mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-18 19:49:40 +00:00
security/krb5-*: Address CVE-2022-42898
Topic: Vulnerabilities in PAC parsing CVE-2022-42898: integer overflow vulnerabilities in PAC parsing SUMMARY ======= Three integer overflow vulnerabilities have been discovered in the MIT krb5 library function krb5_parse_pac(). IMPACT ====== An authenticated attacker may be able to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service. A privileged attacker may similarly be able to cause a Kerberos or GSS application service to crash. On a 32-bit platform, an authenticated attacker may be able to cause heap corruption in a KDC or kadmind process, possibly leading to remote code execution. A privileged attacker may similarly be able to cause heap corruption in a Kerberos or GSS application service running on a 32-bit platform. An attacker with the privileges of a cross-realm KDC may be able to extract secrets from a KDC process's memory by having them copied into the PAC of a new ticket. AFFECTED SOFTWARE ================= Kerberos and GSS application services using krb5-1.8 or later are affected. kadmind in krb5-1.8 or later is affected. The krb5-1.20 KDC is affected. The krb5-1.8 through krb5-1.19 KDC is affected when using the Samba or FreeIPA KDB modules. REFERENCES ========== This announcement is posted at: https://web.mit.edu/kerberos/advisories/MITKRB5-SA-2022-001.txt This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: https://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: https://web.mit.edu/kerberos/index.html CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898 MFH: 2022Q4 Security: CVE-2022-42898
This commit is contained in:
parent
5045eaf7fa
commit
de40003bfd
@ -1,5 +1,6 @@
|
||||
PORTNAME= krb5
|
||||
PORTVERSION= 1.19.3
|
||||
PORTREVISION= 1
|
||||
CATEGORIES= security
|
||||
MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/
|
||||
.if !defined(MASTERDIR)
|
||||
@ -8,6 +9,7 @@ PKGNAMESUFFIX= -119
|
||||
|
||||
PATCH_SITES= http://web.mit.edu/kerberos/advisories/
|
||||
PATCH_DIST_STRIP= -p2
|
||||
PATCHFILES= 2022-001-patch-r119.txt
|
||||
|
||||
MAINTAINER= cy@FreeBSD.org
|
||||
COMMENT= MIT implementation of RFC 4120 network authentication service
|
||||
|
@ -1,3 +1,5 @@
|
||||
TIMESTAMP = 1647101273
|
||||
TIMESTAMP = 1668529517
|
||||
SHA256 (krb5-1.19.3.tar.gz) = 56d04863cfddc9d9eb7af17556e043e3537d41c6e545610778676cf551b9dcd0
|
||||
SIZE (krb5-1.19.3.tar.gz) = 8741343
|
||||
SHA256 (2022-001-patch-r119.txt) = e6e50807528cdda07fe8d946b0b417403168ff1e442ed4dbf099f20262c25867
|
||||
SIZE (2022-001-patch-r119.txt) = 3536
|
||||
|
@ -1,5 +1,6 @@
|
||||
PORTNAME= krb5
|
||||
PORTVERSION= 1.20
|
||||
PORTREVISION= 1
|
||||
CATEGORIES= security
|
||||
MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/
|
||||
.if !defined(MASTERDIR)
|
||||
@ -8,6 +9,7 @@ PKGNAMESUFFIX= -120
|
||||
|
||||
PATCH_SITES= http://web.mit.edu/kerberos/advisories/
|
||||
PATCH_DIST_STRIP= -p2
|
||||
PATCHFILES= 2022-001-patch-r120.txt
|
||||
|
||||
MAINTAINER= cy@FreeBSD.org
|
||||
COMMENT= MIT implementation of RFC 4120 network authentication service
|
||||
|
@ -1,3 +1,5 @@
|
||||
TIMESTAMP = 1653608400
|
||||
TIMESTAMP = 1668529430
|
||||
SHA256 (krb5-1.20.tar.gz) = 7e022bdd3c851830173f9faaa006a230a0e0fdad4c953e85bff4bf0da036e12f
|
||||
SIZE (krb5-1.20.tar.gz) = 8660756
|
||||
SHA256 (2022-001-patch-r120.txt) = 7e4589910db665142ba04b45eb8f64d0a3dd30e67c0010e449048600ece0bcc9
|
||||
SIZE (2022-001-patch-r120.txt) = 3539
|
||||
|
Loading…
Reference in New Issue
Block a user