rpms/krb5/devel CVE-2007-3999.patch, NONE, 1.1 CVE-2007-4000.patch, NONE, 1.1 krb5.spec, 1.131, 1.132

Nalin Somabhai Dahyabhai (nalin) fedora-extras-commits at redhat.com
Tue Sep 4 18:10:56 UTC 2007 

Author: nalin

Update of /cvs/pkgs/rpms/krb5/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23417/devel

Modified Files:
	krb5.spec 
Added Files:
	CVE-2007-3999.patch CVE-2007-4000.patch 
Log Message:
- incorporate fixes for MITKRB5-SA-2007-006 (CVE-2007-3999, CVE-2007-4000)


CVE-2007-3999.patch:

--- NEW FILE CVE-2007-3999.patch ---
*** src/lib/rpc/svc_auth_gss.c  (revision 20254)
--- src/lib/rpc/svc_auth_gss.c  (local)
***************
*** 339,345 ****
  	oa = &msg->rm_call.cb_cred;
  	IXDR_PUT_ENUM(buf, oa->oa_flavor);
  	IXDR_PUT_LONG(buf, oa->oa_length);
! 	if (oa->oa_length) {
  		memcpy((caddr_t)buf, oa->oa_base, oa->oa_length);
  		buf += RNDUP(oa->oa_length) / sizeof(int32_t);
  	}
--- 339,345 ----
  	oa = &msg->rm_call.cb_cred;
  	IXDR_PUT_ENUM(buf, oa->oa_flavor);
  	IXDR_PUT_LONG(buf, oa->oa_length);
! 	if (oa->oa_length && oa->oa_length <= sizeof(rpchdr)) {
  		memcpy((caddr_t)buf, oa->oa_base, oa->oa_length);
  		buf += RNDUP(oa->oa_length) / sizeof(int32_t);
  	}

CVE-2007-4000.patch:

--- NEW FILE CVE-2007-4000.patch ---
*** src/lib/kadm5/srv/svr_policy.c      (revision 20254)
--- src/lib/kadm5/srv/svr_policy.c      (local)
***************
*** 211,218 ****
      if((mask & KADM5_POLICY))
  	return KADM5_BAD_MASK;
  		
!     ret = krb5_db_get_policy(handle->context, entry->policy, &p, &cnt);
!     if( ret && (cnt==0) )
  	return KADM5_UNK_POLICY;

      if ((mask & KADM5_PW_MAX_LIFE))
--- 211,219 ----
      if((mask & KADM5_POLICY))
  	return KADM5_BAD_MASK;
  		
!     if ((ret = krb5_db_get_policy(handle->context, entry->policy, &p, &cnt)))
!       return ret;
!     if (cnt != 1)
  	return KADM5_UNK_POLICY;

      if ((mask & KADM5_PW_MAX_LIFE))


Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/krb5.spec,v
retrieving revision 1.131
retrieving revision 1.132
diff -u -r1.131 -r1.132
--- krb5.spec	25 Aug 2007 05:12:34 -0000	1.131
+++ krb5.spec	4 Sep 2007 18:10:23 -0000	1.132
@@ -14,7 +14,7 @@
 Summary: The Kerberos network authentication system.
 Name: krb5
 Version: 1.6.2
-Release: 4%{?dist}
+Release: 5%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -84,6 +84,8 @@
 Patch57: krb5-1.6.2-login_chdir.patch
 Patch58: krb5-1.6.2-key_exp.patch
 Patch59: krb5-kpasswd_tcp.patch
+Patch65: CVE-2007-3999.patch
+Patch66: CVE-2007-4000.patch
 
 Patch60: krb5-1.6.1-pam.patch
 Patch61: krb5-trunk-manpaths.patch
@@ -206,6 +208,9 @@
 %endif
 
 %changelog
+* Tue Sep  4 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.2-5
+- incorporate fixes for MITKRB5-SA-2007-006 (CVE-2007-3999, CVE-2007-4000)
+
 * Sat Aug 25 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.2-4
 - cover more cases in labeling files on creation
 - add missing gawk build dependency
@@ -1208,6 +1213,8 @@
 %patch51 -p0 -b .ldap_init
 %patch52 -p0 -b .ldap_man
 %patch53 -p1 -b .nodeplibs
+%patch64 -p0 -b .2007-3999
+%patch65 -p0 -b .2007-4000
 #%patch55 -p1 -b .empty
 #%patch56 -p1 -b .doublelog
 #%patch57 -p1 -b .login_chdir

More information about the scm-commits mailing list