CVE-2021-36222: ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.
@eras, could you bump to 1.19.2? thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c77d11611eb26edc2cbe27fe6ce33b69d151f0c7 commit c77d11611eb26edc2cbe27fe6ce33b69d151f0c7 Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2021-07-28 15:48:13 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2021-07-28 15:48:13 +0000 app-crypt/mit-krb5: security bump to 1.19.2 Bug: https://bugs.gentoo.org/803434 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Eray Aslan <eras@gentoo.org> app-crypt/mit-krb5/Manifest | 1 + app-crypt/mit-krb5/mit-krb5-1.19.2.ebuild | 161 ++++++++++++++++++++++++++++++ 2 files changed, 162 insertions(+)
sparc stable
Thanks eras!
amd64 stable
ppc stable
ppc64 stable
x86 done
arm done
hppa done
arm64 done all arches done
Please cleanup, thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=98dc35e8c0f276aa167465b5e7636e8a975beaed commit 98dc35e8c0f276aa167465b5e7636e8a975beaed Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2021-08-02 10:35:50 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2021-08-02 10:35:50 +0000 app-crypt/mit-krb5: cleanup Bug: https://bugs.gentoo.org/803434 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Eray Aslan <eras@gentoo.org> app-crypt/mit-krb5/Manifest | 3 - app-crypt/mit-krb5/files/CVE-2020-28196.patch | 71 --------- .../files/mit-krb5-1.18.2-autoconf-2.70.patch | 35 ----- .../mit-krb5/files/mit-krb5_dont_create_run.patch | 10 -- app-crypt/mit-krb5/mit-krb5-1.18.2-r4.ebuild | 166 --------------------- app-crypt/mit-krb5/mit-krb5-1.18.3-r2.ebuild | 164 -------------------- app-crypt/mit-krb5/mit-krb5-1.19.1-r1.ebuild | 161 -------------------- 7 files changed, 610 deletions(-)
Unable to check for sanity: > no match for package: app-crypt/mit-krb5-1.19.2