Bug 215443
Summary: | CVE-2006-5989 mod_auth_kerb segfault with FC6 client | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Dax Kelson <dkelson> |
Component: | mod_auth_kerb | Assignee: | Joe Orton <jorton> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 5 | CC: | emcnabb, nalin, security-response-team |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | impact=low,source=bugzilla,reported=20060915,public=20061113 | ||
Fixed In Version: | 5.3-2.fc5 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-05-23 12:39:13 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Dax Kelson
2006-11-13 23:18:08 UTC
More information regarding this flaw (including the patch) can be found in bug 206736 I presume this also affects FC5. I tested the patch on my servers and no more segfault. Thanks very much. Note that the author of mod_auth_kerb just released v5.3 that includes the patch. Errata RPMs will be issued for RHEL4,FC5 and FC6? The bug is specific to the SPNEGO code included in mod_auth_kerb, and affects: - RHEL4 - FC5 (and earlier in Legacy) Note that the FC6 mod_auth_kerb uses the SPNEGO handling in the system Kerberos/GSSAPI libraries, the bundled code is not used, and so is not affected by this issue. Clearing security-sensitive bit since this is disclosed publically already. mod_auth_kerb-5.3-2.fc5 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report. |