Summary: | <app-crypt/mit-krb5-1.11.1: PKINIT null pointer deref (CVE-2013-1415) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Eray Aslan <eras> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | kerberos |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://mailman.mit.edu/pipermail/kerberos-announce/2013q1/000142.html | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Eray Aslan
2013-02-22 11:02:53 UTC
+*mit-krb5-1.11.1 (22 Feb 2013) + + 22 Feb 2013; Eray Aslan <eras@gentoo.org> +mit-krb5-1.11.1.ebuild: + Security bump - bug #458712 + @security: We can stabilize =app-crypt/mit-krb5-1.11.1. But please note that a bunch of keywords are missing (see bug #412489). Thanks. As requested by Ago on irc: Arches, please test and mark stable =app-crypt/mit-krb5-1.11.1. Thank you. Target keywords: alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos amd64 stable x86 stable ppc stable ppc64 stable arm stable alpha stable ia64 stable s390 stable sparc stable hppa stable CVE-2013-1415 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1415): The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request. sh stable Ready for vote, I vote NO. GLSA vote: no. Closing noglsa. |