Diffusion FreeBSD src repository f8041e3628bd

Heimdal: Fix transit path validation CVE-2017-6594
f8041e3628bd
Actions

Description

Heimdal: Fix transit path validation CVE-2017-6594

Apply upstream b1e699103. This fixes a bug introduced by upstream
f469fc6 which may in some cases enable bypass of capath policy.

Upstream writes in their commit log:

Note, this may break sites that rely on the bug.  With the bug some
incomplete [capaths] worked, that should not have.  These may now break
authentication in some cross-realm configurations.

Reported by: emaste
Security: CVE-2017-6594
Obtained from: upstream b1e699103
MFC after: 1 week

Details

Provenance

cy	Authored on Feb 14 2024, 7:56 PM

Parents

rG57d312b8eac9: pci_pci: Remove obsolete comment

Branches

Unknown

Tags

Unknown

Event Timeline

cy committed rGf8041e3628bd: Heimdal: Fix transit path validation CVE-2017-6594 (authored by cy).Feb 15 2024, 9:27 PM

cy mentioned this in rG4712696c8f46: Heimdal: Fix transit path validation CVE-2017-6594.Feb 21 2024, 1:43 PM

cy mentioned this in rG9a7121454dc0: Heimdal: Fix transit path validation CVE-2017-6594.

cy mentioned this in rGaac9dda7f844: Heimdal: Fix transit path validation CVE-2017-6594.Feb 21 2024, 2:02 PM

Changes (1)

Path

Size

crypto/

heimdal/

kdc/

krb5tgs.c

rGf8041e3628bd

View Options

crypto/heimdal/kdc/krb5tgs.c