aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2016-05-06 08:23:21 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2016-05-06 08:23:21 +0000
commit76d6eeeed0cdb56f21582ac13cede79f99bdc294 (patch)
treeb7381dbcf90ea9ce038ee25a058a6c63a2b21b27
parentd8c1f3e3df397ebd97c489d226fb997eb28cea07 (diff)
downloadaports-76d6eeeed0cdb56f21582ac13cede79f99bdc294.tar.bz2
aports-76d6eeeed0cdb56f21582ac13cede79f99bdc294.tar.xz
main/krb5: security fix (CVE-2016-3119). Fixes #5457
-rw-r--r--main/krb5/APKBUILD6
-rw-r--r--main/krb5/CVE-2016-3119.patch38
2 files changed, 43 insertions, 1 deletions
diff --git a/main/krb5/APKBUILD b/main/krb5/APKBUILD
index d656741cef..46dea5f217 100644
--- a/main/krb5/APKBUILD
+++ b/main/krb5/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=krb5
pkgver=1.12.4
-pkgrel=1
+pkgrel=2
pkgdesc="The Kerberos network authentication system"
url="http://web.mit.edu/kerberos/www/"
@@ -27,6 +27,7 @@ source="http://web.mit.edu/kerberos/dist/krb5/${pkgver%.*}/krb5-$pkgver-signed.t
CVE-2015-8629.patch
CVE-2015-8630.patch
CVE-2015-8631.patch
+ CVE-2016-3119.patch
krb5kadmind.initd
krb5kdc.initd
@@ -136,6 +137,7 @@ fc1b1bab6d738ec9b21481958d203ea7 Fix-SPNEGO-context-import.patch
51bfc721a58e4dd28ebcf2f600ff3455 CVE-2015-8629.patch
f8b6f512f94dcad5bfdc1250beaf2d11 CVE-2015-8630.patch
380b86bdaa1303a6bc7b0cc3672c3e43 CVE-2015-8631.patch
+4c1026deb45e9d6f2daf70198806908b CVE-2016-3119.patch
29906e70e15025dda8b315d8209cab4c krb5kadmind.initd
47efe7f24c98316d38ea46ad629b3517 krb5kdc.initd
3e0b8313c1e5bfb7625f35e76a5e53f1 krb5kpropd.initd"
@@ -152,6 +154,7 @@ f0a15e9805f4d33e6dfa6985aba5fa89727a7be9eb0344bea88a3151999229a5 CVE-2015-2698.
6c462dfa8202be953d3b9dc2acecb94b3576663caf7a1ceb1275b1dcb6b11171 CVE-2015-8629.patch
d87154deff5284b1a22d0c31de1b3c6276e4c2a94d7951b3cb31ed1b2ef405da CVE-2015-8630.patch
7c1860aeba4b0712b1fd0b46ed6acc882f36a5b5b7cbcaa8e496baca65bc881a CVE-2015-8631.patch
+77b1fc7ce4ba5fd6360204e023a8984799b38252d60bac9d988011067b851f78 CVE-2016-3119.patch
c7a1ec03472996daaaaf1a4703566113c80f72ee8605d247098a25a13dad1f5f krb5kadmind.initd
709309dea043aa306c2fcf0960e0993a6db540c220de64cf92d6b85f1cca23c5 krb5kdc.initd
86b15d691e32b331ac756ee368b7364de6ab238dcae5adfed2a00b57d1b64ef4 krb5kpropd.initd"
@@ -168,6 +171,7 @@ beda374243c5db14f2de5c988443c9b3f4f03dd69e5ac5127851010b52f4d76ed43489f721f04d54
a4791794fc8cd675605ed0f9d39b099b2e83713c7038648529906490c36b1e92739f05ba6f5a1be9923459a01b45ffb04129e23313873fea2fd41c45f7f42f90 CVE-2015-8629.patch
c91415ff810ea1b3d8ba80d005bc40bb3595be4b7610b69d6c8c97bdcb290c1eb400997ccb091863d558bfb8a4cbb8f00557a690f60c0ada700ba76194960b0a CVE-2015-8630.patch
59b70cf6aa3f462fe8dab0f02e7f649f9615c5e40ad43517a9b9febd2c5d87b0d38f3e620ad6dd006c9ecbc9a4bbcab39655e518c6d37fbe74f40a888545ae79 CVE-2015-8631.patch
+0c2bdab9b93e48c3f2c06dbd3196bc1e5aad7b9b969c1b43e1147d8885d78206854900a78d32f4a5813bc0e3297e6bfec344f2878025c02be94d9675f04e8268 CVE-2016-3119.patch
561af06b4e0f0e130dda345ad934bcdb9984ec00cc38d871df1d3bb3f9e1c7d86f06db5b03229707c88b96ad324e3a2222420f8494aa431002cacea0246b1153 krb5kadmind.initd
d6d0076886ce284fc395fafc2dc253b4b3ee97b2986dea51388d96a1e1294680fb171f475efc7844559e2c6aac44b26678a9255921db9a58dcf2e7164f0aeec5 krb5kdc.initd
f97d33fa977c132a470d95fd539d8e8db018e03f28dbc9d3e04faf78ebb7392196e7d5135f138c2390979bf37b3ae0265e6827f0c17b44b277eb2dfff0a96f77 krb5kpropd.initd"
diff --git a/main/krb5/CVE-2016-3119.patch b/main/krb5/CVE-2016-3119.patch
new file mode 100644
index 0000000000..4e94534e98
--- /dev/null
+++ b/main/krb5/CVE-2016-3119.patch
@@ -0,0 +1,38 @@
+From 08c642c09c38a9c6454ab43a9b53b2a89b9eef99 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Mon, 14 Mar 2016 17:26:34 -0400
+Subject: [PATCH] Fix LDAP null deref on empty arg [CVE-2016-3119]
+
+In the LDAP KDB module's process_db_args(), strtok_r() may return NULL
+if there is an empty string in the db_args array. Check for this case
+and avoid dereferencing a null pointer.
+
+CVE-2016-3119:
+
+In MIT krb5 1.6 and later, an authenticated attacker with permission
+to modify a principal entry can cause kadmind to dereference a null
+pointer by supplying an empty DB argument to the modify_principal
+command, if kadmind is configured to use the LDAP KDB module.
+
+ CVSSv2 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C/E:H/RL:OF/RC:ND
+
+ticket: 8383 (new)
+target_version: 1.14-next
+target_version: 1.13-next
+tags: pullup
+---
+ src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+index 6e591e1..79c4cf0 100644
+--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
++++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+@@ -296,6 +296,7 @@ process_db_args(krb5_context context, char **db_args, xargs_t *xargs,
+ if (db_args) {
+ for (i=0; db_args[i]; ++i) {
+ arg = strtok_r(db_args[i], "=", &arg_val);
++ arg = (arg != NULL) ? arg : "";
+ if (strcmp(arg, TKTPOLICY_ARG) == 0) {
+ dptr = &xargs->tktpolicydn;
+ } else {