pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
pkg/35459: heap overflow in ap-auth-kerb package
>Number: 35459
>Category: pkg
>Synopsis: heap overflow in ap-auth-kerb package
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: pkg-manager
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Sun Jan 21 16:30:00 +0000 2007
>Originator: Michael Santos
>Release: pkgsrc-2006Q4
>Organization:
>Environment:
pkgsrc-2006Q4
>Description:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5989
>How-To-Repeat:
>Fix:
--- spnegokrb5/der_get.c.orig 2007-01-21 11:33:33.000000000 -0500
+++ spnegokrb5/der_get.c 2007-01-21 11:34:08.000000000 -0500
@@ -152,5 +152,5 @@
return ASN1_OVERRUN;
- data->components = malloc(len * sizeof(*data->components));
+ data->components = malloc((len + 1) * sizeof(*data->components));
if (data->components == NULL && len != 0)
return ENOMEM;
Or upgrade to newest version (mod_auth_kerb-5.3)
Home |
Main Index |
Thread Index |
Old Index