[krb5-appl/f16] - add upstream patch for telnetd buffer overflow (CVE-2011-4862, #770325)
Nalin Dahyabhai
nalin at fedoraproject.org
Tue Dec 27 14:36:57 UTC 2011
commit c4805b9fce4797cd78de7fee1fd2d3ad9940e880
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Date: Tue Dec 27 09:36:13 2011 -0500
- add upstream patch for telnetd buffer overflow (CVE-2011-4862, #770325)
2011-008-patch.txt | 14 ++++++++++++++
krb5-appl.spec | 5 +++++
2 files changed, 19 insertions(+), 0 deletions(-)
---
diff --git a/2011-008-patch.txt b/2011-008-patch.txt
new file mode 100644
index 0000000..2199a2f
--- /dev/null
+++ b/2011-008-patch.txt
@@ -0,0 +1,14 @@
+diff --git a/telnet/libtelnet/encrypt.c b/telnet/libtelnet/encrypt.c
+index f75317d..b8d6cdd 100644
+--- a/telnet/libtelnet/encrypt.c
++++ b/telnet/libtelnet/encrypt.c
+@@ -757,6 +757,9 @@ static void encrypt_keyid(kp, keyid, len)
+ int dir = kp->dir;
+ register int ret = 0;
+
++ if (len > MAXKEYLEN)
++ len = MAXKEYLEN;
++
+ if (!(ep = (*kp->getcrypt)(*kp->modep))) {
+ if (len == 0)
+ return;
diff --git a/krb5-appl.spec b/krb5-appl.spec
index 38c0fb2..b3aee08 100644
--- a/krb5-appl.spec
+++ b/krb5-appl.spec
@@ -45,6 +45,7 @@ Patch73: krb5-1.6.3-ftp_glob_runique.patch
Patch79: krb5-trunk-ftp_mget_case.patch
Patch88: krb5-1.7-sizeof.patch
Patch89: krb5-appl-1.0.1-largefile.patch
+Patch92: http://web.mit.edu/kerberos/advisories/2011-008-patch.txt
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -102,6 +103,7 @@ ln -s NOTICE LICENSE
%patch79 -p2 -b .ftp_mget_case
%patch88 -p3 -b .sizeof
%patch89 -p1 -b .largefile
+%patch92 -p1 -b .2011-008
# Rename the man pages so that they'll get generated correctly. Uses the
# "krb5-appl-1.0-manpaths.txt" source file.
@@ -251,6 +253,9 @@ exit 0
%{krb5prefix}/man/man8/telnetd.8*
%changelog
+* Tue Dec 27 2011 Nalin Dahyabhai <nalin at redhat.com> - 1.0.2-2
+- add upstream patch for telnetd buffer overflow (CVE-2011-4862, #770325)
+
* Mon Jul 11 2011 Nalin Dahyabhai <nalin at redhat.com> - 1.0.2-1
- update to 1.0.2
- drop patch for CVE-2011-1526, which is fixed in 1.0.2, though slightly
More information about the scm-commits
mailing list