Details: https://nvd.nist.gov/vuln/detail/CVE-2024-39844
Pick the patch that is mentioned in the oss-security[1] advisory [1]: https://www.openwall.com/lists/oss-security/2024/07/03/9 Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../recipes-irc/znc/znc/CVE-2024-39844.patch | 61 +++++++++++++++++++ meta-networking/recipes-irc/znc/znc_1.8.2.bb | 4 +- 2 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 meta-networking/recipes-irc/znc/znc/CVE-2024-39844.patch diff --git a/meta-networking/recipes-irc/znc/znc/CVE-2024-39844.patch b/meta-networking/recipes-irc/znc/znc/CVE-2024-39844.patch new file mode 100644 index 0000000000..de0d8c5541 --- /dev/null +++ b/meta-networking/recipes-irc/znc/znc/CVE-2024-39844.patch @@ -0,0 +1,61 @@ +From 5f6c872e44830d41d4d242e241af7b096a62a7c3 Mon Sep 17 00:00:00 2001 +From: Alexey Sokolov <[email protected]> +Date: Mon, 1 Jul 2024 09:59:16 +0100 +Subject: [PATCH] Fix RCE vulnerability in modtcl + +Remote attacker could execute arbitrary code embedded into the kick +reason while kicking someone on a channel. + +To mitigate this for existing installations, simply unload the modtcl +module for every user, if it's loaded. +Note that only users with admin rights can load modtcl at all. + +While at it, also escape the channel name. + +Discovered by Johannes Kuhn (DasBrain) + +Patch by https://github.com/glguy + +CVE-2024-39844 + +CVE: CVE-2024-39844 +Upstream-Status: Backport [https://github.com/znc/znc/commit/8cbf8d628174ddf23da680f3f117dc54da0eb06e] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + modules/modtcl.cpp | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/modules/modtcl.cpp b/modules/modtcl.cpp +index c64bc43f..58e68f51 100644 +--- a/modules/modtcl.cpp ++++ b/modules/modtcl.cpp +@@ -248,8 +248,9 @@ class CModTcl : public CModule { + // chan specific + unsigned int nLength = vChans.size(); + for (unsigned int n = 0; n < nLength; n++) { ++ CString sChannel = TclEscape(CString(vChans[n]->GetName())); + sCommand = "Binds::ProcessNick {" + sOldNick + "} {" + sHost + +- "} - {" + vChans[n]->GetName() + "} {" + sNewNickTmp + ++ "} - {" + sChannel + "} {" + sNewNickTmp + + "}"; + int i = Tcl_Eval(interp, sCommand.c_str()); + if (i != TCL_OK) { +@@ -260,14 +261,16 @@ class CModTcl : public CModule { + + void OnKick(const CNick& OpNick, const CString& sKickedNick, CChan& Channel, + const CString& sMessage) override { ++ CString sMes = TclEscape(sMessage); + CString sOpNick = TclEscape(CString(OpNick.GetNick())); + CString sNick = TclEscape(sKickedNick); + CString sOpHost = + TclEscape(CString(OpNick.GetIdent() + "@" + OpNick.GetHost())); ++ CString sChannel = TclEscape(Channel.GetName()); + + CString sCommand = "Binds::ProcessKick {" + sOpNick + "} {" + sOpHost + +- "} - {" + Channel.GetName() + "} {" + sNick + "} {" + +- sMessage + "}"; ++ "} - {" + sChannel + "} {" + sNick + "} {" + ++ sMes + "}"; + int i = Tcl_Eval(interp, sCommand.c_str()); + if (i != TCL_OK) { + PutModule(Tcl_GetStringResult(interp)); diff --git a/meta-networking/recipes-irc/znc/znc_1.8.2.bb b/meta-networking/recipes-irc/znc/znc_1.8.2.bb index a50431982e..f7a99c876f 100644 --- a/meta-networking/recipes-irc/znc/znc_1.8.2.bb +++ b/meta-networking/recipes-irc/znc/znc_1.8.2.bb @@ -5,7 +5,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" DEPENDS = "openssl zlib icu" -SRC_URI = "gitsm://github.com/znc/znc.git;branch=master;protocol=https" +SRC_URI = "gitsm://github.com/znc/znc.git;branch=master;protocol=https \ + file://CVE-2024-39844.patch \ + " SRCREV = "bf253640d33d03331310778e001fb6f5aba2989e"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#122642): https://lists.openembedded.org/g/openembedded-devel/message/122642 Mute This Topic: https://lists.openembedded.org/mt/116768132/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
