diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-05-06 08:23:21 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-05-06 08:23:21 +0000 |
commit | 76d6eeeed0cdb56f21582ac13cede79f99bdc294 (patch) | |
tree | b7381dbcf90ea9ce038ee25a058a6c63a2b21b27 | |
parent | d8c1f3e3df397ebd97c489d226fb997eb28cea07 (diff) | |
download | aports-76d6eeeed0cdb56f21582ac13cede79f99bdc294.tar.bz2 aports-76d6eeeed0cdb56f21582ac13cede79f99bdc294.tar.xz |
main/krb5: security fix (CVE-2016-3119). Fixes #5457
-rw-r--r-- | main/krb5/APKBUILD | 6 | ||||
-rw-r--r-- | main/krb5/CVE-2016-3119.patch | 38 |
2 files changed, 43 insertions, 1 deletions
diff --git a/main/krb5/APKBUILD b/main/krb5/APKBUILD index d656741cef..46dea5f217 100644 --- a/main/krb5/APKBUILD +++ b/main/krb5/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=krb5 pkgver=1.12.4 -pkgrel=1 +pkgrel=2 pkgdesc="The Kerberos network authentication system" url="http://web.mit.edu/kerberos/www/" @@ -27,6 +27,7 @@ source="http://web.mit.edu/kerberos/dist/krb5/${pkgver%.*}/krb5-$pkgver-signed.t CVE-2015-8629.patch CVE-2015-8630.patch CVE-2015-8631.patch + CVE-2016-3119.patch krb5kadmind.initd krb5kdc.initd @@ -136,6 +137,7 @@ fc1b1bab6d738ec9b21481958d203ea7 Fix-SPNEGO-context-import.patch 51bfc721a58e4dd28ebcf2f600ff3455 CVE-2015-8629.patch f8b6f512f94dcad5bfdc1250beaf2d11 CVE-2015-8630.patch 380b86bdaa1303a6bc7b0cc3672c3e43 CVE-2015-8631.patch +4c1026deb45e9d6f2daf70198806908b CVE-2016-3119.patch 29906e70e15025dda8b315d8209cab4c krb5kadmind.initd 47efe7f24c98316d38ea46ad629b3517 krb5kdc.initd 3e0b8313c1e5bfb7625f35e76a5e53f1 krb5kpropd.initd" @@ -152,6 +154,7 @@ f0a15e9805f4d33e6dfa6985aba5fa89727a7be9eb0344bea88a3151999229a5 CVE-2015-2698. 6c462dfa8202be953d3b9dc2acecb94b3576663caf7a1ceb1275b1dcb6b11171 CVE-2015-8629.patch d87154deff5284b1a22d0c31de1b3c6276e4c2a94d7951b3cb31ed1b2ef405da CVE-2015-8630.patch 7c1860aeba4b0712b1fd0b46ed6acc882f36a5b5b7cbcaa8e496baca65bc881a CVE-2015-8631.patch +77b1fc7ce4ba5fd6360204e023a8984799b38252d60bac9d988011067b851f78 CVE-2016-3119.patch c7a1ec03472996daaaaf1a4703566113c80f72ee8605d247098a25a13dad1f5f krb5kadmind.initd 709309dea043aa306c2fcf0960e0993a6db540c220de64cf92d6b85f1cca23c5 krb5kdc.initd 86b15d691e32b331ac756ee368b7364de6ab238dcae5adfed2a00b57d1b64ef4 krb5kpropd.initd" @@ -168,6 +171,7 @@ beda374243c5db14f2de5c988443c9b3f4f03dd69e5ac5127851010b52f4d76ed43489f721f04d54 a4791794fc8cd675605ed0f9d39b099b2e83713c7038648529906490c36b1e92739f05ba6f5a1be9923459a01b45ffb04129e23313873fea2fd41c45f7f42f90 CVE-2015-8629.patch c91415ff810ea1b3d8ba80d005bc40bb3595be4b7610b69d6c8c97bdcb290c1eb400997ccb091863d558bfb8a4cbb8f00557a690f60c0ada700ba76194960b0a CVE-2015-8630.patch 59b70cf6aa3f462fe8dab0f02e7f649f9615c5e40ad43517a9b9febd2c5d87b0d38f3e620ad6dd006c9ecbc9a4bbcab39655e518c6d37fbe74f40a888545ae79 CVE-2015-8631.patch +0c2bdab9b93e48c3f2c06dbd3196bc1e5aad7b9b969c1b43e1147d8885d78206854900a78d32f4a5813bc0e3297e6bfec344f2878025c02be94d9675f04e8268 CVE-2016-3119.patch 561af06b4e0f0e130dda345ad934bcdb9984ec00cc38d871df1d3bb3f9e1c7d86f06db5b03229707c88b96ad324e3a2222420f8494aa431002cacea0246b1153 krb5kadmind.initd d6d0076886ce284fc395fafc2dc253b4b3ee97b2986dea51388d96a1e1294680fb171f475efc7844559e2c6aac44b26678a9255921db9a58dcf2e7164f0aeec5 krb5kdc.initd f97d33fa977c132a470d95fd539d8e8db018e03f28dbc9d3e04faf78ebb7392196e7d5135f138c2390979bf37b3ae0265e6827f0c17b44b277eb2dfff0a96f77 krb5kpropd.initd" diff --git a/main/krb5/CVE-2016-3119.patch b/main/krb5/CVE-2016-3119.patch new file mode 100644 index 0000000000..4e94534e98 --- /dev/null +++ b/main/krb5/CVE-2016-3119.patch @@ -0,0 +1,38 @@ +From 08c642c09c38a9c6454ab43a9b53b2a89b9eef99 Mon Sep 17 00:00:00 2001 +From: Greg Hudson <ghudson@mit.edu> +Date: Mon, 14 Mar 2016 17:26:34 -0400 +Subject: [PATCH] Fix LDAP null deref on empty arg [CVE-2016-3119] + +In the LDAP KDB module's process_db_args(), strtok_r() may return NULL +if there is an empty string in the db_args array. Check for this case +and avoid dereferencing a null pointer. + +CVE-2016-3119: + +In MIT krb5 1.6 and later, an authenticated attacker with permission +to modify a principal entry can cause kadmind to dereference a null +pointer by supplying an empty DB argument to the modify_principal +command, if kadmind is configured to use the LDAP KDB module. + + CVSSv2 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C/E:H/RL:OF/RC:ND + +ticket: 8383 (new) +target_version: 1.14-next +target_version: 1.13-next +tags: pullup +--- + src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +index 6e591e1..79c4cf0 100644 +--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c ++++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +@@ -296,6 +296,7 @@ process_db_args(krb5_context context, char **db_args, xargs_t *xargs, + if (db_args) { + for (i=0; db_args[i]; ++i) { + arg = strtok_r(db_args[i], "=", &arg_val); ++ arg = (arg != NULL) ? arg : ""; + if (strcmp(arg, TKTPOLICY_ARG) == 0) { + dptr = &xargs->tktpolicydn; + } else { |