From 8fbe05d3a347d3c0e3648b74627ebc53631e6c9d Mon Sep 17 00:00:00 2001 From: Azure Linux Security Servicing Account Date: Thu, 29 Jan 2026 14:01:36 +0000 Subject: [PATCH] Patch ntopng for CVE-2026-24809 --- SPECS/ntopng/CVE-2026-24809.patch | 57 +++++++++++++++++++++++++++++++ SPECS/ntopng/ntopng.spec | 6 +++- 2 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 SPECS/ntopng/CVE-2026-24809.patch diff --git a/SPECS/ntopng/CVE-2026-24809.patch b/SPECS/ntopng/CVE-2026-24809.patch new file mode 100644 index 00000000000..eeb114d65de --- /dev/null +++ b/SPECS/ntopng/CVE-2026-24809.patch @@ -0,0 +1,57 @@ +From 07ba003ecd236cb274cd6a446a142405e6b78d68 Mon Sep 17 00:00:00 2001 +From: npt-1707 +Date: Mon, 21 Apr 2025 23:05:53 +0800 +Subject: [PATCH] Save stack space while handling errors + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://github.com/praydog/REFramework/pull/1320.patch +--- + third-party/lua-5.4.3/src/ldebug.c | 5 ++++- + third-party/lua-5.4.3/src/lvm.c | 6 ++++-- + 2 files changed, 8 insertions(+), 3 deletions(-) + +diff --git a/third-party/lua-5.4.3/src/ldebug.c b/third-party/lua-5.4.3/src/ldebug.c +index ea269db..43d77bb 100644 +--- a/third-party/lua-5.4.3/src/ldebug.c ++++ b/third-party/lua-5.4.3/src/ldebug.c +@@ -795,8 +795,11 @@ l_noret luaG_runerror (lua_State *L, const char *fmt, ...) { + va_start(argp, fmt); + msg = luaO_pushvfstring(L, fmt, argp); /* format message */ + va_end(argp); +- if (isLua(ci)) /* if Lua function, add source:line information */ ++ if (isLua(ci)) { /* if Lua function, add source:line information */ + luaG_addinfo(L, msg, ci_func(ci)->p->source, getcurrentline(ci)); ++ setobjs2s(L, L->top - 2, L->top - 1); /* remove 'msg' from the stack */ ++ L->top--; ++ } + luaG_errormsg(L); + } + +diff --git a/third-party/lua-5.4.3/src/lvm.c b/third-party/lua-5.4.3/src/lvm.c +index c9729bc..51b9614 100644 +--- a/third-party/lua-5.4.3/src/lvm.c ++++ b/third-party/lua-5.4.3/src/lvm.c +@@ -656,8 +656,10 @@ void luaV_concat (lua_State *L, int total) { + /* collect total length and number of strings */ + for (n = 1; n < total && tostring(L, s2v(top - n - 1)); n++) { + size_t l = vslen(s2v(top - n - 1)); +- if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) ++ if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) { ++ L->top = top - total; /* pop strings to avoid wasting stack */ + luaG_runerror(L, "string length overflow"); ++ } + tl += l; + } + if (tl <= LUAI_MAXSHORTLEN) { /* is result a short string? */ +@@ -672,7 +674,7 @@ void luaV_concat (lua_State *L, int total) { + setsvalue2s(L, top - n, ts); /* create result */ + } + total -= n-1; /* got 'n' strings to create 1 new */ +- L->top -= n-1; /* popped 'n' strings and pushed one */ ++ L->top = top - (n - 1); /* popped 'n' strings and pushed one */ + } while (total > 1); /* repeat until only 1 result left */ + } + +-- +2.45.4 + diff --git a/SPECS/ntopng/ntopng.spec b/SPECS/ntopng/ntopng.spec index c5dd7cd694e..dc462cad2e9 100644 --- a/SPECS/ntopng/ntopng.spec +++ b/SPECS/ntopng/ntopng.spec @@ -2,7 +2,7 @@ Summary: Web-based Network Traffic Monitoring Application Name: ntopng Version: 5.2.1 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv3 Vendor: Microsoft Corporation Distribution: Mariner @@ -14,6 +14,7 @@ Source0: %{name}-%{version}.tar.gz Source1: nDPI-%{nDPIver}.tar.gz Patch1: CVE-2021-45985.patch Patch2: CVE-2021-44964.patch +Patch3: CVE-2026-24809.patch BuildRequires: curl-devel BuildRequires: gcc BuildRequires: glib-devel @@ -63,6 +64,9 @@ mv nDPI-%{nDPIver} nDPI %{_datadir}/ntopng/* %changelog +* Thu Jan 29 2026 Azure Linux Security Servicing Account - 5.2.1-4 +- Patch for CVE-2026-24809 + * Wed Apr 16 2025 Jyoti Kanase - 5.2.1-3 - Patch CVE-2021-44964