Commit cca1cd9a authored Mar 03, 2010 by Dr. Stephen Henson

Submitted by: Tomas Hoger <thoger@redhat.com>

Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).

parent 2c772c87

CHANGES

+6 −0

Original line number	Diff line number	Diff line
		@@ -910,6 +910,12 @@
		*) Change 'Configure' script to enable Camellia by default.
		[NTT]

		Changes between 0.9.8m and 0.9.8n [xx XXX xxxx]

		*) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
		could be crashed if the relevant tables were not present (e.g. chrooted).
		[Tomas Hoger <thoger@redhat.com>]

		Changes between 0.9.8l and 0.9.8m [xx XXX xxxx]

		*) Fix X509_STORE locking: Every 'objs' access requires a lock (to

ssl/kssl.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -1803,6 +1803,9 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx)
		kssl_ctx->service_name ? kssl_ctx->service_name: KRB5SVC,
		KRB5_NT_SRV_HST, &princ);

		if (krb5rc)
		goto exit;

		krb5rc = krb5_kt_get_entry(krb5context, krb5keytab,
		princ,
		0 /* IGNORE_VNO */,