Summary: | <app-crypt/mit-krb5-appl-1.0.2-r1 : telnetd Buffer Overflow Vulnerability (CVE-2011-4862) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Eray Aslan <eras> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | kerberos |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-008.txt | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Eray Aslan
2011-12-26 21:36:48 UTC
+*mit-krb5-appl-1.0.2-r1 (26 Dec 2011) + + 26 Dec 2011; Eray Aslan <eras@gentoo.org> +mit-krb5-appl-1.0.2-r1.ebuild, + +files/CVE-2011-4862.patch: + security bump - bug #396137 + @security: Please stabilize =app-crypt/mit-krb5-appl-1.0.2-r1. Thank you. Thanks Eray. Arches, please test and mark stable: =app-crypt/mit-krb5-appl-1.0.2-r1 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" @Eras, missing sys-libs/e2fsprogs-libs and sys-libs/ncurses as RDEPEND. amd64 stable (In reply to comment #3) > @Eras, missing sys-libs/e2fsprogs-libs and sys-libs/ncurses as RDEPEND. Indeed. Added. Thank you. ppc/ppc64 done Stable for HPPA. CVE-2011-4862 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4862): Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, and Heimdal 1.5.1 and earlier allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. x86 stable alpha/arm/ia64/m68k/s390/sh/sparc stable Thanks, everyone. Filed GLSA request. This issue was resolved and addressed in GLSA 201201-14 at http://security.gentoo.org/glsa/glsa-201201-14.xml by GLSA coordinator Sean Amoss (ackle). |