Bug 917840 (CVE-2012-1016)
Summary: | CVE-2012-1016 krb5: PKINIT null pointer deref leads to DoS | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | dpal, jlieskov, jplans, nalin, nathaniel |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | krb5-1.10.4 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-04-03 18:18:44 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 917841, 917909, 917910, 924620 | ||
Bug Blocks: | 914754 |
Description
Vincent Danen
2013-03-04 22:01:08 UTC
Created krb5 tracking bugs for this issue Affects: fedora-all [bug 917841] It also looks as though this does not affect krb5 1.11 as there is no reference to this CVE in the changes for 1.11.1 (http://web.mit.edu/kerberos/www/krb5-1.11/), or it has not been fixed upstream on 1.11.x yet. I've not checked to see which is the case yet. (In reply to comment #2) > It also looks as though this does not affect krb5 1.11 as there is no > reference to this CVE in the changes for 1.11.1 > (http://web.mit.edu/kerberos/www/krb5-1.11/), or it has not been fixed > upstream on 1.11.x yet. I've not checked to see which is the case yet. This was fixed there as http://krbdev.mit.edu/rt/Ticket/Display.html?id=7506. krb5-1.10.2-9.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0656 https://rhn.redhat.com/errata/RHSA-2013-0656.html krb5-1.10.3-14.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. This issue did not affect the version of the krb5 package, as shipped with Red Hat Enterprise Linux 4. |