projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8683672) | patch
package/libkrb5: fix CVE-2021-37750
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Wed, 15 Sep 2021 19:48:19 +0000 (21:48 +0200)
committerYann E. MORIN <yann.morin.1998@free.fr>
Sat, 18 Sep 2021 06:50:19 +0000 (08:50 +0200)
commitb9646b18bf46a91b9b3b21b41d8b89fd9f4d5d52
treedccc6107702022a96cfb3aebdd70de6e7e315c6btree
parent868367222b6bda2fa4c155a1c6334e7efbdbf62bcommit | diff
package/libkrb5: fix CVE-2021-37750

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before
1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in
kdc/do_tgs_req.c via a FAST inner body that lacks a server field.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
package/libkrb5/0001-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch [new file with mode: 0644] blob
package/libkrb5/libkrb5.mk diff | blob | history