Hello community, here is the log from the commit of package krb5 for openSUSE:11.2 checked in at Thu Apr 14 13:57:10 CEST 2011.
-------- --- old-versions/11.2/UPDATES/all/krb5/krb5-mini.changes 2011-03-16 08:57:38.000000000 +0100 +++ 11.2/krb5/krb5-mini.changes 2011-04-14 13:56:32.765012000 +0200 @@ -1,0 +2,7 @@ +Thu Apr 14 11:16:16 CEST 2011 - [email protected] + +- fix kadmind invalid pointer free() + (MITKRB5-SA-2011-004, bnc#687469) + CVE-2011-0285 + +------------------------------------------------------------------- krb5.changes: same change calling whatdependson for 11.2-i586 New: ---- krb5-1.7-MITKRB5-SA-2011-004.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ krb5-doc.spec ++++++ --- /var/tmp/diff_new_pack.60AwLE/_old 2011-04-14 13:56:53.000000000 +0200 +++ /var/tmp/diff_new_pack.60AwLE/_new 2011-04-14 13:56:53.000000000 +0200 @@ -21,7 +21,7 @@ Name: krb5-doc BuildRequires: ghostscript-library latex2html texlive Version: 1.7 -Release: 6.<RELEASE12> +Release: 6.<RELEASE13> %define srcRoot krb5-1.7 Summary: MIT Kerberos5 Implementation--Documentation License: MIT License (or similar) ++++++ krb5-mini.spec ++++++ --- /var/tmp/diff_new_pack.60AwLE/_old 2011-04-14 13:56:53.000000000 +0200 +++ /var/tmp/diff_new_pack.60AwLE/_new 2011-04-14 13:56:53.000000000 +0200 @@ -28,7 +28,7 @@ BuildRequires: bison libcom_err-devel ncurses-devel BuildRequires: keyutils keyutils-devel Version: 1.7 -Release: 6.<RELEASE10> +Release: 6.<RELEASE11> %if ! 0%{?build_mini} BuildRequires: libopenssl-devel openldap2-devel # bug437293 @@ -69,6 +69,7 @@ Patch55: krb5-1.7-MITKRB5-SA-2011-001.dif Patch56: krb5-1.7-MITKRB5-SA-2011-002.dif Patch57: krb5-1.7-MITKRB5-SA-2011-003.dif +Patch58: krb5-1.7-MITKRB5-SA-2011-004.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -276,6 +277,7 @@ %patch55 -p1 %patch56 -p1 %patch57 -p1 +%patch58 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do ++++++ krb5.spec ++++++ --- /var/tmp/diff_new_pack.60AwLE/_old 2011-04-14 13:56:53.000000000 +0200 +++ /var/tmp/diff_new_pack.60AwLE/_new 2011-04-14 13:56:53.000000000 +0200 @@ -28,7 +28,7 @@ BuildRequires: bison libcom_err-devel ncurses-devel BuildRequires: keyutils keyutils-devel Version: 1.7 -Release: 6.<RELEASE12> +Release: 6.<RELEASE14> %if ! 0%{?build_mini} BuildRequires: libopenssl-devel openldap2-devel # bug437293 @@ -69,6 +69,7 @@ Patch55: krb5-1.7-MITKRB5-SA-2011-001.dif Patch56: krb5-1.7-MITKRB5-SA-2011-002.dif Patch57: krb5-1.7-MITKRB5-SA-2011-003.dif +Patch58: krb5-1.7-MITKRB5-SA-2011-004.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -276,6 +277,7 @@ %patch55 -p1 %patch56 -p1 %patch57 -p1 +%patch58 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do ++++++ krb5-1.7-MITKRB5-SA-2011-004.dif ++++++ Index: krb5-1.7/src/kadmin/server/network.c =================================================================== --- krb5-1.7.orig/src/kadmin/server/network.c +++ krb5-1.7/src/kadmin/server/network.c @@ -1351,6 +1351,10 @@ cleanup: if (local_kaddrs != NULL) krb5_free_addresses(server_handle->context, local_kaddrs); + if ((*response)->data == NULL) { + free(*response); + *response = NULL; + } krb5_kt_close(server_handle->context, kt); return ret; Index: krb5-1.7/src/kadmin/server/schpw.c =================================================================== --- krb5-1.7.orig/src/kadmin/server/schpw.c +++ krb5-1.7/src/kadmin/server/schpw.c @@ -73,8 +73,13 @@ process_chpw_request(context, server_han plen = (*ptr++ & 0xff); plen = (plen<<8) | (*ptr++ & 0xff); - if (plen != req->length) - return(KRB5KRB_AP_ERR_MODIFIED); + if (plen != req->length) { + ret = KRB5KRB_AP_ERR_MODIFIED; + numresult = KRB5_KPASSWD_MALFORMED; + strlcpy(strresult, "Request length was inconsistent", + sizeof(strresult)); + goto chpwfail; + } /* verify version number */ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
