From URL: Vulnerability type: Buffer overflow Versions affected: All versions prior to 4.8 Versions fixed: 4.9 and later Discovered: 2020-03-02 Public announcement: 2009-03-30 CVE ID: CVE-2020-10595 During a refactor of my pam-krb5 Kerberos PAM module, I discovered a single byte buffer overflow that had been there since either the first version of the module or very early in its development. During prompting initiated by the Kerberos library, an attacker who enters a response exactly as long as the length of the buffer provided by the underlying Kerberos library will cause pam-krb5 to write a single nul byte past the end of that buffer. ---- See URL for more info.
@maintainer(s), please create an appropriate ebuild
*** Bug 711840 has been marked as a duplicate of this bug. ***
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1bca9f938e3b08bafcb35c882398c8b130015b08 commit 1bca9f938e3b08bafcb35c882398c8b130015b08 Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2020-04-02 08:02:23 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2020-04-02 08:02:23 +0000 sys-auth/pam_krb5: security bump to 4.9 Bug: https://bugs.gentoo.org/715606 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Eray Aslan <eras@gentoo.org> sys-auth/pam_krb5/Manifest | 1 + sys-auth/pam_krb5/pam_krb5-4.9.ebuild | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+)
@maintainer(s), please advise if ready for stabilisation, or call yourself
Arches, please test and mark stable =sys-auth/pam_krb5-4.9 Target Keywords = ~alpha amd64 arm ~hppa ~ia64 ppc ppc64 ~s390 ~sparc x86
This is an automatic message. @maintainer(s): I'm getting test-failure(s) (that were already reported) on amd64. If you want the package to pass my CI environment and got stabilized, please carry out the necessary operations to make sure that src_test() won't fail. Thanks.
(In reply to Agostino Sarubbo from comment #6) > @maintainer(s): > I'm getting test-failure(s) (that were already reported) on amd64. If you > want the package to pass my CI environment and got stabilized, please carry > out the necessary operations to make sure that src_test() won't fail. Did you have mit-krb5 or heimdal installed when running the tests? I think known problem of test failure when kerberos is not installed.
(In reply to Eray Aslan from comment #7) > Did you have mit-krb5 or heimdal installed when running the tests? I think > known problem of test failure when kerberos is not installed. and I mean configured - not installed in the above comment. sorry. the failing test needs a /etc/krb5.conf if I am not mistaken. in other words, tests fail if kerberos is installed but not configured. anyway, added RESTRICT="test" for now
amd64 stable
ppc stable
ppc64 stable
x86 stable
arm stable. Maintainer(s), please cleanup. Security, please vote.
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=311371918f8e7165027abb59e413f1d53033e926 commit 311371918f8e7165027abb59e413f1d53033e926 Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2020-04-15 16:55:52 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2020-04-15 16:55:52 +0000 sys-auth/pam_krb5: remove vulnerable Bug: https://bugs.gentoo.org/715606 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Eray Aslan <eras@gentoo.org> sys-auth/pam_krb5/Manifest | 2 -- sys-auth/pam_krb5/pam_krb5-4.6.ebuild | 34 ---------------------------------- sys-auth/pam_krb5/pam_krb5-4.7.ebuild | 35 ----------------------------------- 3 files changed, 71 deletions(-)
hppa stable
sparc stable
