diff options
| author | Francesco Colista <fcolista@alpinelinux.org> | 2017-08-09 14:23:09 +0000 |
|---|---|---|
| committer | Francesco Colista <fcolista@alpinelinux.org> | 2017-08-09 14:46:33 +0000 |
| commit | 2df06885ab3c15d9f79cfe6f875bb7a8411745f9 (patch) | |
| tree | 3e7264a39213c456ef7782f58533e0ca42eb43cb | |
| parent | a179712065a4e2c4d237af7d0dc9b3862c73adaa (diff) | |
| download | aports-2df06885ab3c15d9f79cfe6f875bb7a8411745f9.tar.bz2 aports-2df06885ab3c15d9f79cfe6f875bb7a8411745f9.tar.xz | |
main/heimdal: fix for CVE-2017-11103. Fixes #7542
| -rw-r--r-- | main/heimdal/APKBUILD | 16 | ||||
| -rw-r--r-- | main/heimdal/CVE-2017-11103.patch | 32 |
2 files changed, 44 insertions, 4 deletions
diff --git a/main/heimdal/APKBUILD b/main/heimdal/APKBUILD index f4941ce113..737b940759 100644 --- a/main/heimdal/APKBUILD +++ b/main/heimdal/APKBUILD @@ -3,7 +3,7 @@ pkgname=heimdal pkgver=1.6_rc2 _ver=${pkgver/_rc/rc} -pkgrel=4 +pkgrel=5 pkgdesc="An implementation of Kerberos 5" arch="all" url="http://www.h5l.org/" @@ -29,10 +29,15 @@ source="http://ftp4.de.freesbie.org/pub/misc/heimdal/src/$pkgname-$_ver.tar.gz heimdal_missing-include.patch heimdal-remove-broken-auth.patch libkadm5clnt-version-script.patch + CVE-2017-11103.patch " _builddir="$srcdir/$pkgname-$_ver" +# secfixes: +# 1.6_rc2-r5: +# - CVE-2017-11103 + prepare() { [ -e /usr/lib/libasn1.so ] && echo "## remove old heimdal pkg first ##" && return 1 @@ -197,7 +202,8 @@ efa764866eed4c589dc9d2aedfe1c140 005_all_heimdal-suid_fix.patch c2c2bab875bb1d258c23c88b4c237857 telnetd.patch 9a8db1ed3098a1b1073aa8b75b8084c8 heimdal_missing-include.patch 5a0fd2107233391beb73907600918d25 heimdal-remove-broken-auth.patch -d45444b92259e95a51d52145851d5206 libkadm5clnt-version-script.patch" +d45444b92259e95a51d52145851d5206 libkadm5clnt-version-script.patch +d88b9c52bf45b5f89a605f8bfb07775d CVE-2017-11103.patch" sha256sums="8fe19e0f12ff0d0c2f20a6cf56727deaabd89db9c197288022fb489e103b730d heimdal-1.6rc2.tar.gz a69218c8320b730b884631aa4a2548ddc0dbd864b458e26314c22bf903d6ddbd heimdal-kadmind.initd 4cb005716e195116421d9fbf021d6d6178e487232610854f9c9a1d0aaf798d56 heimdal-kdc.initd @@ -208,7 +214,8 @@ c4f3550e3938b82e31a616b90fbe9fb2f2bd775e108e31cc355d29ac5ab6a25a 003_all_heimda 6b78762077e6952e775b3e3471b8c53828d9b284866c4cdd2891acb26393f8ec telnetd.patch 1cd63bd7ecbcf502859c37777a6f64c043c6da298a24ac582490e7c0b06fc5c0 heimdal_missing-include.patch 28d4828914f8ffcf940aaea54b1051caa4b9ae0618a24e82506c004bed8a1bdc heimdal-remove-broken-auth.patch -f23b413b444e4866c4cf3b516cff835cdd03ec438f8487ec8dae39bca489b854 libkadm5clnt-version-script.patch" +f23b413b444e4866c4cf3b516cff835cdd03ec438f8487ec8dae39bca489b854 libkadm5clnt-version-script.patch +cc7ab5a19741ad679c0b1c93ae7732a8d93bfe5529850d615a7ee2fc06d3e83d CVE-2017-11103.patch" sha512sums="18c1bdbb003c18535f19fcde4121c80544597d0409fcde83721f6489ef8f16bdd320a4dee0392cf57555dfd76ffe8b416b11b1086759bbfca112db959ed53f5f heimdal-1.6rc2.tar.gz 0ae0fec4bdb3907d9e82e788e12ef185dd00e6db4c17f55758da5600fedd72ed1118b6b492d039f91cc54d54bf2f79f624ea38a68067e424b737b128494a4bbd heimdal-kadmind.initd 4dca69bb1c1c6dfce8c0fc1da84855e4549be478ab09511fa5143ee61d1609fed7f3303179bc1e499b0f20445e04c41eda132dd1c5f72e2fea4fcf60a35ad2a9 heimdal-kdc.initd @@ -219,4 +226,5 @@ b242cbdbd5e656e30b39fa88767d2024e9895ea6c047c061f15bbde003d02289f0fc8b63aaa7ab1e cc8775c02197ee6dc60bd62a34a03b57bafbc8e040da62028c64832bb036c29b0664eb7d19c5ff8bcf3aeb10d413fd06b7cefac610a906dafa8c2f527a73195c telnetd.patch e89efdc942c512363aac1d9797c6bf622324e9200e282bc5ed680300b9e1b39a4ea20f059cdac8f22f972eb0af0e625fd41f267ebcafcfec0aaa81192aff79c1 heimdal_missing-include.patch 74be145d6ebffa275e9411f2dbb1c3ccac41935457cb3b9482a7346ade987696a037f41cebd2677274b4827777c88a07a5336f494923fc4715dfda026ed918d2 heimdal-remove-broken-auth.patch -157e0a6f11688c93253aaae74f1ee3892e66413baa152bbc104ac0d61efc22ffcff53130ac897c4f5e49b4f160f260f159e68396d7cf1f3ca6dd72e3ac694ae3 libkadm5clnt-version-script.patch" +157e0a6f11688c93253aaae74f1ee3892e66413baa152bbc104ac0d61efc22ffcff53130ac897c4f5e49b4f160f260f159e68396d7cf1f3ca6dd72e3ac694ae3 libkadm5clnt-version-script.patch +dfb1c0dc115fb2c198784bd31c09ff638da3b66c1befc7de823eff209bdafc4916ecdec16a4d68729b92c993dcf6ea0ad43f5741e33893351d7f763f52df1e94 CVE-2017-11103.patch" diff --git a/main/heimdal/CVE-2017-11103.patch b/main/heimdal/CVE-2017-11103.patch new file mode 100644 index 0000000000..3901e491c3 --- /dev/null +++ b/main/heimdal/CVE-2017-11103.patch @@ -0,0 +1,32 @@ +From 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea Mon Sep 17 00:00:00 2001 +From: Jeffrey Altman <jaltman@secure-endpoints.com> +Date: Wed, 12 Apr 2017 15:40:42 -0400 +Subject: [PATCH] CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation + +In _krb5_extract_ticket() the KDC-REP service name must be obtained from +encrypted version stored in 'enc_part' instead of the unencrypted version +stored in 'ticket'. Use of the unecrypted version provides an +opportunity for successful server impersonation and other attacks. + +Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams. + +Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c +--- + lib/krb5/ticket.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/krb5/ticket.c b/lib/krb5/ticket.c +index d95d96d1b6..b8d81c6ad5 100644 +--- a/lib/krb5/ticket.c ++++ b/lib/krb5/ticket.c +@@ -705,8 +705,8 @@ _krb5_extract_ticket(krb5_context context, + /* check server referral and save principal */ + ret = _krb5_principalname2krb5_principal (context, + &tmp_principal, +- rep->kdc_rep.ticket.sname, +- rep->kdc_rep.ticket.realm); ++ rep->enc_part.sname, ++ rep->enc_part.srealm); + if (ret) + goto out; + if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){ |