summary refs log tree commit diff
path: root/gnu/packages/patches/heimdal-CVE-2017-11103.patch
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2018-06-11 23:52:15 +0200
committerMarius Bakke <mbakke@fastmail.com>2018-06-11 23:52:15 +0200
commita032b4454b3fc67e11e9fc2d8c2345288065fa29 (patch)
treec208124b79dbd2224b68c52106aa72ff2ebfa7ab /gnu/packages/patches/heimdal-CVE-2017-11103.patch
parentb5724230fed2d043206df20d12a45bb962b7ee77 (diff)
parent6321ce42ab4d9ab788d858cb19bde4aa7a0e3ecc (diff)
downloadguix-a032b4454b3fc67e11e9fc2d8c2345288065fa29.tar.gz
Merge branch 'master' into staging
Diffstat (limited to 'gnu/packages/patches/heimdal-CVE-2017-11103.patch')
-rw-r--r--gnu/packages/patches/heimdal-CVE-2017-11103.patch45
1 files changed, 0 insertions, 45 deletions
diff --git a/gnu/packages/patches/heimdal-CVE-2017-11103.patch b/gnu/packages/patches/heimdal-CVE-2017-11103.patch
deleted file mode 100644
index d76f0df369..0000000000
--- a/gnu/packages/patches/heimdal-CVE-2017-11103.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-Fix CVE-2017-11103:
-
-https://orpheus-lyre.info/
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103
-https://security-tracker.debian.org/tracker/CVE-2017-11103
-
-Patch lifted from upstream source repository:
-
-https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea
-
-From 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea Mon Sep 17 00:00:00 2001
-From: Jeffrey Altman <jaltman@secure-endpoints.com>
-Date: Wed, 12 Apr 2017 15:40:42 -0400
-Subject: [PATCH] CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
-
-In _krb5_extract_ticket() the KDC-REP service name must be obtained from
-encrypted version stored in 'enc_part' instead of the unencrypted version
-stored in 'ticket'.  Use of the unecrypted version provides an
-opportunity for successful server impersonation and other attacks.
-
-Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
-
-Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c
----
- lib/krb5/ticket.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/lib/krb5/ticket.c b/lib/krb5/ticket.c
-index d95d96d1b..b8d81c6ad 100644
---- a/lib/krb5/ticket.c
-+++ b/lib/krb5/ticket.c
-@@ -705,8 +705,8 @@ _krb5_extract_ticket(krb5_context context,
-     /* check server referral and save principal */
-     ret = _krb5_principalname2krb5_principal (context,
- 					      &tmp_principal,
--					      rep->kdc_rep.ticket.sname,
--					      rep->kdc_rep.ticket.realm);
-+					      rep->enc_part.sname,
-+					      rep->enc_part.srealm);
-     if (ret)
- 	goto out;
-     if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){
--- 
-2.13.3
-