diff options
author | Marius Bakke <mbakke@fastmail.com> | 2018-06-11 23:52:15 +0200 |
---|---|---|
committer | Marius Bakke <mbakke@fastmail.com> | 2018-06-11 23:52:15 +0200 |
commit | a032b4454b3fc67e11e9fc2d8c2345288065fa29 (patch) | |
tree | c208124b79dbd2224b68c52106aa72ff2ebfa7ab /gnu/packages/patches/heimdal-CVE-2017-11103.patch | |
parent | b5724230fed2d043206df20d12a45bb962b7ee77 (diff) | |
parent | 6321ce42ab4d9ab788d858cb19bde4aa7a0e3ecc (diff) | |
download | guix-a032b4454b3fc67e11e9fc2d8c2345288065fa29.tar.gz |
Merge branch 'master' into staging
Diffstat (limited to 'gnu/packages/patches/heimdal-CVE-2017-11103.patch')
-rw-r--r-- | gnu/packages/patches/heimdal-CVE-2017-11103.patch | 45 |
1 files changed, 0 insertions, 45 deletions
diff --git a/gnu/packages/patches/heimdal-CVE-2017-11103.patch b/gnu/packages/patches/heimdal-CVE-2017-11103.patch deleted file mode 100644 index d76f0df369..0000000000 --- a/gnu/packages/patches/heimdal-CVE-2017-11103.patch +++ /dev/null @@ -1,45 +0,0 @@ -Fix CVE-2017-11103: - -https://orpheus-lyre.info/ -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103 -https://security-tracker.debian.org/tracker/CVE-2017-11103 - -Patch lifted from upstream source repository: - -https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea - -From 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea Mon Sep 17 00:00:00 2001 -From: Jeffrey Altman <jaltman@secure-endpoints.com> -Date: Wed, 12 Apr 2017 15:40:42 -0400 -Subject: [PATCH] CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation - -In _krb5_extract_ticket() the KDC-REP service name must be obtained from -encrypted version stored in 'enc_part' instead of the unencrypted version -stored in 'ticket'. Use of the unecrypted version provides an -opportunity for successful server impersonation and other attacks. - -Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams. - -Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c ---- - lib/krb5/ticket.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/lib/krb5/ticket.c b/lib/krb5/ticket.c -index d95d96d1b..b8d81c6ad 100644 ---- a/lib/krb5/ticket.c -+++ b/lib/krb5/ticket.c -@@ -705,8 +705,8 @@ _krb5_extract_ticket(krb5_context context, - /* check server referral and save principal */ - ret = _krb5_principalname2krb5_principal (context, - &tmp_principal, -- rep->kdc_rep.ticket.sname, -- rep->kdc_rep.ticket.realm); -+ rep->enc_part.sname, -+ rep->enc_part.srealm); - if (ret) - goto out; - if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){ --- -2.13.3 - |