322709 – (CVE-2010-1321) <app-crypt/heimdal-1.3.3: GSS-API checksum [CVE-2010-1321] and NULL pointer deference error

Bug 322709 (CVE-2010-1321) - <app-crypt/heimdal-1.3.3: GSS-API checksum [CVE-2010-1321] and NULL pointer deference error

Summary: <app-crypt/heimdal-1.3.3: GSS-API checksum [CVE-2010-1321] and NULL pointer d...

Status:	RESOLVED FIXED

Alias:	CVE-2010-1321

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:	323893
Blocks:
	Show dependency tree

Reported:	2010-06-04 06:12 UTC by Eray Aslan
Modified:	2011-01-03 20:47 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
heimdal and sys-libs/db-5.0 compatibility patch (heimdal_db5.patch,923 bytes, text/plain) 2010-06-04 06:17 UTC, Eray Aslan	no flags	Details
heimdal_testsuite.patch (heimdal_testsuite.patch,11.65 KB, text/plain) 2010-06-04 06:18 UTC, Eray Aslan	no flags	Details
heimdal_testsuite_extra.patch (heimdal_testsuite_extra.patch,2.29 KB, text/plain) 2010-06-04 06:18 UTC, Eray Aslan	no flags	Details
heimdal_disable-check-iprop.patch (heimdal_disable-check-iprop.patch,577 bytes, text/plain) 2010-06-04 06:19 UTC, Eray Aslan	no flags	Details
heimdal-1.3.3.ebuild (heimdal-1.3.3.ebuild,2.65 KB, text/plain) 2010-06-04 06:27 UTC, Eray Aslan	no flags	Details
new and improved (not really, but still this one feels better) (heimdal_testsuite_extra.patch,2.30 KB, text/plain) 2010-06-05 06:39 UTC, Eray Aslan	no flags	Details
heimdal-1.3.3.ebuild (heimdal-1.3.3.ebuild,2.93 KB, text/plain) 2010-06-06 05:12 UTC, Eray Aslan	no flags	Details
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Eray Aslan gentoo-dev

2010-06-04 06:12:43 UTC

Release Notes - Heimdal - Version Heimdal 1.3.3

Bugs fixes

 - Check the GSS-API checksum exists before trying to use it [CVE-2010-1321]
 - Check NULL pointers before dereference them [kdc]
 - Bug fixes

Two of the fixes are security related bugs and upgrade is in order.

Reproducible: Always

Comment 1 Eray Aslan gentoo-dev

2010-06-04 06:17:33 UTC

Created attachment 234069 [details]
heimdal and sys-libs/db-5.0 compatibility patch

Comment 2 Eray Aslan gentoo-dev

2010-06-04 06:18:21 UTC

Created attachment 234071 [details]
heimdal_testsuite.patch

Comment 3 Eray Aslan gentoo-dev

2010-06-04 06:18:52 UTC

Created attachment 234073 [details]
heimdal_testsuite_extra.patch

Comment 4 Eray Aslan gentoo-dev

2010-06-04 06:19:13 UTC

Created attachment 234075 [details]
heimdal_disable-check-iprop.patch

Comment 5 Eray Aslan gentoo-dev

2010-06-04 06:27:29 UTC

Created attachment 234077 [details]
heimdal-1.3.3.ebuild

Changelog:

Version bump - bug #322709. Berkeley DB-5.0 compatibility - bug #319673. Working FEATURES=test.  Ldap schema name changed to hdb.schema to follow upstream.  eautoreconf not necessary.

Comment 6 Eray Aslan gentoo-dev

2010-06-05 06:39:18 UTC

Created attachment 234163 [details]
new and improved (not really, but still this one feels better)

Comment 7 Eray Aslan gentoo-dev

2010-06-06 05:12:32 UTC

Created attachment 234275 [details]
heimdal-1.3.3.ebuild

ewarn added for schema name change.

Comment 8 Jeremy Olexa (darkside) (RETIRED) archtester

2010-06-11 16:10:41 UTC

As an improvement for next time, please name patches in the ${P}-<function>.patch syntax. :)

+*heimdal-1.3.3 (11 Jun 2010)
+
+  11 Jun 2010; Jeremy Olexa <darkside@gentoo.org> +files/heimdal_db5.patch,
+  +heimdal-1.3.3.ebuild, +files/heimdal_disable-check-iprop.patch,
+  +files/heimdal_testsuite.patch, +files/heimdal_testsuite_extra.patch:
+  Version bump - security bug #322709. Berkeley DB-5.0 compatibility - bug
+  #319673. Working FEATURES=test. Ldap schema name changed to hdb.schema to
+  follow upstream. eautoreconf not necessary.

Leaving open for security team to handle.

Comment 9 Matthias Geerdsen (RETIRED) gentoo-dev

2010-06-13 16:31:57 UTC

arches, please test the following ebuilds and mark stable if possible:

=app-crypt/heimdal-1.3.3
TARGET KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"

Comment 10 Paweł Hajdan, Jr. (RETIRED) gentoo-dev

2010-06-14 20:06:15 UTC

x86 stable

Comment 11 Jeroen Roovers (RETIRED) gentoo-dev

2010-06-21 20:01:35 UTC

Nice to see the test suite is finally working. Stable for HPPA.

Comment 12 Christoph Mende (RETIRED) gentoo-dev

2010-06-23 21:47:18 UTC

amd64 stable

Comment 13 Tobias Klausmann (RETIRED) gentoo-dev

2010-07-11 10:06:33 UTC

Stable on alpha.

Comment 14 Jeremy Olexa (darkside) (RETIRED) archtester

2010-07-14 15:21:34 UTC

(cleaning my bug queue, Eray can add me to CC for future requests)

Comment 15 Raúl Porcel (RETIRED) gentoo-dev

2010-07-22 19:20:46 UTC

arm/ia64/m68k/s390/sh/sparc stable

Comment 16 Joe Jezak (RETIRED) gentoo-dev

2010-08-11 22:22:23 UTC

Already stable on ppc/ppc64.

Comment 17 Tim Sammut (RETIRED) gentoo-dev

2010-11-20 23:08:03 UTC

GLSA Vote: Yes.

Comment 18 Stefan Behte (RETIRED) gentoo-dev

2010-11-21 16:29:59 UTC

Vote: NO, just DoS according to http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt

Comment 19 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2011-01-03 20:47:30 UTC

DoS only according to URL above so GLSA Vote: no -> Closing. Feel free to reopen if you disagree.