From b12b5169d70d5a429535bbc6a1567d148295bbc7ec59219891c4ee96e3e1dafa Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Wed, 16 Mar 2011 07:59:53 +0000 Subject: [PATCH] - Fix vulnerability to a double-free condition in KDC daemon (MITKRB5-SA-2011-003, bnc#671717) CVE-2011-0284 - Fix vulnerability to a double-free condition in KDC daemon (MITKRB5-SA-2011-003, bnc#671717) CVE-2011-0284 OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=41 --- krb5-1.8-MITKRB5-SA-2011-003.dif | 13 +++++++++++++ krb5-doc.spec | 6 +++--- krb5-mini.changes | 7 +++++++ krb5-mini.spec | 8 +++++--- krb5.changes | 7 +++++++ krb5.spec | 8 +++++--- 6 files changed, 40 insertions(+), 9 deletions(-) create mode 100644 krb5-1.8-MITKRB5-SA-2011-003.dif diff --git a/krb5-1.8-MITKRB5-SA-2011-003.dif b/krb5-1.8-MITKRB5-SA-2011-003.dif new file mode 100644 index 0000000..9fe77e2 --- /dev/null +++ b/krb5-1.8-MITKRB5-SA-2011-003.dif @@ -0,0 +1,13 @@ +Index: krb5-1.8.1/src/kdc/do_as_req.c +=================================================================== +--- krb5-1.8.1.orig/src/kdc/do_as_req.c ++++ krb5-1.8.1/src/kdc/do_as_req.c +@@ -784,6 +784,8 @@ prepare_error_as (struct kdc_request_sta + pad->contents = td[size]->data; + pad->length = td[size]->length; + pa[size] = pad; ++ td[size]->data = NULL; ++ td[size]->length = 0; + } + krb5_free_typed_data(kdc_context, td); + } diff --git a/krb5-doc.spec b/krb5-doc.spec index 8f1981d..6852da8 100644 --- a/krb5-doc.spec +++ b/krb5-doc.spec @@ -1,7 +1,7 @@ # -# spec file for package krb5-doc (Version 1.8.3) +# spec file for package krb5-doc # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ Name: krb5-doc BuildRequires: ghostscript-library latex2html texlive Version: 1.8.3 -Release: 3 +Release: 4 %define srcRoot krb5-1.8.3 Summary: MIT Kerberos5 Implementation--Documentation License: MIT License (or similar) diff --git a/krb5-mini.changes b/krb5-mini.changes index b33a758..d830641 100644 --- a/krb5-mini.changes +++ b/krb5-mini.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Mar 1 12:43:22 CET 2011 - mc@suse.de + +- Fix vulnerability to a double-free condition in KDC daemon + (MITKRB5-SA-2011-003, bnc#671717) + CVE-2011-0284 + ------------------------------------------------------------------- Wed Jan 19 14:42:27 CET 2011 - mc@suse.de diff --git a/krb5-mini.spec b/krb5-mini.spec index fd29d8c..98224bb 100644 --- a/krb5-mini.spec +++ b/krb5-mini.spec @@ -1,7 +1,7 @@ # -# spec file for package krb5 (Version 1.8.3) +# spec file for package krb5 # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -28,7 +28,7 @@ Url: http://web.mit.edu/kerberos/www/ BuildRequires: bison libcom_err-devel ncurses-devel BuildRequires: keyutils keyutils-devel Version: 1.8.3 -Release: 3 +Release: 4 %if ! 0%{?build_mini} BuildRequires: libopenssl-devel openldap2-devel # bug437293 @@ -59,6 +59,7 @@ Patch12: krb5-1.8-MITKRB5-SA-2010-006.dif Patch13: MITKRB5-SA-2010-007-1.8.dif Patch14: krb5-1.8-MITKRB5-SA-2011-001.dif Patch15: krb5-1.8-MITKRB5-SA-2011-002.dif +Patch16: krb5-1.8-MITKRB5-SA-2011-003.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -210,6 +211,7 @@ Authors: %patch13 -p1 %patch14 -p1 %patch15 -p0 +%patch16 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do diff --git a/krb5.changes b/krb5.changes index b33a758..d830641 100644 --- a/krb5.changes +++ b/krb5.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Mar 1 12:43:22 CET 2011 - mc@suse.de + +- Fix vulnerability to a double-free condition in KDC daemon + (MITKRB5-SA-2011-003, bnc#671717) + CVE-2011-0284 + ------------------------------------------------------------------- Wed Jan 19 14:42:27 CET 2011 - mc@suse.de diff --git a/krb5.spec b/krb5.spec index 6f01b6f..0d32498 100644 --- a/krb5.spec +++ b/krb5.spec @@ -1,7 +1,7 @@ # -# spec file for package krb5 (Version 1.8.3) +# spec file for package krb5 # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -28,7 +28,7 @@ Url: http://web.mit.edu/kerberos/www/ BuildRequires: bison libcom_err-devel ncurses-devel BuildRequires: keyutils keyutils-devel Version: 1.8.3 -Release: 3 +Release: 4 %if ! 0%{?build_mini} BuildRequires: libopenssl-devel openldap2-devel # bug437293 @@ -59,6 +59,7 @@ Patch12: krb5-1.8-MITKRB5-SA-2010-006.dif Patch13: MITKRB5-SA-2010-007-1.8.dif Patch14: krb5-1.8-MITKRB5-SA-2011-001.dif Patch15: krb5-1.8-MITKRB5-SA-2011-002.dif +Patch16: krb5-1.8-MITKRB5-SA-2011-003.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -210,6 +211,7 @@ Authors: %patch13 -p1 %patch14 -p1 %patch15 -p0 +%patch16 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do