rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- incorporate fixes for MITKRB5-SA-2007-006 (CVE-2007-3999, CVE-2007-4000)

Browse Source
This commit is contained in:
Nalin Dahyabhai 2007-09-04 18:10:23 +00:00
parent 9866e02a96
commit b54c6a0718
3 changed files with 49 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
CVE-2007-3999.patch Normal file
View File

@ -0,0 +1,19 @@
*** src/lib/rpc/svc_auth_gss.c (revision 20254)
--- src/lib/rpc/svc_auth_gss.c (local)
***************
*** 339,345 ****
oa = &msg->rm_call.cb_cred;
IXDR_PUT_ENUM(buf, oa->oa_flavor);
IXDR_PUT_LONG(buf, oa->oa_length);
! if (oa->oa_length) {
memcpy((caddr_t)buf, oa->oa_base, oa->oa_length);
buf += RNDUP(oa->oa_length) / sizeof(int32_t);
}
--- 339,345 ----
oa = &msg->rm_call.cb_cred;
IXDR_PUT_ENUM(buf, oa->oa_flavor);
IXDR_PUT_LONG(buf, oa->oa_length);
! if (oa->oa_length && oa->oa_length <= sizeof(rpchdr)) {
memcpy((caddr_t)buf, oa->oa_base, oa->oa_length);
buf += RNDUP(oa->oa_length) / sizeof(int32_t);
}

22
CVE-2007-4000.patch Normal file
View File

@ -0,0 +1,22 @@
*** src/lib/kadm5/srv/svr_policy.c (revision 20254)
--- src/lib/kadm5/srv/svr_policy.c (local)
***************
*** 211,218 ****
if((mask & KADM5_POLICY))
return KADM5_BAD_MASK;
! ret = krb5_db_get_policy(handle->context, entry->policy, &p, &cnt);
! if( ret && (cnt==0) )
return KADM5_UNK_POLICY;
if ((mask & KADM5_PW_MAX_LIFE))
--- 211,219 ----
if((mask & KADM5_POLICY))
return KADM5_BAD_MASK;
! if ((ret = krb5_db_get_policy(handle->context, entry->policy, &p, &cnt)))
! return ret;
! if (cnt != 1)
return KADM5_UNK_POLICY;
if ((mask & KADM5_PW_MAX_LIFE))

9
krb5.spec
View File

@ -14,7 +14,7 @@
Summary: The Kerberos network authentication system. Summary: The Kerberos network authentication system.
Name: krb5 Name: krb5
Version: 1.6.2 Version: 1.6.2
Release: 4%{?dist} Release: 5%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead? # Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar # http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
Source0: krb5-%{version}.tar.gz Source0: krb5-%{version}.tar.gz
@ -84,6 +84,8 @@ Patch56: krb5-1.6.2-doublelog.patch
Patch57: krb5-1.6.2-login_chdir.patch Patch57: krb5-1.6.2-login_chdir.patch
Patch58: krb5-1.6.2-key_exp.patch Patch58: krb5-1.6.2-key_exp.patch
Patch59: krb5-kpasswd_tcp.patch Patch59: krb5-kpasswd_tcp.patch
Patch65: CVE-2007-3999.patch
Patch66: CVE-2007-4000.patch
Patch60: krb5-1.6.1-pam.patch Patch60: krb5-1.6.1-pam.patch
Patch61: krb5-trunk-manpaths.patch Patch61: krb5-trunk-manpaths.patch
@ -206,6 +208,9 @@ installed on systems which are meant provide these services.
%endif %endif
%changelog %changelog
* Tue Sep 4 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6.2-5
- incorporate fixes for MITKRB5-SA-2007-006 (CVE-2007-3999, CVE-2007-4000)
* Sat Aug 25 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6.2-4 * Sat Aug 25 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6.2-4
- cover more cases in labeling files on creation - cover more cases in labeling files on creation
- add missing gawk build dependency - add missing gawk build dependency
@ -1208,6 +1213,8 @@ popd
%patch51 -p0 -b .ldap_init %patch51 -p0 -b .ldap_init
%patch52 -p0 -b .ldap_man %patch52 -p0 -b .ldap_man
%patch53 -p1 -b .nodeplibs %patch53 -p1 -b .nodeplibs
%patch64 -p0 -b .2007-3999
%patch65 -p0 -b .2007-4000
#%patch55 -p1 -b .empty #%patch55 -p1 -b .empty
#%patch56 -p1 -b .doublelog #%patch56 -p1 -b .doublelog
#%patch57 -p1 -b .login_chdir #%patch57 -p1 -b .login_chdir