From https://bugzilla.redhat.com/show_bug.cgi?id=1551083: A flaw was found in MIT krb5 1.6 or later, an authenticated kadmin user with permission to add principals to an LDAP Kerberos database can cause a null dereference in kadmind, or circumvent a DN container check, by supplying tagged data intended to be internal to the database module. Reference: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869 Upstream patch: https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1 From https://bugzilla.redhat.com/show_bug.cgi?id=1551082: A flaw was found in MIT krb5 1.6 or later, an authenticated kadmin user with permission to add principals to an LDAP Kerberos database can circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN. Reference: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869 Upstream patch: https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Arches, please test and mark stable =app-crypt/mit-krb5-1.16-r2 Target Keywords=alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh ~sparc x86
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=57ab8b39b04c721a46bd13e751e154f93006ea17 commit 57ab8b39b04c721a46bd13e751e154f93006ea17 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-04-14 16:19:05 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-04-14 16:28:08 +0000 app-crypt/mit-krb5: amd64 stable Bug: https://bugs.gentoo.org/649610 Package-Manager: Portage-2.3.28, Repoman-2.3.9 app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)}
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e1e14128f41ee993f0d861313849f4cbe1fe7e40 commit e1e14128f41ee993f0d861313849f4cbe1fe7e40 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-04-15 18:28:53 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-04-15 18:28:53 +0000 app-crypt/mit-krb5: stable 1.16-r2 for ia64, bug #649610 Bug: https://bugs.gentoo.org/649610 Package-Manager: Portage-2.3.28, Repoman-2.3.9 RepoMan-Options: --include-arches="ia64" app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)}
x86 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e3458d65b6058e5d7b20eeb3f73679e3ce7c437 commit 8e3458d65b6058e5d7b20eeb3f73679e3ce7c437 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-04-15 19:12:54 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-04-15 19:12:54 +0000 app-crypt/mit-krb5: stable 1.16-r2 for ppc64, bug #649610 Bug: https://bugs.gentoo.org/649610 Package-Manager: Portage-2.3.28, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc64" app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)}
arm stable
hppa stable
alpha stable
ppc stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f8add4b0c136d36326c4fd0b4bd9652d2f6c82b1 commit f8add4b0c136d36326c4fd0b4bd9652d2f6c82b1 Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2018-05-29 05:35:10 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2018-05-29 05:35:10 +0000 app-crypt/mit-krb5: remove vulnerable Bug: https://bugs.gentoo.org/649610 Package-Manager: Portage-2.3.40, Repoman-2.3.9 app-crypt/mit-krb5/mit-krb5-1.16.ebuild | 151 -------------------------------- 1 file changed, 151 deletions(-)
GLSA Vote: No
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7bbeb00ba4ff3e9d35fec18deb05597c3ee09b67 commit 7bbeb00ba4ff3e9d35fec18deb05597c3ee09b67 Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-06-18 16:29:30 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-18 18:30:55 +0000 app-crypt/mit-krb5: stable 1.16-r2 for sparc Bug: https://bugs.gentoo.org/649610 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" app-crypt/mit-krb5/mit-krb5-1.16-r2.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
