krb5: fix CVE-2015-2697 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Wenzong Fan <wenzong.fan@windriver.com>	2015-11-14 05:22:28 -0500
committer	Martin Jansa <Martin.Jansa@gmail.com>	2015-12-18 12:28:24 +0100
commit	c533d4506eb983daf7884ba41bb910c0b1133a3d (patch)
tree	0e732b88f44a92cbd356707db36e9fd7a3d08eff /meta-python/recipes-devtools/python/python-matplotlib/fix_setupext.patch
parent	88368a58260e7e18f6f85901f80759599051bd51 (diff)
download	meta-openembedded-c533d4506eb983daf7884ba41bb910c0b1133a3d.tar.gz

krb5: fix CVE-2015-2697

The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request. Backport upstream commit to fix it: https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789 Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python-matplotlib/fix_setupext.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: