From b83e316992be57cb1bc29dff6f9e711d2528eba9498cbed4b533c84686290e3c Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Wed, 19 May 2010 12:28:19 +0000 Subject: [PATCH 1/3] - fix GSS-API library null pointer dereference CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826) OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=23 --- krb5-MITKRB5-SA-2010-005.dif | 18 ++++++++++++++++++ krb5-mini.changes | 6 ++++++ krb5-mini.spec | 4 +++- krb5.changes | 6 ++++++ krb5.spec | 2 ++ 5 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 krb5-MITKRB5-SA-2010-005.dif diff --git a/krb5-MITKRB5-SA-2010-005.dif b/krb5-MITKRB5-SA-2010-005.dif new file mode 100644 index 0000000..1cceed7 --- /dev/null +++ b/krb5-MITKRB5-SA-2010-005.dif @@ -0,0 +1,18 @@ +Index: krb5-1.8.1/src/lib/gssapi/krb5/accept_sec_context.c +=================================================================== +--- krb5-1.8.1.orig/src/lib/gssapi/krb5/accept_sec_context.c ++++ krb5-1.8.1/src/lib/gssapi/krb5/accept_sec_context.c +@@ -647,6 +647,13 @@ kg_accept_krb5(minor_status, context_han + goto fail; + } + ++ if (authdat->checksum == NULL) { ++ /* missing checksum counts as "inappropriate type" */ ++ code = KRB5KRB_AP_ERR_INAPP_CKSUM; ++ major_status = GSS_S_FAILURE; ++ goto fail; ++ } ++ + /* verify that the checksum is correct */ + + /* diff --git a/krb5-mini.changes b/krb5-mini.changes index 32d8015..6fc48ec 100644 --- a/krb5-mini.changes +++ b/krb5-mini.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed May 19 14:27:19 CEST 2010 - mc@suse.de + +- fix GSS-API library null pointer dereference + CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826) + ------------------------------------------------------------------- Wed Apr 14 11:36:32 CEST 2010 - mc@suse.de diff --git a/krb5-mini.spec b/krb5-mini.spec index 6162c53..36b5478 100644 --- a/krb5-mini.spec +++ b/krb5-mini.spec @@ -1,5 +1,5 @@ # -# spec file for package krb5-mini (Version 1.8.1) +# spec file for package krb5 (Version 1.8.1) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -56,6 +56,7 @@ Patch6: krb5-1.6.3-kpasswd_tcp.patch Patch7: krb5-1.6.3-ktutil-manpage.dif Patch8: krb5-1.6.3-fix-ipv6-query.dif Patch9: krb5-1.7-MITKRB5-SA-2010-004.dif +Patch10: krb5-MITKRB5-SA-2010-005.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -204,6 +205,7 @@ Authors: %patch7 -p1 %patch8 -p1 %patch9 -p1 +%patch10 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do diff --git a/krb5.changes b/krb5.changes index 32d8015..6fc48ec 100644 --- a/krb5.changes +++ b/krb5.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed May 19 14:27:19 CEST 2010 - mc@suse.de + +- fix GSS-API library null pointer dereference + CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826) + ------------------------------------------------------------------- Wed Apr 14 11:36:32 CEST 2010 - mc@suse.de diff --git a/krb5.spec b/krb5.spec index b0de780..376f339 100644 --- a/krb5.spec +++ b/krb5.spec @@ -56,6 +56,7 @@ Patch6: krb5-1.6.3-kpasswd_tcp.patch Patch7: krb5-1.6.3-ktutil-manpage.dif Patch8: krb5-1.6.3-fix-ipv6-query.dif Patch9: krb5-1.7-MITKRB5-SA-2010-004.dif +Patch10: krb5-MITKRB5-SA-2010-005.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -204,6 +205,7 @@ Authors: %patch7 -p1 %patch8 -p1 %patch9 -p1 +%patch10 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do From 3631c963d5d69d7e27c885208f268cfbc9f424eca662652f4411469344dbed8d Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Tue, 25 May 2010 08:35:35 +0000 Subject: [PATCH 2/3] Accepting request 40365 from network checked in (request 40365) OBS-URL: https://build.opensuse.org/request/show/40365 OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=24 --- krb5-MITKRB5-SA-2010-005.dif | 18 ------------------ krb5-mini.changes | 6 ------ krb5-mini.spec | 4 +--- krb5.changes | 6 ------ krb5.spec | 2 -- 5 files changed, 1 insertion(+), 35 deletions(-) delete mode 100644 krb5-MITKRB5-SA-2010-005.dif diff --git a/krb5-MITKRB5-SA-2010-005.dif b/krb5-MITKRB5-SA-2010-005.dif deleted file mode 100644 index 1cceed7..0000000 --- a/krb5-MITKRB5-SA-2010-005.dif +++ /dev/null @@ -1,18 +0,0 @@ -Index: krb5-1.8.1/src/lib/gssapi/krb5/accept_sec_context.c -=================================================================== ---- krb5-1.8.1.orig/src/lib/gssapi/krb5/accept_sec_context.c -+++ krb5-1.8.1/src/lib/gssapi/krb5/accept_sec_context.c -@@ -647,6 +647,13 @@ kg_accept_krb5(minor_status, context_han - goto fail; - } - -+ if (authdat->checksum == NULL) { -+ /* missing checksum counts as "inappropriate type" */ -+ code = KRB5KRB_AP_ERR_INAPP_CKSUM; -+ major_status = GSS_S_FAILURE; -+ goto fail; -+ } -+ - /* verify that the checksum is correct */ - - /* diff --git a/krb5-mini.changes b/krb5-mini.changes index 6fc48ec..32d8015 100644 --- a/krb5-mini.changes +++ b/krb5-mini.changes @@ -1,9 +1,3 @@ -------------------------------------------------------------------- -Wed May 19 14:27:19 CEST 2010 - mc@suse.de - -- fix GSS-API library null pointer dereference - CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826) - ------------------------------------------------------------------- Wed Apr 14 11:36:32 CEST 2010 - mc@suse.de diff --git a/krb5-mini.spec b/krb5-mini.spec index 36b5478..6162c53 100644 --- a/krb5-mini.spec +++ b/krb5-mini.spec @@ -1,5 +1,5 @@ # -# spec file for package krb5 (Version 1.8.1) +# spec file for package krb5-mini (Version 1.8.1) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -56,7 +56,6 @@ Patch6: krb5-1.6.3-kpasswd_tcp.patch Patch7: krb5-1.6.3-ktutil-manpage.dif Patch8: krb5-1.6.3-fix-ipv6-query.dif Patch9: krb5-1.7-MITKRB5-SA-2010-004.dif -Patch10: krb5-MITKRB5-SA-2010-005.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -205,7 +204,6 @@ Authors: %patch7 -p1 %patch8 -p1 %patch9 -p1 -%patch10 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do diff --git a/krb5.changes b/krb5.changes index 6fc48ec..32d8015 100644 --- a/krb5.changes +++ b/krb5.changes @@ -1,9 +1,3 @@ -------------------------------------------------------------------- -Wed May 19 14:27:19 CEST 2010 - mc@suse.de - -- fix GSS-API library null pointer dereference - CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826) - ------------------------------------------------------------------- Wed Apr 14 11:36:32 CEST 2010 - mc@suse.de diff --git a/krb5.spec b/krb5.spec index 376f339..b0de780 100644 --- a/krb5.spec +++ b/krb5.spec @@ -56,7 +56,6 @@ Patch6: krb5-1.6.3-kpasswd_tcp.patch Patch7: krb5-1.6.3-ktutil-manpage.dif Patch8: krb5-1.6.3-fix-ipv6-query.dif Patch9: krb5-1.7-MITKRB5-SA-2010-004.dif -Patch10: krb5-MITKRB5-SA-2010-005.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -205,7 +204,6 @@ Authors: %patch7 -p1 %patch8 -p1 %patch9 -p1 -%patch10 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do From c773282ebc74cd5cfd631bde22e735b233afade70a418695e26bb833cb52db11 Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Tue, 25 May 2010 08:35:36 +0000 Subject: [PATCH 3/3] Updating link to change in openSUSE:Factory/krb5 revision 51.0 OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=76e7c9e1fc886111a06aa8aebfb6ed24 --- krb5-MITKRB5-SA-2010-005.dif | 18 ++++++++++++++++++ krb5-doc.spec | 2 +- krb5-mini.changes | 6 ++++++ krb5-mini.spec | 4 +++- krb5.changes | 6 ++++++ krb5.spec | 4 +++- 6 files changed, 37 insertions(+), 3 deletions(-) create mode 100644 krb5-MITKRB5-SA-2010-005.dif diff --git a/krb5-MITKRB5-SA-2010-005.dif b/krb5-MITKRB5-SA-2010-005.dif new file mode 100644 index 0000000..1cceed7 --- /dev/null +++ b/krb5-MITKRB5-SA-2010-005.dif @@ -0,0 +1,18 @@ +Index: krb5-1.8.1/src/lib/gssapi/krb5/accept_sec_context.c +=================================================================== +--- krb5-1.8.1.orig/src/lib/gssapi/krb5/accept_sec_context.c ++++ krb5-1.8.1/src/lib/gssapi/krb5/accept_sec_context.c +@@ -647,6 +647,13 @@ kg_accept_krb5(minor_status, context_han + goto fail; + } + ++ if (authdat->checksum == NULL) { ++ /* missing checksum counts as "inappropriate type" */ ++ code = KRB5KRB_AP_ERR_INAPP_CKSUM; ++ major_status = GSS_S_FAILURE; ++ goto fail; ++ } ++ + /* verify that the checksum is correct */ + + /* diff --git a/krb5-doc.spec b/krb5-doc.spec index e7fae99..434bbeb 100644 --- a/krb5-doc.spec +++ b/krb5-doc.spec @@ -21,7 +21,7 @@ Name: krb5-doc BuildRequires: ghostscript-library latex2html texlive Version: 1.8.1 -Release: 2 +Release: 3 %define srcRoot krb5-1.8.1 Summary: MIT Kerberos5 Implementation--Documentation License: MIT License (or similar) diff --git a/krb5-mini.changes b/krb5-mini.changes index 32d8015..6fc48ec 100644 --- a/krb5-mini.changes +++ b/krb5-mini.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed May 19 14:27:19 CEST 2010 - mc@suse.de + +- fix GSS-API library null pointer dereference + CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826) + ------------------------------------------------------------------- Wed Apr 14 11:36:32 CEST 2010 - mc@suse.de diff --git a/krb5-mini.spec b/krb5-mini.spec index 6162c53..bc1ae48 100644 --- a/krb5-mini.spec +++ b/krb5-mini.spec @@ -28,7 +28,7 @@ Url: http://web.mit.edu/kerberos/www/ BuildRequires: bison libcom_err-devel ncurses-devel BuildRequires: keyutils keyutils-devel Version: 1.8.1 -Release: 2 +Release: 3 %if ! 0%{?build_mini} BuildRequires: libopenssl-devel openldap2-devel # bug437293 @@ -56,6 +56,7 @@ Patch6: krb5-1.6.3-kpasswd_tcp.patch Patch7: krb5-1.6.3-ktutil-manpage.dif Patch8: krb5-1.6.3-fix-ipv6-query.dif Patch9: krb5-1.7-MITKRB5-SA-2010-004.dif +Patch10: krb5-MITKRB5-SA-2010-005.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -204,6 +205,7 @@ Authors: %patch7 -p1 %patch8 -p1 %patch9 -p1 +%patch10 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do diff --git a/krb5.changes b/krb5.changes index 32d8015..6fc48ec 100644 --- a/krb5.changes +++ b/krb5.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed May 19 14:27:19 CEST 2010 - mc@suse.de + +- fix GSS-API library null pointer dereference + CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826) + ------------------------------------------------------------------- Wed Apr 14 11:36:32 CEST 2010 - mc@suse.de diff --git a/krb5.spec b/krb5.spec index b0de780..7fd6bdc 100644 --- a/krb5.spec +++ b/krb5.spec @@ -28,7 +28,7 @@ Url: http://web.mit.edu/kerberos/www/ BuildRequires: bison libcom_err-devel ncurses-devel BuildRequires: keyutils keyutils-devel Version: 1.8.1 -Release: 2 +Release: 3 %if ! 0%{?build_mini} BuildRequires: libopenssl-devel openldap2-devel # bug437293 @@ -56,6 +56,7 @@ Patch6: krb5-1.6.3-kpasswd_tcp.patch Patch7: krb5-1.6.3-ktutil-manpage.dif Patch8: krb5-1.6.3-fix-ipv6-query.dif Patch9: krb5-1.7-MITKRB5-SA-2010-004.dif +Patch10: krb5-MITKRB5-SA-2010-005.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -204,6 +205,7 @@ Authors: %patch7 -p1 %patch8 -p1 %patch9 -p1 +%patch10 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do