This commit is contained in:
OBS User unknown
Git OBS Bridge
parent
ef2993cbd0
commit
fb489c895a
21
krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif
Normal file
21
krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif
Normal file
@ -0,0 +1,21 @@
|
||||
--- src/lib/rpc/svc.c
|
||||
+++ src/lib/rpc/svc.c 2006/12/05 10:03:35
|
||||
@@ -437,6 +437,8 @@
|
||||
#endif
|
||||
}
|
||||
|
||||
+extern struct svc_auth_ops svc_auth_gss_ops;
|
||||
+
|
||||
static void
|
||||
svc_do_xprt(SVCXPRT *xprt)
|
||||
{
|
||||
@@ -518,6 +520,9 @@
|
||||
if ((stat = SVC_STAT(xprt)) == XPRT_DIED){
|
||||
SVC_DESTROY(xprt);
|
||||
break;
|
||||
+ } else if ((xprt->xp_auth != NULL) &&
|
||||
+ (xprt->xp_auth->svc_ah_ops != &svc_auth_gss_ops)) {
|
||||
+ xprt->xp_auth = NULL;
|
||||
}
|
||||
} while (stat == XPRT_MOREREQS);
|
||||
|
||||
1530
krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif
Normal file
1530
krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif
Normal file
File diff suppressed because it is too large
Load Diff
@ -13,7 +13,7 @@
|
||||
Name: krb5-doc
|
||||
BuildRequires: ghostscript-library latex2html te_ams
|
||||
Version: 1.5.1
|
||||
Release: 35
|
||||
Release: 39
|
||||
%define srcRoot krb5-1.5.1
|
||||
Summary: MIT Kerberos5 Implementation--Documentation
|
||||
License: X11/MIT
|
||||
|
||||
14
krb5.changes
14
krb5.changes
@ -1,7 +1,19 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 10 11:16:30 CET 2007 - mc@suse.de
|
||||
|
||||
- fix for
|
||||
kadmind (via RPC library) calls uninitialized function pointer
|
||||
(CVE-2006-6143)(Bug #225990)
|
||||
krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif
|
||||
- fix for
|
||||
kadmind (via GSS-API mechglue) frees uninitialized pointers
|
||||
(CVE-2006-6144)(Bug #225992)
|
||||
krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 2 14:53:33 CET 2007 - mc@suse.de
|
||||
|
||||
- Fix Requires in krb5-devel
|
||||
- Fix Requires in krb5-devel
|
||||
[Bug #231008]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
|
||||
15
krb5.spec
15
krb5.spec
@ -12,7 +12,7 @@
|
||||
|
||||
Name: krb5
|
||||
Version: 1.5.1
|
||||
Release: 26
|
||||
Release: 28
|
||||
BuildRequires: libcom_err
|
||||
%define srcRoot krb5-1.5.1
|
||||
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
|
||||
@ -31,6 +31,8 @@ Source4: EncryptWithMasterKey.c
|
||||
Patch1: krb5-1.5.1-fix-too-few-arguments.dif
|
||||
Patch2: krb5-1.4-compile_pie.dif
|
||||
Patch3: krb5-1.4-fix-segfault.dif
|
||||
Patch4: krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif
|
||||
Patch5: krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif
|
||||
Patch6: trunk-EncryptWithMasterKey.dif
|
||||
Patch12: warning-fix-util-support.dif
|
||||
Patch14: warning-fix-lib-crypto-des.dif
|
||||
@ -176,6 +178,8 @@ fi
|
||||
%patch1
|
||||
%patch2
|
||||
%patch3
|
||||
%patch4
|
||||
%patch5
|
||||
%patch6
|
||||
cd %{_builddir}/%{srcRoot}/src
|
||||
%patch12
|
||||
@ -480,6 +484,15 @@ rm -rf %{buildroot}
|
||||
%{_mandir}/man1/krb5-config.1*
|
||||
|
||||
%changelog -n krb5
|
||||
* Wed Jan 10 2007 - mc@suse.de
|
||||
- fix for
|
||||
kadmind (via RPC library) calls uninitialized function pointer
|
||||
(CVE-2006-6143)(Bug #225990)
|
||||
krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif
|
||||
- fix for
|
||||
kadmind (via GSS-API mechglue) frees uninitialized pointers
|
||||
(CVE-2006-6144)(Bug #225992)
|
||||
krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif
|
||||
* Tue Jan 02 2007 - mc@suse.de
|
||||
- Fix Requires in krb5-devel
|
||||
[Bug #231008]
|
||||
|
||||
Loading…
Reference in New Issue
Block a user