Summary: | app-crypt/mit-krb5 buffer overflows in krb5_aname_to_localname | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Dan Margolis (RETIRED) <krispykringle> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | netmon |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-001-an_to_ln.txt | ||
Whiteboard: | C0 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Dan Margolis (RETIRED)
2004-06-01 18:59:48 UTC
Patch for 1.3.3 available at : http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-001-an_to_ln.txt netmon : please apply patch and bump to 1.3.3-r1 kerberos vuln.. who would of ever guessed Patch has been recently updated at given URL. netmon does not have much time for the moment, so security can apply patch with their blessing. If anyone with commit feels like it... netmon herd : if you have more disponibilities now to patch this, as noone in the security team stepped up yet... We are getting quite late. Sorry this took so long; I haven't done any security-related bugs before, but seeing as no one else has worked on this, could everyone please test 1.3.3-r1 which I just put into portage with the suggested patch? Thank you Jon. Adding all arches for testing : please test and mark app-crypt/mit-krb5-1.3.3-r1 stable. Stable on alpha. Stable on sparc. Stable on hppa. GLSA drafted: security please review. x86 ppc amd64 please mark stable asap. sorry for delay, marked arm stable btw, wtf is this for: CFLAGS=`echo ${CFLAGS} | xargs` CXXFLAGS=`echo ${CXXFLAGS} | xargs` LDFLAGS=`echo ${LDFLAGS} | xargs` We're getting very late on that one. Other distributions have advisories out since June 2... x86, ppc, amd64 : please mark stable so that the GLSA can go out... or report why you can't mark stable. I have tested this on stable x86 servers and other systems- it works fine. I marked it stable on x86 since I got tired of waiting. stable on amd64. Stable on mips yesterday, removing CC. Eventually marked ppc, sorry but I was busy This is ready for GLSA publication. ia64,ppc64,s390 : don't forget to mark stable to benefit from the GLSA. glsa 200406-21 1.3.1-r1 marked stable on ppc64 |