Sebastian Krahmer discovered a stack-based buffer overflow flaw in cifskey.c, which is used by pam_cifscreds.
A patch is available from the following: https://bugzilla.novell.com/show_bug.cgi?id=870168
Created cifs-utils tracking bugs for this issue:
Affects: fedora-all [bug 1086226]
MITRE assigned CVE-2014-2830 to this issue:
Ok, I merged Sebastian's patch (with a small modification).
I've proposed a couple of other patches to help fix up the error handling, including the case where the buffer would have been overrun. Assuming no one objects, I'll merge them in the next few days and we can get this package built for f20: