Summary: | <app-crypt/mit-krb5-1.11.4 : multi-realm KDC null dereference leads to crash (CVE-2013-1418) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | kerberos |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1026942 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-11-07 08:30:08 UTC
+*mit-krb5-1.11.4 (09 Nov 2013) + + 09 Nov 2013; Eray Aslan <eras@gentoo.org> +mit-krb5-1.11.4.ebuild: + Security bump - bug #490668 + @security: Please stabilise =app-crypt/mit-krb5-1.11.4. Thank you. Arches, please test and mark stable: =app-crypt/mit-krb5-1.11.4 Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" Stable for HPPA. ia64 stable ppc stable ppc64 stable alpha stable x86 stable amd64 stable arm stable sparc stable. Maintainer(s), please cleanup. Security, please vote. Maintainer(s), thank you for cleanup. Added to existing request. CVE-2013-1418 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1418): The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. GLSA vote: yes. Whoops, didn't see that I had already added this. Fail. This issue was resolved and addressed in GLSA 201312-12 at http://security.gentoo.org/glsa/glsa-201312-12.xml by GLSA coordinator Sergey Popov (pinkbyte). |