Changeset 29e27d02

Timestamp:

10/18/2021 10:18:34 PM (3 years ago)

Author:

Douglas R. Reno <renodr@…>

Branches:

11.1, 11.2, 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

acb648f

Parents:

8422a12

Message:

Fix CVE-2021-37750 in MIT Kerberos 5. Suggested in the Samba 4.15.0
release notes.

Files:

• introduction/welcome/changelog.xml (modified) (1 diff)
• postlfs/security/mitkrb.xml (modified) (1 diff)

introduction/welcome/changelog.xml

@@ -46 +46 @@
       <itemizedlist>
         <listitem>
+          <para>[renodr] - Fix CVE-2021-37750 in MIT krb5 per the suggestion in
+          the Samba release notes for 4.15.0.</para>
+        </listitem>
+        <listitem>
           <para>[renodr] - Update to mercurial-5.9.2. Fixes
           <ulink url="&blfs-ticket-root;15646">#15646</ulink>.</para>

postlfs/security/mitkrb.xml

@@ -109 +109 @@
   <sect2 role="installation">
     <title>Installation of MIT Kerberos V5</title>
+
+    <para>
+      First, fix a denial-of-service security vulnerability:
+      <!-- CVE-2021-37750, mentioned in Samba release notes for 4.15.0. -->
+    </para>
+
+<screen><userinput remap="pre">sed -i '210a if (sprinc == NULL) {\
+       status = "NULL_SERVER";\
+       errcode = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;\
+       goto cleanup;\
+       }' src/kdc/do_tgs_req.c</userinput></screen>
 
     <para>