[apache2] 02/08: CVE-2017-15710: mod_authnz_ldap
Stefan Fritsch
sf at moszumanska.debian.org
Sat Mar 31 09:17:25 UTC 2018
This is an automated email from the git hooks/post-receive script.
sf pushed a commit to branch stretch
in repository apache2.
commit 7ec3901cb04002875e4b986b8b81d4546939bcdb
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Fri Mar 30 16:02:40 2018 +0200
CVE-2017-15710: mod_authnz_ldap
Fix out of bound write in mod_authnz_ldap when using too small
Accept-Language values.
---
debian/changelog | 7 +++++++
debian/patches/CVE-2017-15710-mod_authnz_ldap.diff | 21 +++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 29 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index d884166..38edfad 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+apache2 (2.4.25-3+deb9u4) UNRELEASED; urgency=medium
+
+ * CVE-2017-15710: mod_authnz_ldap: Out of bound write in mod_authnz_ldap
+ when using too small Accept-Language values.
+
+ -- Stefan Fritsch <sf at debian.org> Fri, 30 Mar 2018 16:01:25 +0200
+
apache2 (2.4.25-3+deb9u3) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
diff --git a/debian/patches/CVE-2017-15710-mod_authnz_ldap.diff b/debian/patches/CVE-2017-15710-mod_authnz_ldap.diff
new file mode 100644
index 0000000..7797134
--- /dev/null
+++ b/debian/patches/CVE-2017-15710-mod_authnz_ldap.diff
@@ -0,0 +1,21 @@
+# http://svn.apache.org/viewvc?view=revision&revision=1824456
+# CVE-2017-15710
+--- apache2.orig/modules/aaa/mod_authnz_ldap.c
++++ apache2/modules/aaa/mod_authnz_ldap.c
+@@ -126,9 +126,13 @@ static char* derive_codepage_from_lang (
+
+ charset = (char*) apr_hash_get(charset_conversions, language, APR_HASH_KEY_STRING);
+
+- if (!charset) {
+- language[2] = '\0';
+- charset = (char*) apr_hash_get(charset_conversions, language, APR_HASH_KEY_STRING);
++ /*
++ * Test if language values like 'en-US' return a match from the charset
++ * conversion map when shortened to 'en'.
++ */
++ if (!charset && strlen(language) > 3 && language[2] == '-') {
++ char *language_short = apr_pstrndup(p, language, 2);
++ charset = (char*) apr_hash_get(charset_conversions, language_short, APR_HASH_KEY_STRING);
+ }
+
+ if (charset) {
diff --git a/debian/patches/series b/debian/patches/series
index 98eb09d..0fa4a37 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -19,3 +19,4 @@ CVE-2017-7679.diff
CVE-2017-9788-mod_auth_digest.diff
core-Disallow-Methods-registration-at-run-time-.htac.patch
+CVE-2017-15710-mod_authnz_ldap.diff
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git
More information about the Pkg-apache-commits
mailing list