Your message dated Sat, 20 Jan 2024 10:34:42 +0000 with message-id <e1rr8gu-00cq1n...@fasolo.debian.org> and subject line Bug#1059451: fixed in opennds 10.2.0+dfsg-1 has caused the Debian Bug report #1059451, regarding opennds: CVE-2023-38313 CVE-2023-38314 CVE-2023-38315 CVE-2023-38316 CVE-2023-38320 CVE-2023-38322 CVE-2023-38324 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1059451: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059451 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: opennds Version: 9.10.0-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerabilities were published for opennds. CVE-2023-38313[0]: | An issue was discovered in OpenNDS Captive Portal before 10.1.2. it | has a do_binauth NULL pointer dereference that can be triggered with | a crafted GET HTTP request with a missing client redirect query | string parameter. Triggering this issue results in crashing openNDS | (a Denial-of-Service condition). The issue occurs when the client is | about to be authenticated, and can be triggered only when the | BinAuth option is set. CVE-2023-38314[1]: | An issue was discovered in OpenNDS Captive Portal before version | 10.1.2. It has a NULL pointer dereference in preauthenticated() that | can be triggered with a crafted GET HTTP request with a missing | redirect query string parameter. Triggering this issue results in | crashing OpenNDS (a Denial-of-Service condition). CVE-2023-38315[2]: | An issue was discovered in OpenNDS Captive Portal before version | 10.1.2. It has a try_to_authenticate NULL pointer dereference that | can be triggered with a crafted GET HTTP with a missing client token | query string parameter. Triggering this issue results in crashing | OpenNDS (a Denial-of-Service condition). CVE-2023-38316[3]: | An issue was discovered in OpenNDS Captive Portal before version | 10.1.2. When the custom unescape callback is enabled, attackers can | execute arbitrary OS commands by inserting them into the URL portion | of HTTP GET requests. CVE-2023-38320[4]: | An issue was discovered in OpenNDS Captive Portal before version | 10.1.2. It has a show_preauthpage NULL pointer dereference that can | be triggered with a crafted GET HTTP with a missing User-Agent | header. Triggering this issue results in crashing OpenNDS (a Denial- | of-Service condition). CVE-2023-38322[5]: | An issue was discovered in OpenNDS Captive Portal before version | 10.1.2. It has a do_binauth NULL pointer dereference that be | triggered with a crafted GET HTTP request with a missing User-Agent | HTTP header. Triggering this issue results in crashing OpenNDS (a | Denial-of-Service condition). The issue occurs when the client is | about to be authenticated, and can be triggered only when the | BinAuth option is set. CVE-2023-38324[6]: | An issue was discovered in OpenNDS Captive Portal before version | 10.1.2. It allows users to skip the splash page sequence when it is | using the default FAS key and when OpenNDS is configured as FAS | (default). [7] contains the report, and these issues are fixed in v10.1.2 upstream. Note two more are fixed in 10.1.3 (separate bug for it coming to separate the CVEs) and a set of CVEs are apparently yet unresolved. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-38313 https://www.cve.org/CVERecord?id=CVE-2023-38313 [1] https://security-tracker.debian.org/tracker/CVE-2023-38314 https://www.cve.org/CVERecord?id=CVE-2023-38314 [2] https://security-tracker.debian.org/tracker/CVE-2023-38315 https://www.cve.org/CVERecord?id=CVE-2023-38315 [3] https://security-tracker.debian.org/tracker/CVE-2023-38316 https://www.cve.org/CVERecord?id=CVE-2023-38316 [4] https://security-tracker.debian.org/tracker/CVE-2023-38320 https://www.cve.org/CVERecord?id=CVE-2023-38320 [5] https://security-tracker.debian.org/tracker/CVE-2023-38322 https://www.cve.org/CVERecord?id=CVE-2023-38322 [6] https://security-tracker.debian.org/tracker/CVE-2023-38324 https://www.cve.org/CVERecord?id=CVE-2023-38324 [7] https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx [8] https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: opennds Source-Version: 10.2.0+dfsg-1 Done: Mike Gabriel <sunwea...@debian.org> We believe that the bug you reported is fixed in the latest version of opennds, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1059...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mike Gabriel <sunwea...@debian.org> (supplier of updated opennds package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 20 Jan 2024 11:00:54 +0100 Source: opennds Architecture: source Version: 10.2.0+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Edu Packaging Team <debian-edu-pkg-t...@lists.alioth.debian.org> Changed-By: Mike Gabriel <sunwea...@debian.org> Closes: 1040392 1059451 1059452 Changes: opennds (10.2.0+dfsg-1) unstable; urgency=medium . * New upstream release. (Closes: #1059451, #1059452). - CVE-2023-38313, CVE-2023-38314, CVE-2023-38315, CVE-2023-38316: Fix NULL pointer dereference if authdir is called with an incomplete or missing query string. - CVE-2023-38320, CVE-2023-38322: Fix - NULL pointer dereference if user_agent is NULL. - CVE-2023-38324: Generate unique sha256 faskey if not set in config. - CVE-2023-41101: Fix buffer overflow causing segfault. - CVE-2023-41102: Fix multiple memory leaks. * debian/patches: + Rebase 1004_add-documentation-key-in-service-file.patch. + Add 1005_evaluate-system-call-retvals.patch. Fix FTBFS against recent Debian. * debian/{opennds-daemon.install,rules}: + Adjust file installations into DEST_DIR. * debian/copyright: + Update copyright attributions. + Update copyright attribution for debian/. + Update auto-generated copyright.in file. * lintian: + Update files lines in very-long-line-length-in-source-file overrides with globbings. * debian/opennds-daemon-common.links: + Drop file. Drop man page symlinking. The formerly shipped man page was bogus and upstream removed it (for now). (Closes: #1040392). Checksums-Sha1: ae5ed93f94837a57f95a5fe7d6f1d96e5ba6e171 2238 opennds_10.2.0+dfsg-1.dsc 085dfaf7ccbe8b5106df68e7b13763a5cf1823c2 657512 opennds_10.2.0+dfsg.orig.tar.xz 71b631fbc1bcf61eccbdc67f3e87f0e7716fa8d9 7396 opennds_10.2.0+dfsg-1.debian.tar.xz 7d2be979de32ff38f6b94c3cf4947e01a9af739c 7473 opennds_10.2.0+dfsg-1_source.buildinfo Checksums-Sha256: 9da6a3e4f24e7db81d990821d9cfdabf65595a25f24bc4a78a1e9f0c109c2c9b 2238 opennds_10.2.0+dfsg-1.dsc af67fbe82d06e13e651d27dfbdcb59423ae215824c09a213e471cff1c8ced157 657512 opennds_10.2.0+dfsg.orig.tar.xz 5749bdefa246f5814160a903c8679ca1c45e1bdb79e84f2638fd9c1adfca83ba 7396 opennds_10.2.0+dfsg-1.debian.tar.xz 6fe5c9d3555720460f49f982e1f870f0daeccc3ba7265e95004a0fe4e963645a 7473 opennds_10.2.0+dfsg-1_source.buildinfo Files: c1c5b1f0a02ac70aaaa13820951f8d65 2238 net optional opennds_10.2.0+dfsg-1.dsc a97d1b8b080682d3a4bb8d6e9c3545db 657512 net optional opennds_10.2.0+dfsg.orig.tar.xz 1d4f943454b78cce71aa269cc6c50007 7396 net optional opennds_10.2.0+dfsg-1.debian.tar.xz 8e71484c9a2ad3a0934e60d7eb215fc7 7473 net optional opennds_10.2.0+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAmWrm/8VHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxpk0P/2H6DAoBD+YtoJHfGDzi5lMBhfrf HQjTsWAqcnloBlwfj0H4eyVTWWhxWVruSs4zjmprXAqWtEDxT7s+f+I7Gc2fhReU pjoT5bEZ/YDZ0CoVO8/WSTVK3h5nB0YhD4OLsBKU8k6q31bFyn7GzCQnvSqRUuKB ZQG7he5YxUL3ntGGj18OBMm4k4tlP90i6pk9u8mFFVAB+uPXNV1l+poEKrv8Hv3x 2quBYbrE8qqltZtZMIyUz6Q3m7j+VlUUFHEWi76UhOY1Y4kQ/SxcCkrG8A1WqLKY ydn5mHVWJo6C7iwmml6mrhk2/DrGMcfyk993gFIIj79jmMrUpA5UpRn9c5vCme/w eiRqiQafvSv/zK3d+0LxHg+oSADnbznzCdgqOTcjBIdq9rNzUGfclLP3Nzaaq5Ch A1+XmqhgShFE5t7lf23qZcnTNEpUpCY0s44x3cFYE0IJJiHvamGAdL2qmwHxn52t FepHrbFagianJ8T/ZUNhouaV6CbNHJB/3157r/jhqQi0muP2Qrype5MPl7Q60klf lc0zqSvgCf/0KZoeL/hxZobA5fnry4PTnhupV9r3uuv8mgNNfarrH3l3eFg/mwBM iJQU6sIAohqhyNUCQjRVbOpeuQfzC3KrGkrOkis7jY9QO/Z3amcPPT8ZHkXT4cC4 wWX72BMhuV0qeYPz =JlnC -----END PGP SIGNATURE-----
--- End Message ---
