[Git][java-team/libapache-mod-jk][bullseye] 2 commits: CVE-2024-46544

Chris Lamb (@lamby) Tue, 15 Oct 2024 06:59:03 -0700


Chris Lamb pushed to branch bullseye at Debian Java Maintainers / 
libapache-mod-jk



Commits:
b27404b9 by Chris Lamb at 2024-10-10T15:17:02-07:00
CVE-2024-46544

- - - - -
350ab8d7 by Chris Lamb at 2024-10-14T11:57:59-07:00
releasing package libapache-mod-jk version 1:1.2.48-1+deb11u2

- - - - -


3 changed files:

- debian/changelog
- + debian/patches/0004-CVE-2024-46544.patch
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,13 @@
+libapache-mod-jk (1:1.2.48-1+deb11u2) bullseye-security; urgency=high
+
+  * Non-maintainer upload by the Debian LTS team.
+  * CVE-2024-46544: An issue with incorrect default permissions could have
+    allowed local users to view and modify shared memory containing mod_jk's
+    configuration, which may have potentially led to information disclosure
+    and/or a denial of service attack. (Closes: #1082713)
+
+ -- Chris Lamb <[email protected]>  Mon, 14 Oct 2024 11:57:47 -0700
+
 libapache-mod-jk (1:1.2.48-1+deb11u1) bullseye; urgency=high
 
   * Fix CVE-2023-41081:


=====================================
debian/patches/0004-CVE-2024-46544.patch
=====================================
@@ -0,0 +1,71 @@
+From: Rainer Jung <[email protected]>
+Date: Thu, 8 Aug 2024 10:00:13 +0200
+Subject: [PATCH] Improve shared memory handling on non-Windows.
+
+---
+ native/common/jk_shm.c            | 12 ++++++------
+ xdocs/miscellaneous/changelog.xml |  3 +++
+ 2 files changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/native/common/jk_shm.c b/native/common/jk_shm.c
+index 58956dc..65d9f62 100644
+--- a/native/common/jk_shm.c
++++ b/native/common/jk_shm.c
+@@ -459,7 +459,7 @@ static int do_shm_open_lock(const char *fname, int 
attached, jk_logger_t *l)
+ 
+     if (attached && jk_shmem.lockname) {
+ #ifdef JK_SHM_LOCK_REOPEN
+-        jk_shmem.fd_lock = open(jk_shmem.lockname, O_RDWR, 0666);
++        jk_shmem.fd_lock = open(jk_shmem.lockname, O_RDWR, 0600);
+ #else
+         errno = EINVAL;
+ #endif
+@@ -483,7 +483,7 @@ static int do_shm_open_lock(const char *fname, int 
attached, jk_logger_t *l)
+         for (i = 0; i < 8; i++) {
+             strcpy(flkname, "/tmp/jkshmlock.XXXXXX");
+             if (mktemp(flkname)) {
+-                jk_shmem.fd_lock = open(flkname, O_RDWR|O_CREAT|O_TRUNC, 
0666);
++                jk_shmem.fd_lock = open(flkname, O_RDWR|O_CREAT|O_TRUNC, 
0600);
+                 if (jk_shmem.fd_lock >= 0)
+                     break;
+             }
+@@ -495,10 +495,10 @@ static int do_shm_open_lock(const char *fname, int 
attached, jk_logger_t *l)
+ #ifdef AS400_UTF8
+         wptr = (char *)malloc(strlen(flkname) + 1);
+         jk_ascii2ebcdic((char *)flkname, wptr);
+-        jk_shmem.fd_lock = open(wptr, O_RDWR|O_CREAT|O_TRUNC, 0666);
++        jk_shmem.fd_lock = open(wptr, O_RDWR|O_CREAT|O_TRUNC, 0600);
+         free(wptr);
+ #else
+-        jk_shmem.fd_lock = open(flkname, O_RDWR|O_CREAT|O_TRUNC, 0666);
++        jk_shmem.fd_lock = open(flkname, O_RDWR|O_CREAT|O_TRUNC, 0600);
+ #endif
+ #endif
+         if (jk_shmem.fd_lock == -1) {
+@@ -589,10 +589,10 @@ static int do_shm_open(const char *fname, int attached,
+ #ifdef AS400_UTF8
+         wptr = (char *)malloc(strlen(jk_shmem.filename) + 1);
+         jk_ascii2ebcdic((char *)jk_shmem.filename, wptr);
+-        fd = open(wptr, O_RDWR|O_CREAT|O_TRUNC, 0666);
++        fd = open(wptr, O_RDWR|O_CREAT|O_TRUNC, 0600);
+         free(wptr);
+ #else
+-        fd = open(jk_shmem.filename, O_RDWR|O_CREAT|O_TRUNC, 0666);
++        fd = open(jk_shmem.filename, O_RDWR|O_CREAT|O_TRUNC, 0600);
+ #endif
+         if (fd == -1) {
+             jk_shmem.size = 0;
+diff --git a/xdocs/miscellaneous/changelog.xml 
b/xdocs/miscellaneous/changelog.xml
+index bb5a8ac..224bb18 100644
+--- a/xdocs/miscellaneous/changelog.xml
++++ b/xdocs/miscellaneous/changelog.xml
+@@ -91,6 +91,9 @@
+         socket_connect_timeout to be interpreted in units of seconds
+         instead of milliseconds on platforms that provide poll(). (rjung)
+       </fix>
++      <fix>
++        Improve shared memory handling on non-Windows. (rjung)
++      </fix>
+     </changelog>
+   </subsection>
+ </section>


=====================================
debian/patches/series
=====================================
@@ -1,3 +1,4 @@
 0002-debianize-log-directory.patch
 0003-upgrade-info-to-error-message.patch
 CVE-2023-41081.patch
+0004-CVE-2024-46544.patch



View it on GitLab: 
https://salsa.debian.org/java-team/libapache-mod-jk/-/compare/d7b06cf72cff9214f72a3ca711b83730235010da...350ab8d762e115cea0d8cd3eca4e9723b243accf

-- 
View it on GitLab: 
https://salsa.debian.org/java-team/libapache-mod-jk/-/compare/d7b06cf72cff9214f72a3ca711b83730235010da...350ab8d762e115cea0d8cd3eca4e9723b243accf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
pkg-java-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-commits

[Git][java-team/libapache-mod-jk][bullseye] 2 commits: CVE-2024-46544

Reply via email to