krb5: fix CVE-2015-2696 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Wenzong Fan <wenzong.fan@windriver.com>	2015-11-14 05:22:27 -0500
committer	Martin Jansa <Martin.Jansa@gmail.com>	2015-12-18 12:28:23 +0100
commit	88368a58260e7e18f6f85901f80759599051bd51 (patch)
tree	85ec1035f980615072a8045cb4a9e148ff94a69a /meta-python/recipes-devtools/python/python-matplotlib/fix_setup.patch
parent	a8edd9e5767897a77a189365df1a8f3a6e2ddd56 (diff)
download	meta-openembedded-88368a58260e7e18f6f85901f80759599051bd51.tar.gz

krb5: fix CVE-2015-2696

lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call. Backport upstream commit to fix it: https://github.com/krb5/krb5/commit/e04f0283516e80d2f93366e0d479d13c9b5c8c2a Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python-matplotlib/fix_setup.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: