diff options
| author |   Wenzong Fan <wenzong.fan@windriver.com> | 2016-09-12 04:55:16 -0400 |
|---|---|---|
| committer |   Andreas Oberritter <obi@opendreambox.org> | 2017-02-16 11:29:17 +0100 |
| commit | fc8fd16b8187f01afee708408c2788316a2a07e0 (patch) | |
| tree | fe552b8ed189dd9bc778c81bca1ebc39ecf119f3 /meta-oe/recipes-connectivity/krb5/krb5/krb5-CVE-2016-3119.patch | |
| parent | f09c42da28f023b42f8aba0a7c618fe842a9998c (diff) | |
| download | meta-openembedded-contrib-fc8fd16b8187f01afee708408c2788316a2a07e0.tar.gz | |
krb5: upgrade to 1.13.6
* fix CVEs: CVE-2015-8629, CVE-2015-8630, CVE-2015-8631
* update LIC_FILES_CHKSUM, only Copyright changed in NOTICE file:
-Copyright (C) 1985-2015 by the Massachusetts Institute of Technology.
+Copyright (C) 1985-2016 by the Massachusetts Institute of Technology.
* remove useless functions: krb5_do_unpack(), do_unpack()
* remove patches that included by new release:
- 0001-Work-around-uninitialized-warning-in-cc_kcm.c.patch
- Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch
- Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch
- Fix-build_principal-memory-bug-CVE-2015-2697.patch
- Fix-IAKERB-context-export-import-CVE-2015-2698.patch
- krb5-CVE-2016-3119.patch
- krb5-CVE-2016-3120.patch
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit 2ed5ad2e40ea29b549c1d39aad70e2e4f7d57b28)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Diffstat (limited to 'meta-oe/recipes-connectivity/krb5/krb5/krb5-CVE-2016-3119.patch')
| -rw-r--r-- | meta-oe/recipes-connectivity/krb5/krb5/krb5-CVE-2016-3119.patch | 36 |
1 files changed, 0 insertions, 36 deletions
diff --git a/meta-oe/recipes-connectivity/krb5/krb5/krb5-CVE-2016-3119.patch b/meta-oe/recipes-connectivity/krb5/krb5/krb5-CVE-2016-3119.patch deleted file mode 100644 index 67fefed898..0000000000 --- a/meta-oe/recipes-connectivity/krb5/krb5/krb5-CVE-2016-3119.patch +++ /dev/null @@ -1,36 +0,0 @@ -Subject: kerb: Fix LDAP null deref on empty arg [CVE-2016-3119] -From: Greg Hudson - -In the LDAP KDB module's process_db_args(), strtok_r() may return NULL -if there is an empty string in the db_args array. Check for this case -and avoid dereferencing a null pointer. - -CVE-2016-3119: - -In MIT krb5 1.6 and later, an authenticated attacker with permission -to modify a principal entry can cause kadmind to dereference a null -pointer by supplying an empty DB argument to the modify_principal -command, if kadmind is configured to use the LDAP KDB module. - - CVSSv2 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C/E:H/RL:OF/RC:ND - -ticket: 8383 (new) -target_version: 1.14-next -target_version: 1.13-next -tags: pullup - -Upstream-Status: Backport - -Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> -Index: krb5-1.13.2/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c -=================================================================== ---- krb5-1.13.2.orig/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c 2015-05-09 07:27:02.000000000 +0800 -+++ krb5-1.13.2/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c 2016-04-11 15:17:12.874140518 +0800 -@@ -267,6 +267,7 @@ - if (db_args) { - for (i=0; db_args[i]; ++i) { - arg = strtok_r(db_args[i], "=", &arg_val); -+ arg = (arg != NULL) ? arg : ""; - if (strcmp(arg, TKTPOLICY_ARG) == 0) { - dptr = &xargs->tktpolicydn; - } else { |