diff options
author | Nalin Dahyabhai <nalin@fedoraproject.org> | 2010-05-18 18:14:19 +0000 |
---|---|---|
committer | Nalin Dahyabhai <nalin@fedoraproject.org> | 2010-05-18 18:14:19 +0000 |
commit | 8da5d352e7073e850693426d32b8f9cf6c2a319d (patch) | |
tree | 8e28cbb56ba361f3e4b0790d17f0a417d26ad2a4 | |
parent | 6ceeafc8e9f448313f9ca042f26c92d1c31b70b6 (diff) | |
download | krb5-8da5d352e7073e850693426d32b8f9cf6c2a319d.tar.gz krb5-8da5d352e7073e850693426d32b8f9cf6c2a319d.tar.xz krb5-8da5d352e7073e850693426d32b8f9cf6c2a319d.zip |
- add patch to correct GSSAPI library null pointer dereference which couldkrb5-1_7_1-10_fc13
be triggered by malformed client requests (CVE-2010-1321, #582466)
-rw-r--r-- | krb5-CVE-2010-1321-1.7.1.patch | 16 | ||||
-rw-r--r-- | krb5.spec | 8 |
2 files changed, 23 insertions, 1 deletions
diff --git a/krb5-CVE-2010-1321-1.7.1.patch b/krb5-CVE-2010-1321-1.7.1.patch new file mode 100644 index 0000000..fb7286c --- /dev/null +++ b/krb5-CVE-2010-1321-1.7.1.patch @@ -0,0 +1,16 @@ +--- a/src/lib/gssapi/krb5/accept_sec_context.c ++++ b/src/lib/gssapi/krb5/accept_sec_context.c +@@ -561,6 +561,13 @@ kg_accept_krb5(minor_status, context_handle, + } + #endif + ++ if (authdat->checksum == NULL) { ++ /* missing checksum counts as "inappropriate type" */ ++ code = KRB5KRB_AP_ERR_INAPP_CKSUM; ++ major_status = GSS_S_FAILURE; ++ goto fail; ++ } ++ + if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) { + /* Samba does not send 0x8003 GSS-API checksums */ + krb5_boolean valid; @@ -10,7 +10,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.7.1 -Release: 9%{?dist} +Release: 10%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar Source0: krb5-%{version}.tar.gz @@ -88,6 +88,7 @@ Patch98: krb5-1.7.1-kpasswd_ccache.patch Patch99: krb5-1.7.1-kpasswd_ipv6.patch Patch100: 2010-002-1.7-patch.txt Patch101: http://web.mit.edu/kerberos/advisories/2010-004-patch.txt +Patch102: krb5-CVE-2010-1321-1.7.1.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -226,6 +227,10 @@ to obtain initial credentials from a KDC using a private key and a certificate. %changelog +* Tue May 18 2010 Nalin Dahyabhai <nalin@redhat.com> 1.7.1-10 +- add patch to correct GSSAPI library null pointer dereference which could be + triggered by malformed client requests (CVE-2010-1321, #582466) + * Tue May 4 2010 Nalin Dahyabhai <nalin@redhat.com> 1.7.1-9 - fix output of kprop's init script's "status" and "reload" commands (#588222) @@ -1625,6 +1630,7 @@ popd %patch99 -p0 -b .kpasswd-ipv6 %patch100 -p0 -b .2010-002 %patch101 -p1 -b .2010-004 +%patch102 -p1 -b .CVE-2010-1321 gzip doc/*.ps sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex |