krb5: Fix CVE-2023-36054 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2023-08-25 07:38:26 +0000
committer	Armin Kuster <akuster808@gmail.com>	2023-09-04 11:57:41 -0400
commit	39d15cf5cbb4c8f5e7fbc6c0ff8aa020dc7bd115 (patch)
tree	d4f075a37b7d20ea2d8224ef86b0aaa1b3bd7f23 /meta-python/recipes-devtools/python/python3-sqlparse
parent	7c127728e78f32276e169167133d1d6f90222019 (diff)
download	meta-openembedded-39d15cf5cbb4c8f5e7fbc6c0ff8aa020dc7bd115.tar.gz

krb5: Fix CVE-2023-36054

lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. References: https://nvd.nist.gov/vuln/detail/CVE-2023-36054 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-sqlparse')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: