1.4.3.36-9
- Fix CVE-2024-8445
* Wed Nov 27 2024 wangkai <13474090681@163.com> - 1.4.3.36-8
- Fix dsidm role subtree-status fails with TypeError
- Fix name cockpit_present is not defined.

34
CVE-2024-8445.patch Normal file
View File

@ -0,0 +1,34 @@
From 1d3fddaac336f84e87ba399388f85734d79ebb95 Mon Sep 17 00:00:00 2001
From: Pierre Rogier <progier@redhat.com>
Date: Mon, 23 Sep 2024 19:18:52 +0200
Subject: [PATCH] Security fix for CVE-2024-8445
Description:
The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all
scenarios. In certain product versions, this issue may allow
an authenticated user to cause a server crash while modifying
`userPassword` using malformed input.
References:
- https://access.redhat.com/security/cve/CVE-2024-8445
- https://nvd.nist.gov/vuln/detail/cve-2024-8445
- https://bugzilla.redhat.com/show_bug.cgi?id=2310110
- https://nvd.nist.gov/vuln/detail/CVE-2024-2199
- https://access.redhat.com/security/cve/CVE-2024-2199
- https://bugzilla.redhat.com/show_bug.cgi?id=2267976
---
ldap/servers/slapd/modify.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
index 669bb104ca..2fab346ec3 100644
--- a/ldap/servers/slapd/modify.c
+++ b/ldap/servers/slapd/modify.c
@@ -940,6 +940,7 @@ op_shared_modify(Slapi_PBlock *pb, int pw_change, char *old_pw)
send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, NULL, "Unable to hash \"userPassword\" attribute, "
"check value is utf8 string.\n", 0, NULL);
valuearray_free(&va);
+ slapi_pblock_set(pb, SLAPI_MODIFY_MODS, (void *)slapi_mods_get_ldapmods_passout(&smods));
goto free_and_return;
}