Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2014-09-28 19:56:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "krb5" Changes: -------- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes 2014-09-03 20:09:20.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2014-09-28 19:56:39.000000000 +0200 @@ -1,0 +2,6 @@ +Tue Sep 23 13:25:33 UTC 2014 - [email protected] + +- bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal +- added patches: + * bnc#897874-CVE-2014-5351.diff +------------------------------------------------------------------- New: ---- bnc#897874-CVE-2014-5351.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ krb5.spec ++++++ --- /var/tmp/diff_new_pack.AjAvvf/_old 2014-09-28 19:56:41.000000000 +0200 +++ /var/tmp/diff_new_pack.AjAvvf/_new 2014-09-28 19:56:41.000000000 +0200 @@ -83,6 +83,7 @@ Patch13: krb5-1.9-debuginfo.patch Patch14: krb5-kvno-230379.patch Patch20: krb5-1.12-doxygen.patch +Patch21: bnc#897874-CVE-2014-5351.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -203,6 +204,7 @@ %patch13 -p0 %patch14 -p1 %patch20 -p1 +%patch21 -p1 %build # needs to be re-generated ++++++ bnc#897874-CVE-2014-5351.diff ++++++ diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 5d358bd..d4e74cc 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -344,6 +344,20 @@ check_1_6_dummy(kadm5_principal_ent_t entry, long mask, *passptr = NULL; } +/* Return the number of keys with the newest kvno. Assumes that all key data + * with the newest kvno are at the front of the key data array. */ +static int +count_new_keys(int n_key_data, krb5_key_data *key_data) +{ + int n; + + for (n = 1; n < n_key_data; n++) { + if (key_data[n - 1].key_data_kvno != key_data[n].key_data_kvno) + return n; + } + return n_key_data; +} + kadm5_ret_t kadm5_create_principal(void *server_handle, kadm5_principal_ent_t entry, long mask, @@ -1593,7 +1607,7 @@ kadm5_randkey_principal_3(void *server_handle, osa_princ_ent_rec adb; krb5_int32 now; kadm5_policy_ent_rec pol; - int ret, last_pwd; + int ret, last_pwd, n_new_keys; krb5_boolean have_pol = FALSE; kadm5_server_handle_t handle = server_handle; krb5_keyblock *act_mkey; @@ -1686,8 +1700,9 @@ kadm5_randkey_principal_3(void *server_handle, kdb->fail_auth_count = 0; if (keyblocks) { - ret = decrypt_key_data(handle->context, - kdb->n_key_data, kdb->key_data, + /* Return only the new keys added by krb5_dbe_crk. */ + n_new_keys = count_new_keys(kdb->n_key_data, kdb->key_data); + ret = decrypt_key_data(handle->context, n_new_keys, kdb->key_data, keyblocks, n_keys); if (ret) goto done; -- 1.8.5.2 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
