krb5: Fix CVE-2023-36054 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2023-08-25 07:39:23 +0000
committer	Armin Kuster <akuster808@gmail.com>	2023-09-04 11:55:22 -0400
commit	86124cc62563eda0b19dc35a9478bc18517d515c (patch)
tree	4560027e2b3b0b03d5153e91e74d42eb8dc107cb /meta-python/recipes-devtools/python/python3-crcmod/0001-setup.py-use-setuptools-instead-of-distutils.patch
parent	41fffef6b044b2722aa13f7e7648a3f848231851 (diff)
download	meta-openembedded-86124cc62563eda0b19dc35a9478bc18517d515c.tar.gz

krb5: Fix CVE-2023-36054

lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. References: https://nvd.nist.gov/vuln/detail/CVE-2023-36054 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-crcmod/0001-setup.py-use-setuptools-instead-of-distutils.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: