Please consider krb5 1.4.4-6 for testing

To: debian-release@lists.debian.org
Cc: rra@debian.org
Subject: Please consider krb5 1.4.4-6 for testing
From: Sam Hartman <hartmans@debian.org>
From: Sam Hartman <hartmans@mit.edu>
Date: Tue, 09 Jan 2007 14:43:35 -0500
Message-id: <[🔎] tslhcv0vvdk.fsf@luminous.suchdamage.org>


krb5 1.4.4-6 fixes mit-sa-2006-2 (see
http://web.mit.edu/kerberos/advisories/ ) which is a fairly serious
bug found through a mostly unrelated problem.

I've attached a diff below; I strongly recommend that this package be
accepted into etch.


Debian is not vulnerable to mit-sa-2006-3.
=== debian/changelog
==================================================================
--- debian/changelog	(/remote/krb5/trunk/krb5)	(revision 2663)
+++ debian/changelog	(/k5-s/krb5)	(local)
@@ -1,3 +1,12 @@
+krb5 (1.4.4-6) unstable; urgency=emergency
+
+  * mit-sa-2006-2:   kadmind and rpc library call through function pointer
+    to freed memory (CVE-2006-6143) 
+      - null out xp_auth unless it is  associated with an rpcsec_gss
+      connection 
+
+ -- Sam Hartman <hartmans@debian.org>  Thu,  4 Jan 2007 16:07:02 -0500
+
 krb5 (1.4.4-5) unstable; urgency=low
 
   * Translation updates:
=== debian/patch.mit-sa-2006-2
==================================================================
--- debian/patch.mit-sa-2006-2	(/remote/krb5/trunk/krb5)	(revision 2663)
+++ debian/patch.mit-sa-2006-2	(/k5-s/krb5)	(local)
@@ -0,0 +1,27 @@
+Index: src/lib/rpc/svc.c
+===================================================================
+*** src/lib/rpc/svc.c	(revision 18864)
+--- src/lib/rpc/svc.c	(working copy)
+***************
+*** 437,442 ****
+--- 437,444 ----
+  #endif
+  }
+
++ extern struct svc_auth_ops svc_auth_gss_ops;
++
+  static void
+  svc_do_xprt(SVCXPRT *xprt)
+  {
+***************
+*** 518,523 ****
+--- 520,528 ----
+  		if ((stat = SVC_STAT(xprt)) == XPRT_DIED){
+  			SVC_DESTROY(xprt);
+  			break;
++ 		} else if ((xprt->xp_auth != NULL) &&
++ 			   (xprt->xp_auth->svc_ah_ops != &svc_auth_gss_ops)) {
++ 			xprt->xp_auth = NULL;
+  		}
+  	} while (stat == XPRT_MOREREQS);
+
=== src/lib/rpc/svc.c
==================================================================
--- src/lib/rpc/svc.c	(/remote/krb5/trunk/krb5)	(revision 2663)
+++ src/lib/rpc/svc.c	(/k5-s/krb5)	(local)
@@ -436,6 +436,8 @@
 #endif
 }
 
+extern struct svc_auth_ops svc_auth_gss_ops;
+
 static void
 svc_do_xprt(SVCXPRT *xprt)
 {
@@ -517,6 +519,9 @@
 		if ((stat = SVC_STAT(xprt)) == XPRT_DIED){
 			SVC_DESTROY(xprt);
 			break;
+		} else if ((xprt->xp_auth != NULL) &&
+			   (xprt->xp_auth->svc_ah_ops != &svc_auth_gss_ops)) {
+			xprt->xp_auth = NULL;
 		}
 	} while (stat == XPRT_MOREREQS);

Attachment: pgpsOhBwt78X2.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Please consider krb5 1.4.4-6 for testing
  - From: Marc 'HE' Brockschmidt <he@ftwca.de>

Prev by Date: Re: please unblock gpm 1.19.6-24
Next by Date: Re: Please unblock xsane 0.99+0.991-2 and sane-frontends 1.0.14-2
Previous by thread: Re: libhtml-mason-perl international update
Next by thread: Re: Please consider krb5 1.4.4-6 for testing
Index(es):
- Date
- Thread