Summary: | <app-crypt/mit-krb5-1.9.2-r1 DoS (CVE-2011-1530) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Paul B. Henson <henson> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | kerberos |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-007.txt | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Paul B. Henson
2011-12-06 19:46:11 UTC
+*mit-krb5-1.9.2-r1 (07 Dec 2011) + + 07 Dec 2011; Eray Aslan <eras@gentoo.org> +mit-krb5-1.9.2-r1.ebuild, + +files/CVE-2011-1530.patch: + security bump - bug #393429 + @security: Please stabilize =app-crypt/mit-krb5-1.9.2-r1. Thank you. Thanks, Eray. Arches, please test and mark stable: =app-crypt/mit-krb5-1.9.2-r1 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" amd64 ok Stable for HPPA. x86 stable alpha/arm/ia64/s390/sh/sparc stable Stable for AMD64 CVE-2011-1530 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1530): The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error. ppc/ppc64 done @Security, please proceed to vote. Thanks, folks. GLSA Vote: yes. GLSA vote: yes. Adding to existing request. This issue was resolved and addressed in GLSA 201201-13 at http://security.gentoo.org/glsa/glsa-201201-13.xml by GLSA coordinator Sean Amoss (ackle). |