Patch-ID# 112534-03


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security kerberos mech_krb5.so.1 gss mech
Synopsis: SEAM 1.0: patch for Solaris 2.6
Date: Nov/13/2003


Install Requirements: NA

Solaris Release: 2.6

SunOS Release: 5.6

Unbundled Product: Solaris Enterprise Authentication Mechanism

Unbundled Release: 1.0

Xref: This patch available for x86 as patch 112535

Topic:

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
433862215025875
469135215109288
483667615152065


Changes incorporated in this version: 4836676

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:

/kernel/misc/kgss/do_kmech_krb5
/kernel/misc/kgss/gl_kmech_krb5
/usr/lib/gss/do/mech_krb5.so
/usr/lib/gss/do/mech_krb5.so.1
/usr/lib/gss/gl/mech_krb5.so
/usr/lib/gss/gl/mech_krb5.so.1

Problem Description:

4836676 Bounds checks not in place for princs in krbv5
 
(from 112534-02)
 
4691352 Multiple Kerberos vulnerabilities need to be fixed
 
(from 112534-01)
 
4338622 BUFFER OVERRUN VULNERABILITIES IN KERBEROS (SEAM)


Patch Installation Instructions:
-------------------------------- 
Refer to the Install.info file for instructions on using the
generic 'installpatch' and 'backoutpatch' scripts provided with
each patch.  Any other special or non-generic installation
instructions should be described below as special instructions.


Special Install Instructions:
----------------------------- 
For Bug ID 4338622, the complete fix requires
patch 110057-05 (or newer). Although patches 112534-01 and
110057-05 do not require/depend on each other,
the complete resolution for the bug requires both.
 
For Bug ID 4836676, the complete fix requires
patch 110057-07 (or newer). Although patches 112534-03 and
110057-07 do not require/depend on each other,
the complete resolution for the bug requires both.


README -- Last modified date: Friday, November 9, 2012