diff --git a/krb5-CVE-2010-1321-1.6.1.patch b/krb5-CVE-2010-1321-1.6.1.patch new file mode 100644 index 0000000..0f70a73 --- /dev/null +++ b/krb5-CVE-2010-1321-1.6.1.patch @@ -0,0 +1,17 @@ +Tweaked from candidate for MITKRB5-SA-2010-005. +--- krb5/src/lib/gssapi/krb5/accept_sec_context.c 2010-05-04 10:51:06.000000000 -0400 ++++ krb5/src/lib/gssapi/krb5/accept_sec_context.c 2010-05-04 10:56:48.000000000 -0400 +@@ -384,6 +384,13 @@ krb5_gss_accept_sec_context(minor_status + } + #endif + ++ if (authdat->checksum == NULL) { ++ /* missing checksum counts as "inappropriate type" */ ++ code = KRB5KRB_AP_ERR_INAPP_CKSUM; ++ major_status = GSS_S_FAILURE; ++ goto fail; ++ } ++ + { + /* gss krb5 v1 */ + diff --git a/krb5.spec b/krb5.spec index 13b6b75..0e858c3 100644 --- a/krb5.spec +++ b/krb5.spec @@ -16,7 +16,7 @@ Summary: The Kerberos network authentication system. Name: krb5 Version: 1.6.3 -Release: 30%{?dist} +Release: 31%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar Source0: krb5-%{version}.tar.gz @@ -112,6 +112,7 @@ Patch85: http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt Patch86: krb5-1.7-openssl-1.0.patch Patch87: krb5-1.6.3-kpasswd_ipv6.patch Patch88: krb5-1.6.1-cs22427.patch +Patch89: krb5-CVE-2010-1321-1.6.1.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -244,6 +245,10 @@ to obtain initial credentials from a KDC using a private key and a certificate. %changelog +* Tue May 18 2010 Nalin Dahyabhai 1.6.3-31 +- add patch to correct GSSAPI library null pointer dereference which could be + triggered by malformed client requests (CVE-2010-1321, #582466) + * Tue May 4 2010 Nalin Dahyabhai 1.6.3-30 - fix output of kprop's init script's "status" and "reload" commands (#588222) @@ -1472,6 +1477,7 @@ popd %patch86 -p0 -b .openssl-1.0 %patch87 -p0 -b .kpasswd_ipv6 %patch88 -p0 -b .cs22427 +%patch89 -p1 -b .CVE-2010-1321 cp src/krb524/README README.krb524 gzip doc/*.ps