PKINIT null pointer deref [CVE-2013-1415] Don't dereference a null pointer when cleaning up. The KDC plugin for PKINIT can dereference a null pointer when a malformed packet causes processing to terminate early, leading to a crash of the KDC process. An attacker would need to have a valid PKINIT certificate or have observed a successful PKINIT authentication, or an unauthenticated attacker could execute the attack if anonymous PKINIT is enabled. CVSSv2 vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:P/RL:O/RC:C This bug has been present since the initial import of PKINIT for 1.6.3; all later releases are affected.
+*mit-krb5-1.11.1 (22 Feb 2013) + + 22 Feb 2013; Eray Aslan <eras@gentoo.org> +mit-krb5-1.11.1.ebuild: + Security bump - bug #458712 + @security: We can stabilize =app-crypt/mit-krb5-1.11.1. But please note that a bunch of keywords are missing (see bug #412489). Thanks.
As requested by Ago on irc: Arches, please test and mark stable =app-crypt/mit-krb5-1.11.1. Thank you. Target keywords: alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos
amd64 stable
x86 stable
ppc stable
ppc64 stable
arm stable
alpha stable
ia64 stable
s390 stable
sparc stable
hppa stable
CVE-2013-1415 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1415): The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.
sh stable
Ready for vote, I vote NO.
GLSA vote: no. Closing noglsa.