~hartmans/ubuntu/trusty/krb5/gss-infinite-loop

Viewing all changes in revision 63.

  • Committer: Sam Hartman
  • Date: 2014-08-12 11:31:13 UTC
  • mfrom: (59.1.1 krb5)
  • Revision ID: hartmans@debian.org-20140812113113-wxcusslnf8u2pjhc
* SECURITY UPDATE: denial of service via invalid tokens
  - debian/patches/CVE-2014-4341-4342.patch: handle invalid tokens in
    src/lib/gssapi/krb5/k5unseal.c, src/lib/gssapi/krb5/k5unsealiov.c.
  - CVE-2014-4341
  - CVE-2014-4342
* SECURITY UPDATE: denial of service via double-free in SPNEGO
  - debian/patches/CVE-2014-4343.patch: fix double-free in
    src/lib/gssapi/spnego/spnego_mech.c.
  - CVE-2014-4343
* SECURITY UPDATE: denial of service via null deref in SPNEGO acceptor
  - debian/patches/CVE-2014-4344.patch: validate REMAIN in
    src/lib/gssapi/spnego/spnego_mech.c.
  - CVE-2014-4344
* SECURITY UPDATE: denial of service and possible code execution in
  kadmind with LDAP backend
  - debian/patches/CVE-2014-4345.patch: fix off-by-one in
    src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
  - CVE-2014-4345

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: