Hello community, here is the log from the commit of package krb5 checked in at Wed Jan 10 17:47:17 CET 2007. -------- --- krb5/krb5.changes 2007-01-02 14:54:57.000000000 +0100 +++ /mounts/work_src_done/STABLE/krb5/krb5.changes 2007-01-10 11:19:50.645855000 +0100 @@ -1,0 +2,12 @@ +Wed Jan 10 11:16:30 CET 2007 - mc@suse.de + +- fix for + kadmind (via RPC library) calls uninitialized function pointer + (CVE-2006-6143)(Bug #225990) + krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif +- fix for + kadmind (via GSS-API mechglue) frees uninitialized pointers + (CVE-2006-6144)(Bug #225992) + krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif + +------------------------------------------------------------------- @@ -4 +16 @@ -- Fix Requires in krb5-devel +- Fix Requires in krb5-devel New: ---- krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ krb5-doc.spec ++++++ --- /var/tmp/diff_new_pack.M11366/_old 2007-01-10 17:46:36.000000000 +0100 +++ /var/tmp/diff_new_pack.M11366/_new 2007-01-10 17:46:36.000000000 +0100 @@ -13,7 +13,7 @@ Name: krb5-doc BuildRequires: ghostscript-library latex2html te_ams Version: 1.5.1 -Release: 35 +Release: 39 %define srcRoot krb5-1.5.1 Summary: MIT Kerberos5 Implementation--Documentation License: X11/MIT ++++++ krb5.spec ++++++ --- /var/tmp/diff_new_pack.M11366/_old 2007-01-10 17:46:36.000000000 +0100 +++ /var/tmp/diff_new_pack.M11366/_new 2007-01-10 17:46:36.000000000 +0100 @@ -12,7 +12,7 @@ Name: krb5 Version: 1.5.1 -Release: 26 +Release: 28 BuildRequires: libcom_err %define srcRoot krb5-1.5.1 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ @@ -31,6 +31,8 @@ Patch1: krb5-1.5.1-fix-too-few-arguments.dif Patch2: krb5-1.4-compile_pie.dif Patch3: krb5-1.4-fix-segfault.dif +Patch4: krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif +Patch5: krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif Patch6: trunk-EncryptWithMasterKey.dif Patch12: warning-fix-util-support.dif Patch14: warning-fix-lib-crypto-des.dif @@ -176,6 +178,8 @@ %patch1 %patch2 %patch3 +%patch4 +%patch5 %patch6 cd %{_builddir}/%{srcRoot}/src %patch12 @@ -480,6 +484,15 @@ %{_mandir}/man1/krb5-config.1* %changelog -n krb5 +* Wed Jan 10 2007 - mc@suse.de +- fix for + kadmind (via RPC library) calls uninitialized function pointer + (CVE-2006-6143)(Bug #225990) + krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif +- fix for + kadmind (via GSS-API mechglue) frees uninitialized pointers + (CVE-2006-6144)(Bug #225992) + krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif * Tue Jan 02 2007 - mc@suse.de - Fix Requires in krb5-devel [Bug #231008] ++++++ krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif ++++++ --- src/lib/rpc/svc.c +++ src/lib/rpc/svc.c 2006/12/05 10:03:35 @@ -437,6 +437,8 @@ #endif } +extern struct svc_auth_ops svc_auth_gss_ops; + static void svc_do_xprt(SVCXPRT *xprt) { @@ -518,6 +520,9 @@ if ((stat = SVC_STAT(xprt)) == XPRT_DIED){ SVC_DESTROY(xprt); break; + } else if ((xprt->xp_auth != NULL) && + (xprt->xp_auth->svc_ah_ops != &svc_auth_gss_ops)) { + xprt->xp_auth = NULL; } } while (stat == XPRT_MOREREQS); ++++++ krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif ++++++ ++++ 1530 lines (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org