Unblock libpam-krb5 3.11-3

To: debian-release@lists.debian.org
Subject: Unblock libpam-krb5 3.11-3
From: Russ Allbery <rra@debian.org>
Date: Fri, 19 Sep 2008 11:39:36 -0700
Message-id: <[🔎] 8763osgetz.fsf@windlord.stanford.edu>

Just uploaded, fixes a segfault in an error handling path.  The segfault
is a NULL pointer dereference in the Kerberos libraries and I don't
believe there are any exploitable security implications, but segfault bugs
in PAM modules are a significant problem for applications and can create
denial of service attack opportunities.

The problem was due to incorrect handling of an error code set from errno
that would cause it to be set to 0 in some circumstances, leaving other
parts of the code thinking no error occurred and therefore data structures
should be freed which were still NULL pointers.

libpam-krb5 (3.11-3) unstable; urgency=low

  * Fix segfault after detection of unsafe .k5login ownership when
    search_k5login is set.  Thanks, Andrew Deason.  (Closes: #499479)

 -- Russ Allbery <rra@debian.org>  Thu, 18 Sep 2008 20:45:43 -0700

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: Unblock libpam-krb5 3.11-3
  - From: Marc 'HE' Brockschmidt <he@ftwca.de>

Prev by Date: Re: Pre-approval for matplotlib/0.98.1-1+lenny1 in t-p-u
Next by Date: Please unblock libxml2 2.6.32.dfsg-4
Previous by thread: Re: Please unblock why/2.13-2
Next by thread: Re: Unblock libpam-krb5 3.11-3
Index(es):
- Date
- Thread