Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2026-07-02 20:06:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new.1982 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "krb5" Thu Jul 2 20:06:03 2026 rev:183 rq:1362600 version:1.22.2 Changes: -------- --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2026-05-08 16:42:33.298155604 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new.1982/krb5-mini.changes 2026-07-02 20:06:33.291361760 +0200 @@ -1,0 +2,7 @@ +Mon Jun 29 06:25:23 UTC 2026 - Samuel Cabrero <[email protected]> + +- Prevent read overrun in kdb-ldap: + * CVE-2026-11850, bsc#1268131 +- Add patch 0013-Prevent-read-overrun-in-libkdb_ldap.patch + +------------------------------------------------------------------- krb5.changes: same change New: ---- 0013-Prevent-read-overrun-in-libkdb_ldap.patch ----------(New B)---------- New:/work/SRC/openSUSE:Factory/.krb5.new.1982/krb5-mini.changes- * CVE-2026-11850, bsc#1268131 /work/SRC/openSUSE:Factory/.krb5.new.1982/krb5-mini.changes:- Add patch 0013-Prevent-read-overrun-in-libkdb_ldap.patch /work/SRC/openSUSE:Factory/.krb5.new.1982/krb5-mini.changes- -- /work/SRC/openSUSE:Factory/.krb5.new.1982/krb5.changes- * CVE-2026-11850, bsc#1268131 /work/SRC/openSUSE:Factory/.krb5.new.1982/krb5.changes:- Add patch 0013-Prevent-read-overrun-in-libkdb_ldap.patch /work/SRC/openSUSE:Factory/.krb5.new.1982/krb5.changes- ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ krb5-mini.spec ++++++ --- /var/tmp/diff_new_pack.1CuyRA/_old 2026-07-02 20:06:35.587440870 +0200 +++ /var/tmp/diff_new_pack.1CuyRA/_new 2026-07-02 20:06:35.587440870 +0200 @@ -49,6 +49,7 @@ Patch10: 0010-Fix-strchr-conformance-to-C23.patch Patch11: 0011-autoconf-2.73-compatibility.patch Patch12: 0012-Fix-two-NegoEx-parsing-vulnerabilities.patch +Patch13: 0013-Prevent-read-overrun-in-libkdb_ldap.patch BuildRequires: autoconf BuildRequires: bison BuildRequires: pkgconfig krb5.spec: same change ++++++ 0013-Prevent-read-overrun-in-libkdb_ldap.patch ++++++ >From 2a5fd83d4436583f2ddc0e193269a4d800ee45c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebasti=C3=A1n=20Alba?= <[email protected]> Date: Wed, 8 Apr 2026 18:32:25 -0400 Subject: [PATCH] Prevent read overrun in libkdb_ldap In berval2tl_data(), reject inputs of length less than 2 to prevent an integer underflow and subsequent read overrun. (The security impact is negligible as the attacker would have to control the KDB LDAP server.) [[email protected]: wrote commit message] ticket: 9206 (new) tags: pullup target_version: 1.22-next --- src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c index 418d253d1..9aa68bacd 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c @@ -80,6 +80,9 @@ getstringtime(krb5_timestamp); krb5_error_code berval2tl_data(struct berval *in, krb5_tl_data **out) { + if (in->bv_len < 2) + return EINVAL; + *out = (krb5_tl_data *) malloc (sizeof (krb5_tl_data)); if (*out == NULL) return ENOMEM; -- 2.54.0
