[oe] [PATCH 0/1][meta-oe] krb5: fix CVE-2014-5351
wenzong.fan at windriver.com
wenzong.fan at windriver.com
Wed Nov 12 08:25:18 UTC 2014
From: Wenzong Fan <wenzong.fan at windriver.com>
The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c
in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a
response to a -randkey -keepold request, which allows remote authentic-
ated users to forge tickets by leveraging administrative access.
This back-ported patch fixes CVE-2014-5351.
The following changes since commit c78eca1ea7452a62f86b740ec59f1cd39e399d73:
postfix: create or update aliases.db when using systemd (2014-11-10 15:18:55 -0500)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib wenzong/cve-krb5
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/cve-krb5
Wenzong Fan (1):
krb5: fix CVE-2014-5351
...rn-only-new-keys-in-randkey-CVE-2014-5351.patch | 92 ++++++++++++++++++++
meta-oe/recipes-connectivity/krb5/krb5_1.12.2.bb | 1 +
2 files changed, 93 insertions(+)
create mode 100644 meta-oe/recipes-connectivity/krb5/krb5/0001-Return-only-new-keys-in-randkey-CVE-2014-5351.patch
--
1.7.9.5
More information about the Openembedded-devel
mailing list