Patch-ID# 112925-08
Download this patch from My Oracle Support
Your use of the firmware, software and any other materials contained
in this update is subject to My Oracle Support Terms of Use, which
may be viewed at My Oracle Support.
|
For further information on patching best practices and resources, please
see the following links:
|
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
Keywords: security ktutil kdb5_util kadmin kadmin.local kdestroy kinit klist kpasswd kerberos
Synopsis: SunOS 5.9: ktutil kdb5_util kadmin kadmin.local kadmind Patch
Date: Nov/08/2007
Install Requirements: Reboot after installing this patch to activate the changes delivered. An alternative may be specified in the Special Install Instructions.
Solaris Release: 9
SunOS Release: 5.9
Unbundled Product:
Unbundled Release:
Xref: This patch available for SPARC as patch 116044
Topic: SunOS 5.9: ktutil kdb5_util kadmin kadmin.local kadmind Patch
Relevant Architectures: sparc
Bugs fixed with this patch:
Changes incorporated in this version: 6538725 6558280
Patches accumulated and obsoleted by this patch: 112730-02 112731-02 112924-01
Patches which conflict with this patch:
Patches required with this patch: 112908-02 (or greater)
Obsoleted by:
Files included with this patch:
/usr/bin/kdestroy
/usr/bin/kinit
/usr/bin/klist
/usr/bin/kpasswd
/usr/bin/ktutil
/usr/lib/krb5/kadmind
/usr/sbin/kadmin
/usr/sbin/kadmin.local
/usr/sbin/kdb5_util
Problem Description:
6538725 ktutil can't list keys with unknown (unsupported) encryption types.
6558280 klist and ktutil should be more detailed about message displayed for
unsupported encryption type
(from 112925-07)
6538001 KDC, kadmind stack overflow in krb5_klog_syslog (CVE-2007-0957)
6562672 kadmind vulnerable to buffer overflow [ MITKRB5-SA-2007-005 ]
(from 112925-06)
5110105 addprinc with -randkey, {-/+} <flag> does *not* honor
default_principal_flags
(from 112925-05)
4955217 kadmind grows to use a large amount of memory and eventually runs out of
swap
(from 112925-04)
4837278 Kerberos utilities should include automigrate capability
(from 112925-03)
4836676 Bounds checks not in place for princs in krbv5
(from 112925-02)
4646370 kadmin listprincs needs paging for accessibility
(from 112925-01)
This patch revision accumulates and obsoletes Solaris Update s9u1
feature point patch 112731-02.
(from 112731-02)
This patch revision synchronizes the package version strings
between s9 and s9u1
(from 112731-01)
4642879 Kerberos Mechanism Re-sync with MIT 1.2.1
4197937 gss_init_sec_context() doesn't set GSS_C_TRANS_FLAG
4220042 "kadmin: add_principal -expire "9/1/1999 7:00am" xhu" doesn't work
(from 112924-01)
This patch revision was generated to accumulate and obsolete
the changes introduced in Solaris Update: s9u1
feature point patches: 112730-02
(from 112730-02)
This patch revision was generated to synchronize the
package version string between s9 and s9u1
(from 112730-01)
4642879 Kerberos Mechanism Re-sync with MIT 1.2.1
4197937 gss_init_sec_context() doesn't set GSS_C_TRANS_FLAG
4220042 "kadmin: add_principal -expire "9/1/1999 7:00am" xhu" doesn't work
Patch Installation Instructions:
--------------------------------
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
For Solaris 7-10 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions. The following example
installs a patch to a standalone machine:
example# patchadd /var/spool/patch/104945-02
The following example removes a patch from a standalone system:
example# patchrm 104945-02
For additional examples please see the appropriate man pages.
Special Install Instructions:
-----------------------------
NOTE 1: To get the complete Kerberos feature, please also install the
following patches:
112907-01 (or greater) libgss patch
112908-01 (or greater) krb5 shared object patch
112921-01 (or greater) libkadm5 patch
112922-01 (or greater) krb5 lib patch
112923-01 (or greater) krb5 usr/lib patch
NOTE 2: To get the complete fix of bug 4836676 (Bounds checks not in
place for princs in krbv5), please also install the following
patches:
112921-02 (or greater) libkadm5 patch
112923-03 (or greater) krb5 usr/lib patch
112908-10 (or greater) krb5 shared object patch
NOTE 3: To get the complete fix for bugID 4937278, please also install the
following patches:
112908-15 (or greater) krb5 shared object patch
112921-05 (or greater) libkadm5 patch
NOTE 4: To get the complete fix for bugID 5110105 (addprinc with -randkey,
{-/+} <flag> does *not* honor default_principal_flags), please also
install the following patch:
112921-07 (or greater) libkadm5 patch
NOTE 5: To get the complete fix for KDC, kadmind stack overflow and buffer
overflow, please install the following patches:
112921-09 (or greater) libkadm5 patch
112923-04 (or greater) krb5 usr/lib patch
NOTE: The list of 'patches required with this patch' (above) has been
modified from the list specified at patch creation time. The reason for
the modification is that one or more of the required patches was
either never released or withdrawn after its release. The following
substitutions (which are guaranteed to satisfy the original requirements)
were therefore made:
112908-02 replaces 112908-01
README -- Last modified date: Friday, November 9, 2012