diff options
| author |   Yi Zhao <yi.zhao@windriver.com> | 2021-09-06 14:32:53 +0800 |
|---|---|---|
| committer |   Armin Kuster <akuster@mvista.com> | 2021-09-10 13:23:06 -0700 |
| commit | 06d80777f47891ec876b55212790deb5fef9116e (patch) | |
| tree | 52c29f0f9737d5c9490c5fdebc32e27ad4881cf2 /meta-networking | |
| parent | 892b724cd147de92dd806235e22c15516931ea64 (diff) | |
| download | meta-openembedded-contrib-06d80777f47891ec876b55212790deb5fef9116e.tar.gz | |
krb5: fix CVE-2021-36222
Source: https://git.openembedded.org/meta-openembedded
MR: 112165
Type: Security Fix
Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-connectivity/krb5?id=69087d69d01a4530e2d588036fcbeaf8856b2ff1
ChangeID: e7cdfd1c4530312b4773103cf58d322451af1421
Description:
CVE-2021-36222:
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC)
in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2
allows remote attackers to cause a NULL pointer dereference and daemon
crash. This occurs because a return value is not properly managed in a
certain situation.
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-36222
Patches from:
https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 620badcbf8a59fbd2cdda6ab01c4ffba1c3ee327)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 523f6d834d2fddb0ecc73c6d7d8b1845f65f5279)
[Fixup for Dunfell context]
Signed-off-by: Armin Kuster <akuster@mvista.com>
Diffstat (limited to 'meta-networking')
0 files changed, 0 insertions, 0 deletions