diff options
| author | Nalin Dahyabhai <nalin@fedoraproject.org> | 2010-04-20 18:26:39 +0000 |
|---|---|---|
| committer | Nalin Dahyabhai <nalin@fedoraproject.org> | 2010-04-20 18:26:39 +0000 |
| commit | 98bc7d7d76cd2bbfc0cb5c11b07e4e11a9ca3571 (patch) | |
| tree | e7f22133cf8b6a69146e28390fac7a0ed10f14a5 | |
| parent | 044f184f7a45bb32d34ec7f0e8586ae12a295ad4 (diff) | |
- incorporate patch to fix double-free in the KDC (CVE-2010-1320, #581922)krb5-1_8_1-3_fc14
| -rw-r--r-- | 2010-004-patch.txt | 20 | ||||
| -rw-r--r-- | krb5.spec | 7 |
2 files changed, 26 insertions, 1 deletions
diff --git a/2010-004-patch.txt b/2010-004-patch.txt new file mode 100644 index 0000000..bb6261f --- /dev/null +++ b/2010-004-patch.txt @@ -0,0 +1,20 @@ +diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c +index b2f0655..76ca94a 100644 +--- a/src/kdc/do_tgs_req.c ++++ b/src/kdc/do_tgs_req.c +@@ -543,6 +543,7 @@ tgt_again: + to the caller */ + ticket_reply = *(header_ticket); + enc_tkt_reply = *(header_ticket->enc_part2); ++ enc_tkt_reply.authorization_data = NULL; + clear(enc_tkt_reply.flags, TKT_FLG_INVALID); + } + +@@ -554,6 +555,7 @@ tgt_again: + to the caller */ + ticket_reply = *(header_ticket); + enc_tkt_reply = *(header_ticket->enc_part2); ++ enc_tkt_reply.authorization_data = NULL; + + old_life = enc_tkt_reply.times.endtime - enc_tkt_reply.times.starttime; + @@ -5,7 +5,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.8.1 -Release: 2%{?dist} +Release: 3%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.8/krb5-1.8.1-signed.tar Source0: krb5-%{version}.tar.gz @@ -45,6 +45,7 @@ Patch61: krb5-1.8-manpaths.patch Patch63: krb5-1.8-selinux-label.patch Patch70: krb5-trunk-kpasswd_tcp2.patch Patch71: krb5-1.8-dirsrv-accountlock.patch +Patch72: http://web.mit.edu/kerberos/advisories/2010-004-patch.txt License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -179,6 +180,7 @@ ln -s NOTICE LICENSE %patch59 -p1 -b .kpasswd_tcp #%patch70 -p0 -b .kpasswd_tcp2 %patch71 -p1 -b .dirsrv-accountlock +%patch72 -p1 -b .2010-004 gzip doc/*.ps sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex @@ -620,6 +622,9 @@ exit 0 %{_sbindir}/uuserver %changelog +* Tue Apr 20 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.1-3 +- incorporate patch to fix double-free in the KDC (CVE-2010-1320, #581922) + * Wed Apr 14 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.1-2 - fix a typo in kerberos.ldif |