rpms/krb5/F-13 krb5-CVE-2010-1321-1.7.1.patch, NONE, 1.1 krb5.spec, 1.250, 1.251
Nalin Dahyabhai
nalin at fedoraproject.org
Tue May 18 18:14:20 UTC 2010
Author: nalin
Update of /cvs/pkgs/rpms/krb5/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv31947/F-13
Modified Files:
krb5.spec
Added Files:
krb5-CVE-2010-1321-1.7.1.patch
Log Message:
- add patch to correct GSSAPI library null pointer dereference which could be
triggered by malformed client requests (CVE-2010-1321, #582466)
krb5-CVE-2010-1321-1.7.1.patch:
accept_sec_context.c | 7 +++++++
1 file changed, 7 insertions(+)
--- NEW FILE krb5-CVE-2010-1321-1.7.1.patch ---
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -561,6 +561,13 @@ kg_accept_krb5(minor_status, context_handle,
}
#endif
+ if (authdat->checksum == NULL) {
+ /* missing checksum counts as "inappropriate type" */
+ code = KRB5KRB_AP_ERR_INAPP_CKSUM;
+ major_status = GSS_S_FAILURE;
+ goto fail;
+ }
+
if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) {
/* Samba does not send 0x8003 GSS-API checksums */
krb5_boolean valid;
Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/F-13/krb5.spec,v
retrieving revision 1.250
retrieving revision 1.251
diff -u -p -r1.250 -r1.251
--- krb5.spec 4 May 2010 19:32:36 -0000 1.250
+++ krb5.spec 18 May 2010 18:14:19 -0000 1.251
@@ -10,7 +10,7 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.7.1
-Release: 9%{?dist}
+Release: 10%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -88,6 +88,7 @@ Patch98: krb5-1.7.1-kpasswd_ccache.patch
Patch99: krb5-1.7.1-kpasswd_ipv6.patch
Patch100: 2010-002-1.7-patch.txt
Patch101: http://web.mit.edu/kerberos/advisories/2010-004-patch.txt
+Patch102: krb5-CVE-2010-1321-1.7.1.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -226,6 +227,10 @@ to obtain initial credentials from a KDC
certificate.
%changelog
+* Tue May 18 2010 Nalin Dahyabhai <nalin at redhat.com> 1.7.1-10
+- add patch to correct GSSAPI library null pointer dereference which could be
+ triggered by malformed client requests (CVE-2010-1321, #582466)
+
* Tue May 4 2010 Nalin Dahyabhai <nalin at redhat.com> 1.7.1-9
- fix output of kprop's init script's "status" and "reload" commands (#588222)
@@ -1625,6 +1630,7 @@ popd
%patch99 -p0 -b .kpasswd-ipv6
%patch100 -p0 -b .2010-002
%patch101 -p1 -b .2010-004
+%patch102 -p1 -b .CVE-2010-1321
gzip doc/*.ps
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
More information about the scm-commits
mailing list