[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Security update of dokuwiki

Hello,
My package dokuwiki 0.0.20091225c-10+squeeze2 in oldstable is affected by CVE-2014-8763 and CVE-2014-8764 (which are almost the same, and fixed by the same patch).
I have prepared an updated version 0.0.20091225c-10+squeeze3, which I am considering to upload to squeeze-lts, is that okay?
Here is the debdiff (yes, I will have to set the target distribution to squeeze-lts) and the patch it adds. 

Librement,

--
 ,--.
: /` )   ن Tanguy Ortolo    <xmpp:tanguy@ortolo.eu>
| `-'    Debian Developer   <irc://irc.oftc.net/Tanguy>
 \_

diff -Nru dokuwiki-0.0.20091225c/debian/changelog dokuwiki-0.0.20091225c/debian/changelog
--- dokuwiki-0.0.20091225c/debian/changelog	2011-06-29 01:50:12.000000000 +0200
+++ dokuwiki-0.0.20091225c/debian/changelog	2014-10-29 14:44:37.000000000 +0100
@@ -1,3 +1,12 @@
+dokuwiki (0.0.20091225c-10+squeeze3) UNRELEASED; urgency=medium
+
+  * debian/patches:
+     + fix_ldap_auth_bypass_CVE-2014-8763.diff: fix an authentication bypass
+       flaw when using Active Directory for LDAP authentication.
+       (CVE-2014-8763, CVE-2014-8764)
+
+ -- Tanguy Ortolo <tanguy+debian@ortolo.eu>  Wed, 29 Oct 2014 14:17:00 +0100
+
 dokuwiki (0.0.20091225c-10+squeeze2) stable; urgency=low
 
   * debian/patches/rss_security.diff: Backport an upstream security fix for
diff -Nru dokuwiki-0.0.20091225c/debian/patches/fix_ldap_auth_bypass_CVE-2014-8763.diff dokuwiki-0.0.20091225c/debian/patches/fix_ldap_auth_bypass_CVE-2014-8763.diff
--- dokuwiki-0.0.20091225c/debian/patches/fix_ldap_auth_bypass_CVE-2014-8763.diff	1970-01-01 01:00:00.000000000 +0100
+++ dokuwiki-0.0.20091225c/debian/patches/fix_ldap_auth_bypass_CVE-2014-8763.diff	2014-10-29 14:44:51.000000000 +0100
@@ -0,0 +1,27 @@
+From: Andreas Gohr <andi@splitbrain.org>
+Subject: Clean user credentials from control chars to prevent auth bypass
+
+ This is to prevent zero byte attacks on external auth systems as described in
+ http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication
+ (CVE-2014-8763, CVE-2014-8764)
+Origin: backport, https://github.com/splitbrain/dokuwiki/commit/395c2f0ff3e87977ea2573587a11f4ef294433f2
+Bug-Debian: http://bugs.debian.org/766545
+Last-Update: 2014-10-28
+---
+ inc/auth.php | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+Index: dokuwiki/inc/auth.php
+===================================================================
+--- dokuwiki.orig/inc/auth.php
++++ dokuwiki/inc/auth.php
+@@ -75,7 +75,8 @@ if($conf['useacl']){
+         }
+ 
+         // apply cleaning
+-        $_REQUEST['u'] = $auth->cleanUser($_REQUEST['u']);
++        $_REQUEST['u'] = $auth->cleanUser(stripctl($_REQUEST['u']));
++        $_REQUEST['p'] = stripctl($_REQUEST['p']);
+ 
+         if(isset($_REQUEST['authtok'])){
+             // when an authentication token is given, trust the session
diff -Nru dokuwiki-0.0.20091225c/debian/patches/series dokuwiki-0.0.20091225c/debian/patches/series
--- dokuwiki-0.0.20091225c/debian/patches/series	2011-06-26 13:23:13.000000000 +0200
+++ dokuwiki-0.0.20091225c/debian/patches/series	2014-10-29 14:25:01.000000000 +0100
@@ -10,3 +10,4 @@
 license_jpegmeta.diff
 cc-by-nd-url.diff
 fhs.diff
+fix_ldap_auth_bypass_CVE-2014-8763.diff

From: Andreas Gohr <andi@splitbrain.org>
Subject: Clean user credentials from control chars to prevent auth bypass

 This is to prevent zero byte attacks on external auth systems as described in
 http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication
 (CVE-2014-8763, CVE-2014-8764)
Origin: backport, https://github.com/splitbrain/dokuwiki/commit/395c2f0ff3e87977ea2573587a11f4ef294433f2
Bug-Debian: http://bugs.debian.org/766545
Last-Update: 2014-10-28
---
 inc/auth.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Index: dokuwiki/inc/auth.php
===================================================================
--- dokuwiki.orig/inc/auth.php
+++ dokuwiki/inc/auth.php
@@ -75,7 +75,8 @@ if($conf['useacl']){
         }
 
         // apply cleaning
-        $_REQUEST['u'] = $auth->cleanUser($_REQUEST['u']);
+        $_REQUEST['u'] = $auth->cleanUser(stripctl($_REQUEST['u']));
+        $_REQUEST['p'] = stripctl($_REQUEST['p']);
 
         if(isset($_REQUEST['authtok'])){
             // when an authentication token is given, trust the session

Attachment: signature.asc
Description: Digital signature

Reply to: