From https://bugzilla.redhat.com/show_bug.cgi?id=1121877: A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. An unauthenticated attacker could use this flaw to crash the server acceptor. It is reported that this issue affects version 1.5 and later. Upstream commit and further details: https://github.com/krb5/krb5/commit/524688ce87a15fc75f87efc8c039ba4c7d5c197b From https://bugzilla.redhat.com/show_bug.cgi?id=1121876: A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. It is reported that this issue affects version 1.10 and later. Upstream commit and further details: https://github.com/krb5/krb5/commit/f18ddf5d82de0ab7591a36e465bc24225776940f @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
+*mit-krb5-1.12.1-r2 (25 Jul 2014) + + 25 Jul 2014; Eray Aslan <eras@gentoo.org> +files/CVE-2014-4343.patch, + +files/CVE-2014-4344.patch, +mit-krb5-1.12.1-r2.ebuild: + Security bump - bug #517936 + Arches, please go ahead and stabilize =app-crypt/mit-krb5-1.12.1-r2. This is a multilib version and will need some dependency stabilization as well. Thanks.
Arches, please test and mark stable: =app-crypt/mit-krb5-1.12.1-r2 Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 spark x86" Thank you!
Created attachment 381726 [details] build.log for mit-krb5-1.12.1-r2 on x32 The fix breaks building on x32 with: architecture of input file `builtin/aes/iaesx64.so' is incompatible with i386:x64-32 output Full build.log attached. Ping me on irc if you need more info. Denis.
Stable on alpha.
amd64 stable
x86 stable
arm stable
Stable for HPPA.
ppc stable
ppc64 stable
ia64 stable
sparc stable. Maintainer(s), please cleanup. Security, please vote.
Maintainer(s), Thank you for cleanup! GLSA Vote: Yes
CVE-2014-4343 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4343): Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.
Added to existing glsa draft.
This issue was resolved and addressed in GLSA 201412-53 at http://security.gentoo.org/glsa/glsa-201412-53.xml by GLSA coordinator Mikle Kolyada (Zlogene).
