Summary: | <app-crypt/mit-krb5-1.12.1-r2: two vulnerabilities (CVE-2014-4343) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | minor | CC: | calchan, kerberos | ||||
Priority: | Normal | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | B3 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Agostino Sarubbo
2014-07-24 07:55:46 UTC
+*mit-krb5-1.12.1-r2 (25 Jul 2014) + + 25 Jul 2014; Eray Aslan <eras@gentoo.org> +files/CVE-2014-4343.patch, + +files/CVE-2014-4344.patch, +mit-krb5-1.12.1-r2.ebuild: + Security bump - bug #517936 + Arches, please go ahead and stabilize =app-crypt/mit-krb5-1.12.1-r2. This is a multilib version and will need some dependency stabilization as well. Thanks. Arches, please test and mark stable: =app-crypt/mit-krb5-1.12.1-r2 Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 spark x86" Thank you! Created attachment 381726 [details]
build.log for mit-krb5-1.12.1-r2 on x32
The fix breaks building on x32 with:
architecture of input file `builtin/aes/iaesx64.so' is incompatible with i386:x64-32 output
Full build.log attached. Ping me on irc if you need more info.
Denis.
Stable on alpha. amd64 stable x86 stable arm stable Stable for HPPA. ppc stable ppc64 stable ia64 stable sparc stable. Maintainer(s), please cleanup. Security, please vote. Maintainer(s), Thank you for cleanup! GLSA Vote: Yes CVE-2014-4343 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4343): Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator. Added to existing glsa draft. This issue was resolved and addressed in GLSA 201412-53 at http://security.gentoo.org/glsa/glsa-201412-53.xml by GLSA coordinator Mikle Kolyada (Zlogene). |