[krb5-appl/f15] - add upstream patch for telnetd buffer overflow (CVE-2011-4862, #770325)
Nalin Dahyabhai
nalin at fedoraproject.org
Tue Dec 27 14:38:14 UTC 2011
commit 30e07dbd1dc15d52c4765061064e91f8664eff83
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Date: Tue Dec 27 09:36:27 2011 -0500
- add upstream patch for telnetd buffer overflow (CVE-2011-4862, #770325)
2011-008-patch.txt | 14 ++++++++++++++
krb5-appl.spec | 5 +++++
2 files changed, 19 insertions(+), 0 deletions(-)
---
diff --git a/2011-008-patch.txt b/2011-008-patch.txt
new file mode 100644
index 0000000..2199a2f
--- /dev/null
+++ b/2011-008-patch.txt
@@ -0,0 +1,14 @@
+diff --git a/telnet/libtelnet/encrypt.c b/telnet/libtelnet/encrypt.c
+index f75317d..b8d6cdd 100644
+--- a/telnet/libtelnet/encrypt.c
++++ b/telnet/libtelnet/encrypt.c
+@@ -757,6 +757,9 @@ static void encrypt_keyid(kp, keyid, len)
+ int dir = kp->dir;
+ register int ret = 0;
+
++ if (len > MAXKEYLEN)
++ len = MAXKEYLEN;
++
+ if (!(ep = (*kp->getcrypt)(*kp->modep))) {
+ if (len == 0)
+ return;
diff --git a/krb5-appl.spec b/krb5-appl.spec
index aa3a2fe..0c913c4 100644
--- a/krb5-appl.spec
+++ b/krb5-appl.spec
@@ -47,6 +47,7 @@ Patch88: krb5-1.7-sizeof.patch
Patch89: krb5-appl-1.0.1-largefile.patch
Patch90: krb5-appl-1.0.1-nmax-is-ut_namesize.patch
Patch91: krb5-appl-1.0.1-2011-005.patch
+Patch92: http://web.mit.edu/kerberos/advisories/2011-008-patch.txt
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -106,6 +107,7 @@ ln -s NOTICE LICENSE
%patch88 -p3 -b .sizeof
%patch89 -p1 -b .largefile
%patch90 -p1 -b .nmax-is-ut_namesize
+%patch92 -p1 -b .2011-008
# Rename the man pages so that they'll get generated correctly. Uses the
# "krb5-appl-1.0-manpaths.txt" source file.
@@ -255,6 +257,9 @@ exit 0
%{krb5prefix}/man/man8/telnetd.8*
%changelog
+* Tue Dec 27 2011 Nalin Dahyabhai <nalin at redhat.com> - 1.0.2-2
+- add upstream patch for telnetd buffer overflow (CVE-2011-4862, #770325)
+
* Tue Jul 5 2011 Nalin Dahyabhai <nalin at redhat.com> - 1.0.1-7
- ftpd: add candidate patch to detect setegid/setregid/setresgid and check
for errors when calling them (MITKRB5-SA-2011-005, CVE-2011-1526, #713341)
More information about the scm-commits
mailing list