Patch-ID# 112923-04


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security krb5 kerberos ticket expiry warn mail address
Synopsis: SunOS 5.9: krb5 usr/lib patch
Date: Aug/10/2007


Install Requirements: Reboot after installing this patch to activate the changes delivered. An alternative may be specified in the Special Install Instructions.

Solaris Release: 9

SunOS Release: 5.9

Unbundled Product:

Unbundled Release:

Xref: This patch available for x86 as patch 116045

Topic: SunOS 5.9: krb5 usr/lib patch

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
419793714977637
422004214983277
464287915098102
470362215112057
483667615152065
653800115386063


Changes incorporated in this version: 6538001

Patches accumulated and obsoleted by this patch: 112729-02

Patches which conflict with this patch:

Patches required with this patch: 112908-02 (or greater)

Obsoleted by:

Files included with this patch:

/usr/lib/krb5/kprop
/usr/lib/krb5/kpropd
/usr/lib/krb5/krb5kdc
/usr/lib/krb5/ktkt_warnd

Problem Description:

6538001 KDC, kadmind stack overflow in krb5_klog_syslog (CVE-2007-0957)
 
(from 112923-03)
 
4836676 Bounds checks not in place for princs in krbv5
 
(from 112923-02)
 
4703622 ktkt_warnd inserts '' between mail address which cause mail notification to fail
 
(from 112923-01)
 
        This patch revision accumulates/obsoletes Solaris Update S9U1
        feature point patches 112729-02.
 
(from 112729-02)
 
        This patch revision synchronizes package version strings between S9 and S9U1.
 
(from 112729-01)
 
4642879 Kerberos Mechanism Re-sync with MIT 1.2.1
4197937 gss_init_sec_context() doesn't set GSS_C_TRANS_FLAG
4220042 "kadmin: add_principal -expire "9/1/1999 7:00am" xhu" doesn't work


Patch Installation Instructions:
--------------------------------
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-10 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.


Special Install Instructions:
-----------------------------
 
NOTE 1:  To get the complete Kerberos feature, please install the following
         patches:
 
         112907-01 (or greater)  libggs patch
         112908-01 (or greater)  krb5 shared object patch 
         112921-01 (or greater)  libkadm5 library patch
         112922-01 (or greater)  krb5 shared libs patch
         112923-01 (or greater)  krb5 usr/lib patch (this patch)
         112924-01 (or greater)  kinit klist kpasswd patch
         112925-01 (or greater)  kerberos utils & admin patch
 
NOTE 2:  To get the complete fix for bugID 4836676 (Bounds checks not in
         place for princs in krbv5), please install the following patches:
 
         112908-10 (or greater)  krb5 shared object patch  
         112921-02 (or greater)  libkadm5 library patch 
         112923-03 (or greater)  krb5 usr/lib patch (this patch)
         112925-03 (or greater)  kerberos utils & admin patch
 
NOTE 3:  To get the complete fix for KDC, kadmind stack overflow and buffer
         overflow, please install the following patches:
 
         112921-09 (or greater)  libkadm5 library patch
         112925-07 (or greater)  kerberos utils & admin patch



NOTE: The list of 'patches required with this patch' (above) has been
modified from the list specified at patch creation time. The reason for
the modification is that one or more of the required patches was
either never released or withdrawn after its release. The following
substitutions (which are guaranteed to satisfy the original requirements)
were therefore made:

112908-02 replaces 112908-01


README -- Last modified date: Friday, November 9, 2012