diff options
| author | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-05-05 13:20:56 +0000 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-05-05 13:21:11 +0000 |
| commit | 563219286cc5231fa8d48ce13886e258e632bad5 (patch) | |
| tree | 84e5379ee4c9c9a24faf95613375b4b71250b551 /main/krb5 | |
| parent | 9ba8b7c9fd89f59ca397b08af14e28da79bd0b4a (diff) | |
| download | aports-563219286cc5231fa8d48ce13886e258e632bad5.tar.bz2 aports-563219286cc5231fa8d48ce13886e258e632bad5.tar.xz | |
Security fix (CVE-2016-3119). Fixes #5453
Diffstat (limited to 'main/krb5')
| -rw-r--r-- | main/krb5/APKBUILD | 6 | ||||
| -rw-r--r-- | main/krb5/CVE-2016-3119.patch | 38 |
2 files changed, 43 insertions, 1 deletions
diff --git a/main/krb5/APKBUILD b/main/krb5/APKBUILD index 0c2ea86cb4..815869e1a3 100644 --- a/main/krb5/APKBUILD +++ b/main/krb5/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=krb5 pkgver=1.14 -pkgrel=1 +pkgrel=2 case $pkgver in *.*.*) _ver=${pkgver%.*};; @@ -25,6 +25,7 @@ source="http://web.mit.edu/kerberos/dist/krb5/${_ver}/krb5-$pkgver.tar.gz CVE-2015-8629.patch CVE-2015-8630.patch CVE-2015-8631.patch + CVE-2016-3119.patch krb5kadmind.initd krb5kdc.initd @@ -125,6 +126,7 @@ c84a0c7d8014e3528524956ffdd1c3e9 mit-krb5_krb5-config_LDFLAGS.patch 51bfc721a58e4dd28ebcf2f600ff3455 CVE-2015-8629.patch f8b6f512f94dcad5bfdc1250beaf2d11 CVE-2015-8630.patch 380b86bdaa1303a6bc7b0cc3672c3e43 CVE-2015-8631.patch +4c1026deb45e9d6f2daf70198806908b CVE-2016-3119.patch 9c0e3bac122326cdbbbac068056ee8af krb5kadmind.initd 71131479c07a2d89b30a2ea18dd64e74 krb5kdc.initd d94873a6a1ac6277adf2d25458eda9e5 krb5kpropd.initd" @@ -133,6 +135,7 @@ sha256sums="cedb07fad8331e3ff2983d26e977a2ddba622f379c2b19bfea85bd695930f9e9 kr 6c462dfa8202be953d3b9dc2acecb94b3576663caf7a1ceb1275b1dcb6b11171 CVE-2015-8629.patch d87154deff5284b1a22d0c31de1b3c6276e4c2a94d7951b3cb31ed1b2ef405da CVE-2015-8630.patch 7c1860aeba4b0712b1fd0b46ed6acc882f36a5b5b7cbcaa8e496baca65bc881a CVE-2015-8631.patch +77b1fc7ce4ba5fd6360204e023a8984799b38252d60bac9d988011067b851f78 CVE-2016-3119.patch 213a5b04f091e4644e856aabc38da586bd86c4616ab15f00eefca52fca7137d6 krb5kadmind.initd 577842c7fe4639a8e9dd349da40e514284dd53440bb71be58283faaf18508f9a krb5kdc.initd 1644639d83791bd871f3c89a53a7052ab52994d3ef03d1d675d4217130c1fa94 krb5kpropd.initd" @@ -141,6 +144,7 @@ sha512sums="b33a85b37f6038e34ba4038c9d1cc6a0df027652cbeccd24e39b323a1ed1bc163050 a4791794fc8cd675605ed0f9d39b099b2e83713c7038648529906490c36b1e92739f05ba6f5a1be9923459a01b45ffb04129e23313873fea2fd41c45f7f42f90 CVE-2015-8629.patch c91415ff810ea1b3d8ba80d005bc40bb3595be4b7610b69d6c8c97bdcb290c1eb400997ccb091863d558bfb8a4cbb8f00557a690f60c0ada700ba76194960b0a CVE-2015-8630.patch 59b70cf6aa3f462fe8dab0f02e7f649f9615c5e40ad43517a9b9febd2c5d87b0d38f3e620ad6dd006c9ecbc9a4bbcab39655e518c6d37fbe74f40a888545ae79 CVE-2015-8631.patch +0c2bdab9b93e48c3f2c06dbd3196bc1e5aad7b9b969c1b43e1147d8885d78206854900a78d32f4a5813bc0e3297e6bfec344f2878025c02be94d9675f04e8268 CVE-2016-3119.patch 43b9885b7eb8d0d60920def688de482f2b1701288f9acb1bb21dc76b2395428ff304961959eb04ba5eafd0412bae35668d6d2c8223424b9337bc051eadf51682 krb5kadmind.initd ede15f15bbbc9d0227235067abe15245bb9713aea260d397379c63275ce74aea0db6c91c15d599e40c6e89612d76f3a0f8fdd21cbafa3f30d426d4310d3e2cec krb5kdc.initd 45be0d421efd41e9dd056125a750c90856586e990317456b68170d733b03cba9ecd18ab87603b20e49575e7839fb4a6d628255533f2631f9e8ddb7f3cc493a90 krb5kpropd.initd" diff --git a/main/krb5/CVE-2016-3119.patch b/main/krb5/CVE-2016-3119.patch new file mode 100644 index 0000000000..4e94534e98 --- /dev/null +++ b/main/krb5/CVE-2016-3119.patch @@ -0,0 +1,38 @@ +From 08c642c09c38a9c6454ab43a9b53b2a89b9eef99 Mon Sep 17 00:00:00 2001 +From: Greg Hudson <ghudson@mit.edu> +Date: Mon, 14 Mar 2016 17:26:34 -0400 +Subject: [PATCH] Fix LDAP null deref on empty arg [CVE-2016-3119] + +In the LDAP KDB module's process_db_args(), strtok_r() may return NULL +if there is an empty string in the db_args array. Check for this case +and avoid dereferencing a null pointer. + +CVE-2016-3119: + +In MIT krb5 1.6 and later, an authenticated attacker with permission +to modify a principal entry can cause kadmind to dereference a null +pointer by supplying an empty DB argument to the modify_principal +command, if kadmind is configured to use the LDAP KDB module. + + CVSSv2 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C/E:H/RL:OF/RC:ND + +ticket: 8383 (new) +target_version: 1.14-next +target_version: 1.13-next +tags: pullup +--- + src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +index 6e591e1..79c4cf0 100644 +--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c ++++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +@@ -296,6 +296,7 @@ process_db_args(krb5_context context, char **db_args, xargs_t *xargs, + if (db_args) { + for (i=0; db_args[i]; ++i) { + arg = strtok_r(db_args[i], "=", &arg_val); ++ arg = (arg != NULL) ? arg : ""; + if (strcmp(arg, TKTPOLICY_ARG) == 0) { + dptr = &xargs->tktpolicydn; + } else { |