[Git][java-team/libapache-mod-jk][buster] 2 commits: CVE-2024-46544

Chris Lamb (@lamby) Tue, 15 Oct 2024 06:59:04 -0700


Chris Lamb pushed to branch buster at Debian Java Maintainers / libapache-mod-jk



Commits:
6b4a46f9 by Chris Lamb at 2024-10-10T15:20:36-07:00
CVE-2024-46544

- - - - -
ce7457df by Chris Lamb at 2024-10-14T11:57:34-07:00
releasing package libapache-mod-jk version 1:1.2.46-1+deb10u3

- - - - -


3 changed files:

- debian/changelog
- + debian/patches/0004-CVE-2024-46544.patch
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,13 @@
+libapache-mod-jk (1:1.2.46-1+deb10u3) buster-security; urgency=high
+
+  * Non-maintainer upload by the Debian ELTS team.
+  * CVE-2024-46544: An issue with incorrect default permissions could have
+    allowed local users to view and modify shared memory containing mod_jk's
+    configuration, which may have potentially led to information disclosure
+    and/or a denial of service attack. (Closes: #1082713)
+
+ -- Chris Lamb <[email protected]>  Mon, 14 Oct 2024 11:57:22 -0700
+
 libapache-mod-jk (1:1.2.46-1+deb10u2) buster-security; urgency=high
 
   * Fix CVE-2023-41081:


=====================================
debian/patches/0004-CVE-2024-46544.patch
=====================================
@@ -0,0 +1,71 @@
+From: Rainer Jung <[email protected]>
+Date: Thu, 8 Aug 2024 10:00:13 +0200
+Subject: [PATCH] Improve shared memory handling on non-Windows.
+
+---
+ native/common/jk_shm.c            | 12 ++++++------
+ xdocs/miscellaneous/changelog.xml |  3 +++
+ 2 files changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/native/common/jk_shm.c b/native/common/jk_shm.c
+index 00d6a44..8cb1641 100644
+--- a/native/common/jk_shm.c
++++ b/native/common/jk_shm.c
+@@ -460,7 +460,7 @@ static int do_shm_open_lock(const char *fname, int 
attached, jk_logger_t *l)
+ 
+     if (attached && jk_shmem.lockname) {
+ #ifdef JK_SHM_LOCK_REOPEN
+-        jk_shmem.fd_lock = open(jk_shmem.lockname, O_RDWR, 0666);
++        jk_shmem.fd_lock = open(jk_shmem.lockname, O_RDWR, 0600);
+ #else
+         errno = EINVAL;
+ #endif
+@@ -484,7 +484,7 @@ static int do_shm_open_lock(const char *fname, int 
attached, jk_logger_t *l)
+         for (i = 0; i < 8; i++) {
+             strcpy(flkname, "/tmp/jkshmlock.XXXXXX");
+             if (mktemp(flkname)) {
+-                jk_shmem.fd_lock = open(flkname, O_RDWR|O_CREAT|O_TRUNC, 
0666);
++                jk_shmem.fd_lock = open(flkname, O_RDWR|O_CREAT|O_TRUNC, 
0600);
+                 if (jk_shmem.fd_lock >= 0)
+                     break;
+             }
+@@ -496,10 +496,10 @@ static int do_shm_open_lock(const char *fname, int 
attached, jk_logger_t *l)
+ #ifdef AS400_UTF8
+         wptr = (char *)malloc(strlen(flkname) + 1);
+         jk_ascii2ebcdic((char *)flkname, wptr);
+-        jk_shmem.fd_lock = open(wptr, O_RDWR|O_CREAT|O_TRUNC, 0666);
++        jk_shmem.fd_lock = open(wptr, O_RDWR|O_CREAT|O_TRUNC, 0600);
+         free(wptr);
+ #else
+-        jk_shmem.fd_lock = open(flkname, O_RDWR|O_CREAT|O_TRUNC, 0666);
++        jk_shmem.fd_lock = open(flkname, O_RDWR|O_CREAT|O_TRUNC, 0600);
+ #endif
+ #endif
+         if (jk_shmem.fd_lock == -1) {
+@@ -590,10 +590,10 @@ static int do_shm_open(const char *fname, int attached,
+ #ifdef AS400_UTF8
+         wptr = (char *)malloc(strlen(jk_shmem.filename) + 1);
+         jk_ascii2ebcdic((char *)jk_shmem.filename, wptr);
+-        fd = open(wptr, O_RDWR|O_CREAT|O_TRUNC, 0666);
++        fd = open(wptr, O_RDWR|O_CREAT|O_TRUNC, 0600);
+         free(wptr);
+ #else
+-        fd = open(jk_shmem.filename, O_RDWR|O_CREAT|O_TRUNC, 0666);
++        fd = open(jk_shmem.filename, O_RDWR|O_CREAT|O_TRUNC, 0600);
+ #endif
+         if (fd == -1) {
+             jk_shmem.size = 0;
+diff --git a/xdocs/miscellaneous/changelog.xml 
b/xdocs/miscellaneous/changelog.xml
+index 671ee7c..a9fcfab 100644
+--- a/xdocs/miscellaneous/changelog.xml
++++ b/xdocs/miscellaneous/changelog.xml
+@@ -49,6 +49,9 @@
+         socket_connect_timeout to be interpreted in units of seconds
+         instead of milliseconds on platforms that provide poll(). (rjung)
+       </fix>
++      <fix>
++        Improve shared memory handling on non-Windows. (rjung)
++      </fix>
+     </changelog>
+   </subsection>
+ </section>


=====================================
debian/patches/series
=====================================
@@ -3,3 +3,4 @@
 0003-upgrade-info-to-error-message.patch
 fix-privacy-breach.patch
 CVE-2023-41081.patch
+0004-CVE-2024-46544.patch



View it on GitLab: 
https://salsa.debian.org/java-team/libapache-mod-jk/-/compare/bd976de47c11f9c87258a89beb0f0b7095b37605...ce7457df152ee41d09494dd197b03ea45f912c1e

-- 
View it on GitLab: 
https://salsa.debian.org/java-team/libapache-mod-jk/-/compare/bd976de47c11f9c87258a89beb0f0b7095b37605...ce7457df152ee41d09494dd197b03ea45f912c1e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
pkg-java-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-commits

[Git][java-team/libapache-mod-jk][buster] 2 commits: CVE-2024-46544

Reply via email to