diff options
author | Yogita Urade <yogita.urade@windriver.com> | 2024-08-23 06:46:03 +0000 |
---|---|---|
committer | Khem Raj <raj.khem@gmail.com> | 2024-08-23 22:35:10 -0700 |
commit | 2cfb80b24ce790d4d13c315207d28df0afe4d90c (patch) | |
tree | 88a4dff83ed71142b6bf9355fda4feb2e142cc1c /meta-oe/recipes-connectivity/krb5/krb5_1.21.3.bb | |
parent | 8c43e7a2997696179c562fe0d0be2aa076df8916 (diff) | |
download | meta-openembedded-2cfb80b24ce790d4d13c315207d28df0afe4d90c.tar.gz |
krb5: fix CVE-2024-26458 and CVE-2024-26461
CVE-2024-26458:
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in
/krb5/src/lib/rpc/pmap_rmt.c.
CVE-2024-26461:
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak
vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-26458
https://nvd.nist.gov/vuln/detail/CVE-2024-26461
Upstream Patch:
https://github.com/krb5/krb5/commit/c5f9c816107f70139de11b38aa02db2f1774ee0d
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-oe/recipes-connectivity/krb5/krb5_1.21.3.bb')
-rw-r--r-- | meta-oe/recipes-connectivity/krb5/krb5_1.21.3.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-oe/recipes-connectivity/krb5/krb5_1.21.3.bb b/meta-oe/recipes-connectivity/krb5/krb5_1.21.3.bb index c482472ff..748918132 100644 --- a/meta-oe/recipes-connectivity/krb5/krb5_1.21.3.bb +++ b/meta-oe/recipes-connectivity/krb5/krb5_1.21.3.bb | |||
@@ -28,6 +28,7 @@ SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}.tar.gz \ | |||
28 | file://etc/default/krb5-admin-server \ | 28 | file://etc/default/krb5-admin-server \ |
29 | file://krb5-kdc.service \ | 29 | file://krb5-kdc.service \ |
30 | file://krb5-admin-server.service \ | 30 | file://krb5-admin-server.service \ |
31 | file://CVE-2024-26458_CVE-2024-26461.patch;striplevel=2 \ | ||
31 | " | 32 | " |
32 | 33 | ||
33 | SRC_URI[sha256sum] = "b7a4cd5ead67fb08b980b21abd150ff7217e85ea320c9ed0c6dadd304840ad35" | 34 | SRC_URI[sha256sum] = "b7a4cd5ead67fb08b980b21abd150ff7217e85ea320c9ed0c6dadd304840ad35" |