Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package krb5 for openSUSE:Factory checked in 
at 2026-07-02 20:06:03
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/krb5 (Old)
 and      /work/SRC/openSUSE:Factory/.krb5.new.1982 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "krb5"

Thu Jul  2 20:06:03 2026 rev:183 rq:1362600 version:1.22.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes   2026-05-08 
16:42:33.298155604 +0200
+++ /work/SRC/openSUSE:Factory/.krb5.new.1982/krb5-mini.changes 2026-07-02 
20:06:33.291361760 +0200
@@ -1,0 +2,7 @@
+Mon Jun 29 06:25:23 UTC 2026 - Samuel Cabrero <[email protected]>
+
+- Prevent read overrun in kdb-ldap:
+  * CVE-2026-11850, bsc#1268131
+- Add patch 0013-Prevent-read-overrun-in-libkdb_ldap.patch
+
+-------------------------------------------------------------------
krb5.changes: same change

New:
----
  0013-Prevent-read-overrun-in-libkdb_ldap.patch

----------(New B)----------
  New:/work/SRC/openSUSE:Factory/.krb5.new.1982/krb5-mini.changes-  * 
CVE-2026-11850, bsc#1268131
/work/SRC/openSUSE:Factory/.krb5.new.1982/krb5-mini.changes:- Add patch 
0013-Prevent-read-overrun-in-libkdb_ldap.patch
/work/SRC/openSUSE:Factory/.krb5.new.1982/krb5-mini.changes-
--
/work/SRC/openSUSE:Factory/.krb5.new.1982/krb5.changes-  * CVE-2026-11850, 
bsc#1268131
/work/SRC/openSUSE:Factory/.krb5.new.1982/krb5.changes:- Add patch 
0013-Prevent-read-overrun-in-libkdb_ldap.patch
/work/SRC/openSUSE:Factory/.krb5.new.1982/krb5.changes-
----------(New E)----------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ krb5-mini.spec ++++++
--- /var/tmp/diff_new_pack.1CuyRA/_old  2026-07-02 20:06:35.587440870 +0200
+++ /var/tmp/diff_new_pack.1CuyRA/_new  2026-07-02 20:06:35.587440870 +0200
@@ -49,6 +49,7 @@
 Patch10:        0010-Fix-strchr-conformance-to-C23.patch
 Patch11:        0011-autoconf-2.73-compatibility.patch
 Patch12:        0012-Fix-two-NegoEx-parsing-vulnerabilities.patch
+Patch13:        0013-Prevent-read-overrun-in-libkdb_ldap.patch
 BuildRequires:  autoconf
 BuildRequires:  bison
 BuildRequires:  pkgconfig

krb5.spec: same change
++++++ 0013-Prevent-read-overrun-in-libkdb_ldap.patch ++++++
>From 2a5fd83d4436583f2ddc0e193269a4d800ee45c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebasti=C3=A1n=20Alba?= <[email protected]>
Date: Wed, 8 Apr 2026 18:32:25 -0400
Subject: [PATCH] Prevent read overrun in libkdb_ldap

In berval2tl_data(), reject inputs of length less than 2 to prevent an
integer underflow and subsequent read overrun.  (The security impact
is negligible as the attacker would have to control the KDB LDAP
server.)

[[email protected]: wrote commit message]

ticket: 9206 (new)
tags: pullup
target_version: 1.22-next
---
 src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c 
b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
index 418d253d1..9aa68bacd 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
@@ -80,6 +80,9 @@ getstringtime(krb5_timestamp);
 krb5_error_code
 berval2tl_data(struct berval *in, krb5_tl_data **out)
 {
+    if (in->bv_len < 2)
+        return EINVAL;
+
     *out = (krb5_tl_data *) malloc (sizeof (krb5_tl_data));
     if (*out == NULL)
         return ENOMEM;
-- 
2.54.0

Reply via email to