aboutsummaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorXin LI <delphij@FreeBSD.org>2017-07-12 07:13:56 +0000
committerXin LI <delphij@FreeBSD.org>2017-07-12 07:13:56 +0000
commitf52d4664e3f68828c06f85bfc1afa271e3e04713 (patch)
tree44f381ba39a3c47f4755a27ef35576bd60668555 /doc
parentfeec3621854ef6b1ccd3598df2202c0622929444 (diff)
downloadsrc-f52d4664e3f68828c06f85bfc1afa271e3e04713.tar.gz
src-f52d4664e3f68828c06f85bfc1afa271e3e04713.zip
Import upstream fix for CVE-2017-11103:
CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation In _krb5_extract_ticket() the KDC-REP service name must be obtained from encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unecrypted version provides an opportunity for successful server impersonation and other attacks. Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams. Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c Submitted by: hrs Obtained from: https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea Security: CVE-2017-11103 Security: FreeBSD-SA-17:05.heimdal
Notes
Notes: svn path=/vendor-crypto/heimdal/dist/; revision=320905
Diffstat (limited to 'doc')
0 files changed, 0 insertions, 0 deletions