[Git][java-team/libapache-mod-jk][bookworm] 2 commits: Fix CVE-2024-46544

Markus Koschany (@apo) gitlab at salsa.debian.org
Sat Feb 8 20:26:49 GMT 2025 


Markus Koschany pushed to branch bookworm at Debian Java Maintainers / libapache-mod-jk


Commits:
968412ce by Markus Koschany at 2025-02-08T21:24:09+01:00
Fix CVE-2024-46544

- - - - -
1fe0fd16 by Markus Koschany at 2025-02-08T21:26:05+01:00
Update changelog

- - - - -


3 changed files:

- debian/changelog
- + debian/patches/0004-CVE-2024-46544.patch
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,13 @@
+libapache-mod-jk (1:1.2.48-2+deb12u2) bookworm; urgency=medium
+
+  * Fix CVE-2024-46544:
+    An issue with incorrect default permissions could have allowed local users
+    to view and modify shared memory containing mod_jk's configuration, which
+    may have potentially led to information disclosure and/or a denial of
+    service attack. (Closes: #1082713)
+
+ -- Markus Koschany <apo at debian.org>  Sat, 08 Feb 2025 21:24:47 +0100
+
 libapache-mod-jk (1:1.2.48-2+deb12u1) bookworm; urgency=high
 
   * Fix CVE-2023-41081:


=====================================
debian/patches/0004-CVE-2024-46544.patch
=====================================
@@ -0,0 +1,71 @@
+From: Rainer Jung <rainer.jung at kippdata.de>
+Date: Thu, 8 Aug 2024 10:00:13 +0200
+Subject: [PATCH] Improve shared memory handling on non-Windows.
+
+---
+ native/common/jk_shm.c            | 12 ++++++------
+ xdocs/miscellaneous/changelog.xml |  3 +++
+ 2 files changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/native/common/jk_shm.c b/native/common/jk_shm.c
+index 58956dc..65d9f62 100644
+--- a/native/common/jk_shm.c
++++ b/native/common/jk_shm.c
+@@ -459,7 +459,7 @@ static int do_shm_open_lock(const char *fname, int attached, jk_logger_t *l)
+ 
+     if (attached && jk_shmem.lockname) {
+ #ifdef JK_SHM_LOCK_REOPEN
+-        jk_shmem.fd_lock = open(jk_shmem.lockname, O_RDWR, 0666);
++        jk_shmem.fd_lock = open(jk_shmem.lockname, O_RDWR, 0600);
+ #else
+         errno = EINVAL;
+ #endif
+@@ -483,7 +483,7 @@ static int do_shm_open_lock(const char *fname, int attached, jk_logger_t *l)
+         for (i = 0; i < 8; i++) {
+             strcpy(flkname, "/tmp/jkshmlock.XXXXXX");
+             if (mktemp(flkname)) {
+-                jk_shmem.fd_lock = open(flkname, O_RDWR|O_CREAT|O_TRUNC, 0666);
++                jk_shmem.fd_lock = open(flkname, O_RDWR|O_CREAT|O_TRUNC, 0600);
+                 if (jk_shmem.fd_lock >= 0)
+                     break;
+             }
+@@ -495,10 +495,10 @@ static int do_shm_open_lock(const char *fname, int attached, jk_logger_t *l)
+ #ifdef AS400_UTF8
+         wptr = (char *)malloc(strlen(flkname) + 1);
+         jk_ascii2ebcdic((char *)flkname, wptr);
+-        jk_shmem.fd_lock = open(wptr, O_RDWR|O_CREAT|O_TRUNC, 0666);
++        jk_shmem.fd_lock = open(wptr, O_RDWR|O_CREAT|O_TRUNC, 0600);
+         free(wptr);
+ #else
+-        jk_shmem.fd_lock = open(flkname, O_RDWR|O_CREAT|O_TRUNC, 0666);
++        jk_shmem.fd_lock = open(flkname, O_RDWR|O_CREAT|O_TRUNC, 0600);
+ #endif
+ #endif
+         if (jk_shmem.fd_lock == -1) {
+@@ -589,10 +589,10 @@ static int do_shm_open(const char *fname, int attached,
+ #ifdef AS400_UTF8
+         wptr = (char *)malloc(strlen(jk_shmem.filename) + 1);
+         jk_ascii2ebcdic((char *)jk_shmem.filename, wptr);
+-        fd = open(wptr, O_RDWR|O_CREAT|O_TRUNC, 0666);
++        fd = open(wptr, O_RDWR|O_CREAT|O_TRUNC, 0600);
+         free(wptr);
+ #else
+-        fd = open(jk_shmem.filename, O_RDWR|O_CREAT|O_TRUNC, 0666);
++        fd = open(jk_shmem.filename, O_RDWR|O_CREAT|O_TRUNC, 0600);
+ #endif
+         if (fd == -1) {
+             jk_shmem.size = 0;
+diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml
+index bb5a8ac..224bb18 100644
+--- a/xdocs/miscellaneous/changelog.xml
++++ b/xdocs/miscellaneous/changelog.xml
+@@ -91,6 +91,9 @@
+         socket_connect_timeout to be interpreted in units of seconds
+         instead of milliseconds on platforms that provide poll(). (rjung)
+       </fix>
++      <fix>
++        Improve shared memory handling on non-Windows. (rjung)
++      </fix>
+     </changelog>
+   </subsection>
+ </section>


=====================================
debian/patches/series
=====================================
@@ -1,3 +1,4 @@
 0002-debianize-log-directory.patch
 0003-upgrade-info-to-error-message.patch
 CVE-2023-41081.patch
+0004-CVE-2024-46544.patch



View it on GitLab: https://salsa.debian.org/java-team/libapache-mod-jk/-/compare/d4acc1ef6e681985a85d7217ba749399f9e8758e...1fe0fd16badc7f643a198a0231c0d62fbe3ad803

-- 
View it on GitLab: https://salsa.debian.org/java-team/libapache-mod-jk/-/compare/d4acc1ef6e681985a85d7217ba749399f9e8758e...1fe0fd16badc7f643a198a0231c0d62fbe3ad803
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20250208/963049f4/attachment.htm>

More information about the pkg-java-commits mailing list