diff --git a/SOURCES/sha-digest-calc.patch b/SOURCES/sha-digest-calc.patch new file mode 100644 index 0000000..affab8b --- /dev/null +++ b/SOURCES/sha-digest-calc.patch @@ -0,0 +1,26 @@ +From e4f08157b6693b956fe9c7c987bc3eeac1abb2cc Mon Sep 17 00:00:00 2001 +From: Tim Shearer +Date: Tue, 2 Aug 2022 08:48:32 -0400 +Subject: [PATCH] Fix incorrect SHA384/512 digest calculation. + +Resolves an issue where certain message sizes result in an incorrect +checksum. Specifically, when: +(n*8) mod 1024 == 896 +where n is the file size in bytes. +--- + lib/util/sha2.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/util/sha2.c b/lib/util/sha2.c +index b7a28cca8..f769f77f2 100644 +--- a/lib/util/sha2.c ++++ b/lib/util/sha2.c +@@ -490,7 +490,7 @@ SHA512Pad(SHA2_CTX *ctx) + SHA512Update(ctx, (uint8_t *)"\200", 1); + + /* Pad message such that the resulting length modulo 1024 is 896. */ +- while ((ctx->count[0] & 1008) != 896) ++ while ((ctx->count[0] & 1016) != 896) + SHA512Update(ctx, (uint8_t *)"\0", 1); + + /* Append length of message in bits and do final SHA512Transform(). */ diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec index 62f3515..678ac5f 100644 --- a/SPECS/sudo.spec +++ b/SPECS/sudo.spec @@ -1,7 +1,7 @@ Summary: Allows restricted root access for specified users Name: sudo Version: 1.8.29 -Release: 8%{?dist}.1 +Release: 10%{?dist} License: ISC Group: Applications/System URL: https://www.sudo.ws/ @@ -76,7 +76,9 @@ Patch21: sudo-1.9.7-krb5ccname.patch # 1986572 - utmp resource leak in sudo Patch22: sudo-1.9.7-utmp-leak.patch -# 2161220 - EMBARGOED CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user [rhel-8.7.0] +# 2114576 - sudo digest check fails incorrectly for certain file sizes (SHA512/SHA384) +Patch23: sha-digest-calc.patch +# 2161221 - EMBARGOED CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user [rhel-8.8.0] Patch24: sudo-1.9.12-CVE-2023-22809-whitelist.patch Patch25: sudo-1.9.12-CVE-2023-22809-backports.patch Patch26: sudo-1.9.12-CVE-2023-22809.patch @@ -133,6 +135,7 @@ plugins that use %{name}. %patch21 -p1 -b .krb5ccname %patch22 -p1 -b .utmp-leak +%patch23 -p1 -b .sha-digest %patch24 -p1 -b .whitelist %patch25 -p1 -b .backports %patch26 -p1 -b .cve @@ -295,10 +298,12 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/sudo_plugin.8* %changelog -* Wed Jan 11 2023 Radovan Sroka - 1.8.29.8.1 -RHEL 8.7.0.Z ERRATUM +* Wed Jan 11 2023 Radovan Sroka - 1.8.29.9 +RHEL 8.8.0 ERRATUM - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user -Resolves: rhbz#2161220 +Resolves: rhbz#2161221 +- sudo digest check fails incorrectly for certain file sizes (SHA512/SHA384) +Resolves: rhbz#2114576 * Mon Dec 06 2021 Radovan Sroka - 1.8.29-8 RHEL 8.6.0 ERRATUM