diff --git a/SPECS/cert-manager/CVE-2025-65637.patch b/SPECS/cert-manager/CVE-2025-65637.patch new file mode 100644 index 00000000000..13833e465f1 --- /dev/null +++ b/SPECS/cert-manager/CVE-2025-65637.patch @@ -0,0 +1,136 @@ +From 0aa37cfc61d095e3e961e31eb218d63a2f1555e3 Mon Sep 17 00:00:00 2001 +From: Chris +Date: Fri, 10 Mar 2023 13:45:41 -0800 +Subject: [PATCH 1/2] This commit fixes a potential denial of service + vulnerability in logrus.Writer() that could be triggered by logging text + longer than 64kb without newlines. Previously, the bufio.Scanner used by + Writer() would hang indefinitely when reading such text without newlines, + causing the application to become unresponsive. + +--- + vendor/github.com/sirupsen/logrus/writer.go | 33 ++++++++++++++++++++- + 1 file changed, 32 insertions(+), 1 deletion(-) + +diff --git a/vendor/github.com/sirupsen/logrus/writer.go b/vendor/github.com/sirupsen/logrus/writer.go +index 72e8e3a..36032d0 100644 +--- a/vendor/github.com/sirupsen/logrus/writer.go ++++ b/vendor/github.com/sirupsen/logrus/writer.go +@@ -4,6 +4,7 @@ import ( + "bufio" + "io" + "runtime" ++ "strings" + ) + + // Writer at INFO level. See WriterLevel for details. +@@ -20,15 +21,18 @@ func (logger *Logger) WriterLevel(level Level) *io.PipeWriter { + return NewEntry(logger).WriterLevel(level) + } + ++// Writer returns an io.Writer that writes to the logger at the info log level + func (entry *Entry) Writer() *io.PipeWriter { + return entry.WriterLevel(InfoLevel) + } + ++// WriterLevel returns an io.Writer that writes to the logger at the given log level + func (entry *Entry) WriterLevel(level Level) *io.PipeWriter { + reader, writer := io.Pipe() + + var printFunc func(args ...interface{}) + ++ // Determine which log function to use based on the specified log level + switch level { + case TraceLevel: + printFunc = entry.Trace +@@ -48,23 +52,50 @@ func (entry *Entry) WriterLevel(level Level) *io.PipeWriter { + printFunc = entry.Print + } + ++ // Start a new goroutine to scan the input and write it to the logger using the specified print function. ++ // It splits the input into chunks of up to 64KB to avoid buffer overflows. + go entry.writerScanner(reader, printFunc) ++ ++ // Set a finalizer function to close the writer when it is garbage collected + runtime.SetFinalizer(writer, writerFinalizer) + + return writer + } + ++// writerScanner scans the input from the reader and writes it to the logger + func (entry *Entry) writerScanner(reader *io.PipeReader, printFunc func(args ...interface{})) { + scanner := bufio.NewScanner(reader) ++ ++ // Set the buffer size to the maximum token size to avoid buffer overflows ++ scanner.Buffer(make([]byte, bufio.MaxScanTokenSize), bufio.MaxScanTokenSize) ++ ++ // Define a split function to split the input into chunks of up to 64KB ++ chunkSize := 64 * 1024 // 64KB ++ splitFunc := func(data []byte, atEOF bool) (int, []byte, error) { ++ if len(data) > chunkSize { ++ return chunkSize, data[:chunkSize], nil ++ } ++ return 0, nil, nil ++ } ++ ++ //Use the custom split function to split the input ++ scanner.Split(splitFunc) ++ ++ // Scan the input and write it to the logger using the specified print function + for scanner.Scan() { +- printFunc(scanner.Text()) ++ printFunc(strings.TrimRight(scanner.Text(), "\r\n")) + } ++ ++ // If there was an error while scanning the input, log an error + if err := scanner.Err(); err != nil { + entry.Errorf("Error while reading from Writer: %s", err) + } ++ ++ // Close the reader when we are done + reader.Close() + } + ++// WriterFinalizer is a finalizer function that closes then given writer when it is garbage collected + func writerFinalizer(writer *io.PipeWriter) { + writer.Close() + } +-- +2.45.4 + + +From 611dfec322dfcb041e89dc80586663e221823055 Mon Sep 17 00:00:00 2001 +From: Chris +Date: Fri, 10 Mar 2023 13:45:41 -0800 +Subject: [PATCH 2/2] Scan text in 64KB chunks + +This commit fixes a potential denial of service +vulnerability in logrus.Writer() that could be +triggered by logging text longer than 64KB +without newlines. Previously, the bufio.Scanner +used by Writer() would hang indefinitely when +reading such text without newlines, causing the +application to become unresponsive. + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://github.com/sirupsen/logrus/pull/1376.patch +--- + vendor/github.com/sirupsen/logrus/writer.go | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/vendor/github.com/sirupsen/logrus/writer.go b/vendor/github.com/sirupsen/logrus/writer.go +index 36032d0..7e7703c 100644 +--- a/vendor/github.com/sirupsen/logrus/writer.go ++++ b/vendor/github.com/sirupsen/logrus/writer.go +@@ -75,7 +75,8 @@ func (entry *Entry) writerScanner(reader *io.PipeReader, printFunc func(args ... + if len(data) > chunkSize { + return chunkSize, data[:chunkSize], nil + } +- return 0, nil, nil ++ ++ return len(data), data, nil + } + + //Use the custom split function to split the input +-- +2.45.4 + diff --git a/SPECS/cert-manager/cert-manager.spec b/SPECS/cert-manager/cert-manager.spec index 805ecd29bef..1bc422c172c 100644 --- a/SPECS/cert-manager/cert-manager.spec +++ b/SPECS/cert-manager/cert-manager.spec @@ -1,7 +1,7 @@ Summary: Automatically provision and manage TLS certificates in Kubernetes Name: cert-manager Version: 1.11.2 -Release: 24%{?dist} +Release: 25%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -38,6 +38,7 @@ Patch15: CVE-2025-30204.patch Patch16: CVE-2024-51744.patch Patch17: CVE-2025-32386.patch Patch18: CVE-2025-22872.patch +Patch19: CVE-2025-65637.patch BuildRequires: golang Requires: %{name}-acmesolver @@ -131,6 +132,9 @@ install -D -m0755 bin/webhook %{buildroot}%{_bindir}/ %{_bindir}/webhook %changelog +* Mon Dec 08 2025 Azure Linux Security Servicing Account - 1.11.2-25 +- Patch for CVE-2025-65637 + * Thu Sep 04 2025 Akhila Guruju - 1.11.2-24 - Bump release to rebuild with golang