From 6fe672b82e0e4eb9556cebf197c597afa5e07cd9 Mon Sep 17 00:00:00 2001 From: Sudipta Pandit Date: Thu, 14 Nov 2024 13:48:42 +0530 Subject: [PATCH] Fix CVE-2024-27532 for fluent-bit --- SPECS/fluent-bit/CVE-2024-27532.patch | 42 +++++++++++++++++++++++++++ SPECS/fluent-bit/fluent-bit.spec | 8 +++-- 2 files changed, 48 insertions(+), 2 deletions(-) create mode 100644 SPECS/fluent-bit/CVE-2024-27532.patch diff --git a/SPECS/fluent-bit/CVE-2024-27532.patch b/SPECS/fluent-bit/CVE-2024-27532.patch new file mode 100644 index 00000000000..83b9b8f1ae9 --- /dev/null +++ b/SPECS/fluent-bit/CVE-2024-27532.patch @@ -0,0 +1,42 @@ +From bd866ae9686ea914f57e83bd5b2e9c7a5a2a7323 Mon Sep 17 00:00:00 2001 +From: Sudipta Pandit +Date: Thu, 14 Nov 2024 13:32:31 +0530 +Subject: [PATCH] Fix CVE-2024-27532 + +Reference: https://github.com/bytecodealliance/wasm-micro-runtime/pull/3133 + +--- + .../core/iwasm/interpreter/wasm_loader.c | 2 +- + .../core/iwasm/interpreter/wasm_mini_loader.c | 3 ++- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c +index 87af8526f..2254ba577 100644 +--- a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c ++++ b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c +@@ -6694,7 +6694,7 @@ wasm_loader_check_br(WASMLoaderContext *loader_ctx, uint32 depth, + uint16 cell_num; + + bh_assert(loader_ctx->csp_num > 0); +- if (loader_ctx->csp_num < depth + 1) { ++ if (loader_ctx->csp_num - 1 < depth) { + set_error_buf(error_buf, error_buf_size, + "unknown label, " + "unexpected end of section or function"); +diff --git a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_mini_loader.c b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_mini_loader.c +index 157a82cc3..ee01db71d 100644 +--- a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_mini_loader.c ++++ b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_mini_loader.c +@@ -5199,7 +5199,8 @@ wasm_loader_check_br(WASMLoaderContext *loader_ctx, uint32 depth, + int32 i, available_stack_cell; + uint16 cell_num; + +- if (loader_ctx->csp_num < depth + 1) { ++ bh_assert(loader_ctx->csp_num > 0); ++ if (loader_ctx->csp_num - 1 < depth) { + set_error_buf(error_buf, error_buf_size, + "unknown label, " + "unexpected end of section or function"); +-- +2.34.1 + diff --git a/SPECS/fluent-bit/fluent-bit.spec b/SPECS/fluent-bit/fluent-bit.spec index 34b3e9db415..3ae5aafb937 100644 --- a/SPECS/fluent-bit/fluent-bit.spec +++ b/SPECS/fluent-bit/fluent-bit.spec @@ -1,7 +1,7 @@ Summary: Fast and Lightweight Log processor and forwarder for Linux, BSD and OSX Name: fluent-bit Version: 2.2.3 -Release: 4%{?dist} +Release: 5%{?dist} License: Apache-2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -12,6 +12,7 @@ Patch1: in_emitter_fix_issue_8198.patch Patch2: fix_issue_8025.patch Patch3: CVE-2024-26455.patch Patch4: CVE-2024-25629.patch +Patch5: CVE-2024-27532.patch BuildRequires: bison BuildRequires: cmake BuildRequires: cyrus-sasl-devel @@ -85,6 +86,9 @@ Development files for %{name} %{_libdir}/fluent-bit/*.so %changelog +* Thu Nov 14 2024 Sudipta Pandit - 2.2.3-5 +- Backport fix for CVE-2024-27532 + * Tue Oct 15 2024 Chris Gunn - 2.2.3-4 - CVE-2024-26455 - CVE-2024-25629 @@ -93,7 +97,7 @@ Development files for %{name} - Apply patch in_emitter_fix_issue_8198.patch to fix #8198 ( Potential log loss during high load at Multiline & Rewrite Tag Filter (in_emitter) ) - Fix issue #8025 with a patch ( in_tail: missing log for offset processing due to non-existent old inodes in sqlite ) -* Wed May 30 2024 Sindhu Karri - 2.2.3-2 +* Thu May 30 2024 Sindhu Karri - 2.2.3-2 - Fix CVE-2024-34250 with a patch * Tue May 28 2024 CBL-Mariner Servicing Account - 2.2.3-1