From: Wenzong Fan <wenzong....@windriver.com> The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authentic- ated users to forge tickets by leveraging administrative access.
This back-ported patch fixes CVE-2014-5351. The following changes since commit c78eca1ea7452a62f86b740ec59f1cd39e399d73: postfix: create or update aliases.db when using systemd (2014-11-10 15:18:55 -0500) are available in the git repository at: git://git.pokylinux.org/poky-contrib wenzong/cve-krb5 http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/cve-krb5 Wenzong Fan (1): krb5: fix CVE-2014-5351 ...rn-only-new-keys-in-randkey-CVE-2014-5351.patch | 92 ++++++++++++++++++++ meta-oe/recipes-connectivity/krb5/krb5_1.12.2.bb | 1 + 2 files changed, 93 insertions(+) create mode 100644 meta-oe/recipes-connectivity/krb5/krb5/0001-Return-only-new-keys-in-randkey-CVE-2014-5351.patch -- 1.7.9.5 -- _______________________________________________ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel