Resolves: RHEL-14447 - httpd: mod_macro: out-of-bounds read

vulnerability (CVE-2023-31122)

httpd-2.4.57-CVE-2023-31122.patch

@@ -0,0 +1,11 @@
+--- a/modules/core/mod_macro.c	2023/10/16 06:19:16	1912992
++++ b/modules/core/mod_macro.c	2023/10/16 06:38:32	1912993
+@@ -483,7 +483,7 @@
+     for (i = 0; i < contents->nelts; i++) {
+         const char *errmsg;
+         /* copy the line and substitute macro parameters */
+-        strncpy(line, ((char **) contents->elts)[i], MAX_STRING_LEN - 1);
++        apr_cpystrn(line, ((char **) contents->elts)[i], MAX_STRING_LEN);
+         errmsg = substitute_macro_args(line, MAX_STRING_LEN,
+                                        macro, replacements, used);
+         if (errmsg) {

httpd.spec

@@ -13,7 +13,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.57
-Release: 6%{?dist}
+Release: 7%{?dist}
 URL: https://httpd.apache.org/
 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
@@ -122,7 +122,10 @@ Patch71: httpd-2.4.57-davenoent.patch
 
 # Security fixes
 # https://bugzilla.redhat.com/show_bug.cgi?id=...
-# Patch200: ...
+#
+# https://bugzilla.redhat.com/show_bug.cgi?id=2245332
+Patch200: httpd-2.4.57-CVE-2023-31122.patch
+
 
 License: ASL 2.0
 BuildRequires: gcc, autoconf, pkgconfig, findutils, xmlto
@@ -293,6 +296,7 @@ written in the Lua programming language.
 %patch70 -p1 -b .duplicate-key
 %patch71 -p1 -b .davenoent
 
+%patch200 -p1 -b .CVE-2023-31122
 
 # Patch in the vendor string
 sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
@@ -853,6 +857,10 @@ exit $rv
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Mon Feb 05 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.57-7
+- Resolves: RHEL-14447 - httpd: mod_macro: out-of-bounds read
+  vulnerability (CVE-2023-31122)
+
 * Wed Oct  4 2023 Joe Orton <jorton@redhat.com> - 2.4.57-6
 - Resolves: RHEL-5071 - mod_dav_fs: add DavLockDBType
 - mod_dav_fs: add global mutex around lockdb interaction