Summary: | <app-crypt/mit-krb5-1.16: forged certificate allows improper authorization (CVE-2017-7562) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Aleksandr Wagner (Kivak) <alwag> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | kerberos |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1485510 | ||
Whiteboard: | B4 [noglsa cve] | ||
Package list: |
app-crypt/mit-krb5-1.16
|
Runtime testing required: | --- |
Description
Aleksandr Wagner (Kivak)
2017-08-25 22:16:24 UTC
This is fixed upstream in mit-krb5-1.16 which has released on 2017-12-05. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4a050c738af81bb82e7b640667f08e3199c5ca1 commit f4a050c738af81bb82e7b640667f08e3199c5ca1 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-01-26 21:07:00 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-01-26 21:07:29 +0000 app-crypt/mit-krb5: bump, fixes CVE-2017-7562 Ebuild changes: =============== - Dropped the following upstreamed patches which are now included in v1.16: - mit-krb5-1.14.2-redeclared-ttyname.patch - mit-krb5-1.14.4-disable-nls.patch - mit-krb5-1.15.2-fix-pkinit.patch - We are now installing systemd services. [Bug 524412] - Tests are now restricted because they are requiring network access. Closes: https://bugs.gentoo.org/524412 Bug: https://bugs.gentoo.org/628936 Package-Manager: Portage-2.3.20, Repoman-2.3.6 app-crypt/mit-krb5/Manifest | 1 + app-crypt/mit-krb5/files/mit-krb5kadmind.service | 8 ++ app-crypt/mit-krb5/files/mit-krb5kdc.service | 9 ++ app-crypt/mit-krb5/files/mit-krb5kpropd.service | 8 ++ app-crypt/mit-krb5/files/mit-krb5kpropd.socket | 9 ++ app-crypt/mit-krb5/files/mit-krb5kpropd_at.service | 8 ++ app-crypt/mit-krb5/mit-krb5-1.16.ebuild | 155 +++++++++++++++++++++ 7 files changed, 198 insertions(+)} @arches, please stabilize. ppc64 stable ppc stable ia64 stable not newstabling arm64 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c476eeeae26a5ac514e5769e9a9a5346a6f21349 commit c476eeeae26a5ac514e5769e9a9a5346a6f21349 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-03-29 01:37:10 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-03-29 01:37:10 +0000 app-crypt/mit-krb5: amd64 stable Bug: https://bugs.gentoo.org/628936 Package-Manager: Portage-2.3.26, Repoman-2.3.7 app-crypt/mit-krb5/mit-krb5-1.16.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)} x86 stable Stable on alpha. arm stable hppa stable GLSA Vote: No Cleanup will happen in bug 628936 (In reply to Aaron Bauman from comment #13) > GLSA Vote: No > > Cleanup will happen in bug 628936 bug 649610 rather |