Bug 159755
Summary: | CAN-2005-1689 double-free in krb5_recvauth | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Josh Bressers <bressers> |
Component: | krb5 | Assignee: | Nalin Dahyabhai <nalin> |
Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> |
Severity: | urgent | Docs Contact: | |
Priority: | medium | ||
Version: | 3 | CC: | security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | impact=critical,embargo=20050712,source=mit,reported=20050526 | ||
Fixed In Version: | 1.3.6-7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-06-30 02:30:43 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Josh Bressers
2005-06-07 20:07:33 UTC
The embargo on this issue will be lifted after FC4 comes out, we shall want to fix it there as well. Note that on RHEL4 and FC3 and FC4 a double free will be caught by glibc and cause a crash. Whilst this allows a remote DoS it won't allow arbitrary code. Therefore Important on those distributions with these checks, Critial elsewhere. public at http://web.mit.edu/kerberos/www/advisories/, removing embargo This was fixed in 1.3.6-7 and an update released. It just was never marked as closed. |