rpms/krb5/F-11 krb5-CVE-2010-1321-1.6.1.patch, NONE, 1.1 krb5.spec, 1.196, 1.197
Nalin Dahyabhai
nalin at fedoraproject.org
Tue May 18 18:14:17 UTC 2010
- Previous message: rpms/sssd/F-13 .cvsignore, 1.25, 1.26 sources, 1.26, 1.27 sssd.spec, 1.42, 1.43
- Next message: rpms/krb5/F-12 krb5-CVE-2010-1321-1.7.1.patch, NONE, 1.1 krb5.spec, 1.234, 1.235
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nalin
Update of /cvs/pkgs/rpms/krb5/F-11
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv31947/F-11
Modified Files:
krb5.spec
Added Files:
krb5-CVE-2010-1321-1.6.1.patch
Log Message:
- add patch to correct GSSAPI library null pointer dereference which could be
triggered by malformed client requests (CVE-2010-1321, #582466)
krb5-CVE-2010-1321-1.6.1.patch:
accept_sec_context.c | 7 +++++++
1 file changed, 7 insertions(+)
--- NEW FILE krb5-CVE-2010-1321-1.6.1.patch ---
Tweaked from candidate for MITKRB5-SA-2010-005.
--- krb5/src/lib/gssapi/krb5/accept_sec_context.c 2010-05-04 10:51:06.000000000 -0400
+++ krb5/src/lib/gssapi/krb5/accept_sec_context.c 2010-05-04 10:56:48.000000000 -0400
@@ -384,6 +384,13 @@ krb5_gss_accept_sec_context(minor_status
}
#endif
+ if (authdat->checksum == NULL) {
+ /* missing checksum counts as "inappropriate type" */
+ code = KRB5KRB_AP_ERR_INAPP_CKSUM;
+ major_status = GSS_S_FAILURE;
+ goto fail;
+ }
+
{
/* gss krb5 v1 */
Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/F-11/krb5.spec,v
retrieving revision 1.196
retrieving revision 1.197
diff -u -p -r1.196 -r1.197
--- krb5.spec 4 May 2010 19:32:34 -0000 1.196
+++ krb5.spec 18 May 2010 18:14:17 -0000 1.197
@@ -16,7 +16,7 @@
Summary: The Kerberos network authentication system.
Name: krb5
Version: 1.6.3
-Release: 30%{?dist}
+Release: 31%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -112,6 +112,7 @@ Patch85: http://web.mit.edu/kerberos/adv
Patch86: krb5-1.7-openssl-1.0.patch
Patch87: krb5-1.6.3-kpasswd_ipv6.patch
Patch88: krb5-1.6.1-cs22427.patch
+Patch89: krb5-CVE-2010-1321-1.6.1.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -244,6 +245,10 @@ to obtain initial credentials from a KDC
certificate.
%changelog
+* Tue May 18 2010 Nalin Dahyabhai <nalin at redhat.com> 1.6.3-31
+- add patch to correct GSSAPI library null pointer dereference which could be
+ triggered by malformed client requests (CVE-2010-1321, #582466)
+
* Tue May 4 2010 Nalin Dahyabhai <nalin at redhat.com> 1.6.3-30
- fix output of kprop's init script's "status" and "reload" commands (#588222)
@@ -1472,6 +1477,7 @@ popd
%patch86 -p0 -b .openssl-1.0
%patch87 -p0 -b .kpasswd_ipv6
%patch88 -p0 -b .cs22427
+%patch89 -p1 -b .CVE-2010-1321
cp src/krb524/README README.krb524
gzip doc/*.ps
- Previous message: rpms/sssd/F-13 .cvsignore, 1.25, 1.26 sources, 1.26, 1.27 sssd.spec, 1.42, 1.43
- Next message: rpms/krb5/F-12 krb5-CVE-2010-1321-1.7.1.patch, NONE, 1.1 krb5.spec, 1.234, 1.235
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list