krb5: fix CVE-2015-2695 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Wenzong Fan <wenzong.fan@windriver.com>	2015-11-14 05:22:26 -0500
committer	Martin Jansa <Martin.Jansa@gmail.com>	2015-12-18 12:28:23 +0100
commit	a8edd9e5767897a77a189365df1a8f3a6e2ddd56 (patch)
tree	400c0064117c39ceb0ee45281293baaf77f8294c /meta-python/recipes-devtools/python/python-matplotlib/fix_setupext.patch
parent	60555f648cb51806ada687dc73f691b79b45e572 (diff)
download	meta-openembedded-a8edd9e5767897a77a189365df1a8f3a6e2ddd56.tar.gz

krb5: fix CVE-2015-2695

lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call. Backport upstream commit to fix it: https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python-matplotlib/fix_setupext.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: