Patch-ID# 112921-10
Download this patch from My Oracle Support
Your use of the firmware, software and any other materials contained
in this update is subject to My Oracle Support Terms of Use, which
may be viewed at My Oracle Support.
|
For further information on patching best practices and resources, please
see the following links:
|
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
Keywords: security libkadm5 pam_krb5 krb5 lib kerberos
Synopsis: SunOS 5.9: libkadm5 Patch
Date: Oct/10/2011
Install Requirements: After installing this patch on an active boot environment, the system will be in a potentially inconsistent state until a reboot is performed. Unless
otherwise specified in the Special Install Instructions below, it is normally safe to apply further patches prior to initiating the reboot due to the relatively small footprint of the patch utilities. Normal operations must not be resumed until after the reboot is performed.
Use Single User Mode (run level S) when installing this patch on an active boot environment. An alternative may be specified in the Special Install Instructions.
Solaris Release: 9
SunOS Release: 5.9
Unbundled Product:
Unbundled Release:
Xref: This patch available for x86 as patch 116046
Topic: SunOS 5.9: libkadm5 Patch
Relevant Architectures: sparc
Bugs fixed with this patch:
Changes incorporated in this version: 6997583 7059086 7061008
Patches accumulated and obsoleted by this patch: 112725-02 112728-02 112922-02
Patches which conflict with this patch:
Patches required with this patch: 112908-02 (or greater)
Obsoleted by:
Files included with this patch:
/usr/lib/krb5/abi/abi_libdb2.so.1
/usr/lib/krb5/abi/abi_libdyn.so.1
/usr/lib/krb5/abi/abi_libkadm5clnt.so.1
/usr/lib/krb5/abi/abi_libkadm5srv.so.1
/usr/lib/krb5/abi/abi_libkdb.so.1
/usr/lib/krb5/abi/abi_libss.so.1
/usr/lib/krb5/abi/sparcv9/abi_libkadm5clnt.so.1
/usr/lib/krb5/libdb2.so.1
/usr/lib/krb5/libdyn.so.1
/usr/lib/krb5/libkadm5clnt.so.1
/usr/lib/krb5/libkadm5srv.so.1
/usr/lib/krb5/libkadmin.so.1
/usr/lib/krb5/libkdb.so.1
/usr/lib/krb5/libss.so.1
/usr/lib/krb5/sparcv9/libkadm5clnt.so.1
Problem Description:
6997583 problem with Kerberos kdc
7059086 problem with Kerberos admin
7061008 problem with Kerberos admin
(from 112921-09)
6538001 KDC, kadmind stack overflow in krb5_klog_syslog (CVE-2007-0957)
(from 112921-08)
6215066 kadm apps can not bind to kadmind if admin_server specifies port #
6496178 krb5 mech resends AS-REQ to the same KDC (master) after user enters a bad password
(from 112921-07)
5110105 addprinc with -randkey, {-/+} <flag> does *not* honor default_principal_flags
(from 112921-06)
6209960 heap buffer overflow in libkadm5srv
(from 112921-05)
4837278 Kerberos utilities should include automigrate capability
(from 112921-04)
4810632 kadmin -c <ccache> destroys the ccache when user quits the kadmin program
(from 112921-03)
4727188 kadmin core dumps when talking to MIT kadmind
4831653 pam_krb5 password aging causes a long delay if the admin_server is down
(from 112921-02)
4836676 bounds checks not in place for princs in krbv5
4838735 pam_krb5 not closing kadmin RPC sessions for pwd changes causing fd's to linger
(from 112921-01)
This revision accumulates S9U1 feature point patch 112725-02.
(from 112725-02)
This revision synchronizes the package version strings between
S9 and S9U1.
(from 112725-01)
4642879 Kerberos Mechanism Re-sync with MIT 1.2.1
4197937 gss_init_sec_context() doesn't set GSS_C_TRANS_FLAG
4220042 "kadmin: add_principal -expire "9/1/1999 7:00am" xhu" doesn't work
(from 112922-02)
4668699 buffer overflow in dbm_open and dbminit (except the one in libc)
(from 112922-01)
This revision accumulates S9U1 feature point patch 112728-02.
(from 112728-02)
This revision synchronizes the package version strings between
S9 and S9U1.
(from 112728-01)
4642879 Kerberos Mechanism Re-sync with MIT 1.2.1
4197937 gss_init_sec_context() doesn't set GSS_C_TRANS_FLAG
4220042 "kadmin: add_principal -expire "9/1/1999 7:00am" xhu" doesn't work
Patch Installation Instructions:
--------------------------------
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
The following example installs a patch to a standalone machine:
example# patchadd /var/spool/patch/123456-07
The following example removes a patch from a standalone system:
example# patchrm 123456-07
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.
Special Install Instructions:
-----------------------------
NOTE 1: To get the complete Kerberos feature, please also install the
following patches:
112923-01 (or greater) krb5 usr/lib Patch
112924-01 (or greater) kinit klist kpasswd patch
112925-01 (or greater) kerberos utils & admin patch
NOTE 2: To get the complete fix for BugId 4836676 (bounds checks not in place
for princs in krbv5), please also install the following patches:
112908-10 (or greater) krb5 shared object patch
112923-03 (or greater) krb5 usr/lib Patch
112925-03 (or greater) kerberos utils & admin patch
NOTE 3: To get the complete fix for BugId 4837278 (Kerberos utilities should
include automigrate capability), please also install the following
patches:
112908-15 (or greater) krb5 shared object patch
112925-04 (or greater) kerberos utils & admin patch
NOTE 4: To get the complete fix for BugId 5110105 (addprinc with -randkey,
{-/+} <flag> does *not* honor default_principal_flags), please also
install the following patch:
112925-06 (or greater) kerberos utils & admin patch
NOTE 5: To get the complete fix for BugId 6496178 (krb5 mech resends AS-REQ
to the same KDC (master) after user enters a bad password), please
also install the following patch:
112908-30 (or greater) krb5 shared object patch
NOTE 6: To get the complete fix for KDC and kadmind stack/buffer overflows,
please also install the following patches:
112923-04 (or greater) krb5 usr/lib Patch
112925-07 (or greater) kerberos utils & admin patch
NOTE 7: To get a complete fix for BugId 4668699 (buffer overflow in
dbm_open and dbminit (except the one in libc)), please also
install the following patches:
113319-08 (or greater) libnsl.so.1 Patch
114569-01 (or greater) libdbm.so.1 Patch
114571-01 (or greater) libc.so.*.9 Patch
NOTE: The list of 'patches required with this patch' (above) has been
modified from the list specified at patch creation time. The reason for
the modification is that one or more of the required patches was
either never released or withdrawn after its release. The following
substitutions (which are guaranteed to satisfy the original requirements)
were therefore made:
112908-02 replaces 112908-01
README -- Last modified date: Friday, November 9, 2012