--- librpcsecgss-0.13.orig/src/svc_auth_gss.c +++ librpcsecgss-0.13/src/svc_auth_gss.c @@ -421,6 +421,14 @@ memset(rpchdr, 0, sizeof(rpchdr)); /* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */ + oa = &msg->rm_call.cb_cred; + if (oa->oa_length > MAX_AUTH_BYTES) + return (FALSE); + + if (sizeof(rpchdr) < (8 * BYTES_PER_XDR_UNIT + + RNDUP(oa->oa_length))) + return (FALSE); + buf = (int32_t *)rpchdr; IXDR_PUT_LONG(buf, msg->rm_xid); IXDR_PUT_ENUM(buf, msg->rm_direction); @@ -428,7 +436,6 @@ IXDR_PUT_LONG(buf, msg->rm_call.cb_prog); IXDR_PUT_LONG(buf, msg->rm_call.cb_vers); IXDR_PUT_LONG(buf, msg->rm_call.cb_proc); - oa = &msg->rm_call.cb_cred; IXDR_PUT_ENUM(buf, oa->oa_flavor); IXDR_PUT_LONG(buf, oa->oa_length); if (oa->oa_length) { --- librpcsecgss-0.13.orig/debian/control +++ librpcsecgss-0.13/debian/control @@ -1,14 +1,15 @@ Source: librpcsecgss Section: libs Priority: optional -Maintainer: J. Bruce Fields -Build-Depends: debhelper (>= 5.0.0), libkrb5-dev, libgssapi-dev, cdbs, pkg-config -Standards-Version: 3.6.2 +Maintainer: Anibal Monsalve Salazar +Uploaders: Steinar H. Gunderson , Daniel Baumann +Build-Depends: debhelper (>= 5), libkrb5-dev, libgssapi-dev, cdbs, pkg-config +Standards-Version: 3.7.2 Package: librpcsecgss-dev Section: libdevel Architecture: any -Depends: librpcsecgss1 (= ${Source-Version}) +Depends: librpcsecgss2 (= ${Source-Version}) Description: header files and docs for librpcsecgss Contains the header files and documentation for librpcsecgss for use in developing applications that use the rpcsecgss library. @@ -17,7 +18,8 @@ . Homepage: http://www.citi.umich.edu/projects/nfsv4/linux/ -Package: librpcsecgss1 +Package: librpcsecgss2 +Priority: standard Section: libs Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} --- librpcsecgss-0.13.orig/debian/changelog +++ librpcsecgss-0.13/debian/changelog @@ -1,3 +1,58 @@ +librpcsecgss (0.13-2ubuntu0.2) edgy-security; urgency=low + + * SECURITY UPDATE: code execution via 32 byte stack overflow. + * src/svc_auth_gss.c: further fixes from krb5 upstream applied inline. + * References + CVE-2007-4743 + + -- Kees Cook Thu, 06 Sep 2007 15:21:46 -0700 + +librpcsecgss (0.13-2ubuntu0.1) edgy-security; urgency=low + + * SECURITY UPDATE: code execution via stack overflow in RPCSEC_GSS + * src/svc_auth_gss.c: patched inline from krb5 fixes. + * References + CVE-2007-3999 + + -- Kees Cook Tue, 04 Sep 2007 12:09:34 -0700 + +librpcsecgss (0.13-2) unstable; urgency=low + + * Updated co-maintainer mail address. + + -- Anibal Monsalve Salazar Wed, 05 Jul 2006 14:44:58 +1000 + +librpcsecgss (0.13-1) unstable; urgency=low + + * New upstream release. + + -- Anibal Monsalve Salazar Fri, 09 Jun 2006 15:37:03 +1000 + +librpcsecgss (0.12-1) unstable; urgency=low + + * New upstream release. + * New maintainer. + * Set Standards-Version to 3.7.2. + + -- Anibal Monsalve Salazar Fri, 02 Jun 2006 17:00:03 +1000 + +librpcsecgss (0.11-1) unstable; urgency=low + + * New upstream release + * changes: + -Remove all unnecessary headers from this distribution and instead + use the headers provided by glibc. This should fix problems reported + on 64-bit platforms. + -Fix compiler errors and most warnings due to these changes. + -Add install code to remove old versions of our headers that may have + been previously installed. + -Change soname and version. + * debian/control: + -added Anibal Monsalve Salazar and Steinar H. Gunderson to Uploaders: + -bump library version to librpcsecgss2 + + -- Timo Aaltonen Thu, 27 Apr 2006 08:26:26 +0300 + librpcsecgss (0.10-1) unstable; urgency=low * New upstream release --- librpcsecgss-0.13.orig/debian/librpcsecgss2.install +++ librpcsecgss-0.13/debian/librpcsecgss2.install @@ -0,0 +1 @@ +debian/tmp/usr/lib/lib*.so.*