Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2014-08-20 17:53:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "krb5" Changes: -------- --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2014-08-06 11:42:17.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2014-08-20 17:53:42.000000000 +0200 @@ -1,0 +2,7 @@ +Fri Aug 8 15:55:01 UTC 2014 - [email protected] + +- buffer overrun in kadmind with LDAP backend + CVE-2014-4345 (bnc#891082) + krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch + +------------------------------------------------------------------- krb5.changes: same change New: ---- krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ krb5-mini.spec ++++++ --- /var/tmp/diff_new_pack.zcOpXr/_old 2014-08-20 17:53:44.000000000 +0200 +++ /var/tmp/diff_new_pack.zcOpXr/_new 2014-08-20 17:53:44.000000000 +0200 @@ -86,6 +86,7 @@ Patch16: krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch Patch17: krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch Patch18: krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch +Patch19: krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -209,6 +210,7 @@ %patch16 -p1 %patch17 -p1 %patch18 -p1 +%patch19 -p1 %build # needs to be re-generated ++++++ krb5.spec ++++++ --- /var/tmp/diff_new_pack.zcOpXr/_old 2014-08-20 17:53:44.000000000 +0200 +++ /var/tmp/diff_new_pack.zcOpXr/_new 2014-08-20 17:53:44.000000000 +0200 @@ -86,6 +86,7 @@ Patch16: krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch Patch17: krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch Patch18: krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch +Patch19: krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -209,6 +210,7 @@ %patch16 -p1 %patch17 -p1 %patch18 -p1 +%patch19 -p1 %build # needs to be re-generated ++++++ krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch ++++++ diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c index ce851ea..df5934c 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c @@ -456,7 +456,8 @@ krb5_encode_krbsecretkey(krb5_key_data *key_data_in, int n_key_data, j++; last = i + 1; - currkvno = key_data[i].key_data_kvno; + if (i < n_key_data - 1) + currkvno = key_data[i + 1].key_data_kvno; } } ret[num_versions] = NULL; -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
