Accepting request 64238 from network

Accepted submit request 64238 from user mcalmer

OBS-URL: https://build.opensuse.org/request/show/64238
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=65

krb5-1.8-MITKRB5-SA-2011-003.dif

@@ -0,0 +1,13 @@
+Index: krb5-1.8.1/src/kdc/do_as_req.c
+===================================================================
+--- krb5-1.8.1.orig/src/kdc/do_as_req.c
++++ krb5-1.8.1/src/kdc/do_as_req.c
+@@ -784,6 +784,8 @@ prepare_error_as (struct kdc_request_sta
+                     pad->contents = td[size]->data;
+                     pad->length = td[size]->length;
+                     pa[size] = pad;
++                    td[size]->data = NULL;
++                    td[size]->length = 0;
+                 }
+             krb5_free_typed_data(kdc_context, td);
+         }

krb5-mini.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Mar  1 12:43:22 CET 2011 - mc@suse.de
+
+- Fix vulnerability to a double-free condition in KDC daemon
+  (MITKRB5-SA-2011-003, bnc#671717)
+  CVE-2011-0284
+
 -------------------------------------------------------------------
 Wed Jan 19 14:42:27 CET 2011 - mc@suse.de
 

krb5-mini.spec

@@ -1,5 +1,5 @@
 #
-# spec file for package krb5-mini
+# spec file for package krb5
 #
 # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -59,6 +59,7 @@ Patch12:        krb5-1.8-MITKRB5-SA-2010-006.dif
 Patch13:        MITKRB5-SA-2010-007-1.8.dif
 Patch14:        krb5-1.8-MITKRB5-SA-2011-001.dif
 Patch15:        krb5-1.8-MITKRB5-SA-2011-002.dif
+Patch16:        krb5-1.8-MITKRB5-SA-2011-003.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         mktemp, grep, /bin/touch, coreutils
 PreReq:         %insserv_prereq %fillup_prereq 
@@ -210,6 +211,7 @@ Authors:
 %patch13 -p1
 %patch14 -p1
 %patch15 -p0
+%patch16 -p1
 # Rename the man pages so that they'll get generated correctly.
 pushd src
 cat %{SOURCE10} | while read manpage ; do

krb5.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Mar  1 12:43:22 CET 2011 - mc@suse.de
+
+- Fix vulnerability to a double-free condition in KDC daemon
+  (MITKRB5-SA-2011-003, bnc#671717)
+  CVE-2011-0284
+
 -------------------------------------------------------------------
 Wed Jan 19 14:42:27 CET 2011 - mc@suse.de
 

krb5.spec

@@ -59,6 +59,7 @@ Patch12:        krb5-1.8-MITKRB5-SA-2010-006.dif
 Patch13:        MITKRB5-SA-2010-007-1.8.dif
 Patch14:        krb5-1.8-MITKRB5-SA-2011-001.dif
 Patch15:        krb5-1.8-MITKRB5-SA-2011-002.dif
+Patch16:        krb5-1.8-MITKRB5-SA-2011-003.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         mktemp, grep, /bin/touch, coreutils
 PreReq:         %insserv_prereq %fillup_prereq 
@@ -210,6 +211,7 @@ Authors:
 %patch13 -p1
 %patch14 -p1
 %patch15 -p0
+%patch16 -p1
 # Rename the man pages so that they'll get generated correctly.
 pushd src
 cat %{SOURCE10} | while read manpage ; do