Patch-ID# 116046-10
Download this patch from My Oracle Support
|
Your use of the firmware, software and any other materials contained
in this update is subject to My Oracle Support Terms of Use, which
may be viewed at My Oracle Support.
|
|
For further information on patching best practices and resources, please
see the following links:
|
|
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
Keywords: security libkadm5srv.so.1 krbv5 pam_krb5
Synopsis: SunOS 5.9_x86: libkadm5 patch
Date: Oct/10/2011
Install Requirements: Reboot after installing this patch to activate the changes delivered. An alternative may be specified in the Special Install Instructions.
Solaris Release: 9_x86
SunOS Release: 5.9_x86
Unbundled Product:
Unbundled Release:
Xref: This patch available for SPARC as patch 112921
Topic: SunOS 5.9_x86: libkadm5 patch
Relevant Architectures: i386
Bugs fixed with this patch:
Changes incorporated in this version: 6997583 7059086 7061008
Patches accumulated and obsoleted by this patch:
Patches which conflict with this patch:
Patches required with this patch:
Obsoleted by:
Files included with this patch:
/usr/lib/krb5/abi/abi_libkadm5srv.so.1
/usr/lib/krb5/libkadm5srv.so.1
/usr/lib/krb5/libss.so.1
/usr/sbin/kadmin
/usr/sbin/kadmin.local
Problem Description:
6997583 problem with Kerberos kdc
7059086 problem with Kerberos admin
7061008 problem with Kerberos admin
(from 116046-09)
6538001 KDC, kadmind stack overflow in krb5_klog_syslog (CVE-2007-0957)
(from 116046-08)
6215066 kadm apps can not bind to kadmind if admin_server specifies port #
6496178 krb5 mech resends AS-REQ to the same KDC (master) after user enters a bad password
(from 116046-07)
5110105 addprinc with -randkey, {-/+} <flag> does *not* honor default_principal_flags
(from 116046-06)
6209960 heap buffer overflow in libkadm5srv
(from 116046-05)
This revision addresses a build error which didn't include fix 4837278.
(from 116046-04)
4837278 Kerberos utilities should include automigrate capability
(from 116046-03)
4836676 (additional rework) bounds checks not in place for princs in krbv5
(from 116046-02)
4836676 (rework) bounds checks not in place for princs in krbv5
(from 116046-01)
4836676 bounds checks not in place for princs in krbv5
Patch Installation Instructions:
--------------------------------
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
The following example installs a patch to a standalone machine:
example# patchadd /var/spool/patch/123456-07
The following example removes a patch from a standalone system:
example# patchrm 123456-07
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.
Special Install Instructions:
-----------------------------
NOTE 1: To get the complete fix for BugId 4836676 (bounds checks not in place
for princs in krbv5), please also install the following patches:
113990-04 (or greater) mech_krb5.so.1 gl_kmech_krb5 patch
115168-02 (or greater) pam_krb5.so.1 patch
116044-01 (or greater) kdb5_util patch
116045-01 (or greater) krb5kdc patch
116046-03 (or greater) libkadm5 patch (This patch)
NOTE 2: To get the complete fix for BugId 4837278 (Kerberos utilities should
include automigrate capability), please also install the following
patches:
115168-05 (or greater) pam_krb5.so.1 patch
116044-02 (or greater) kdb5_util patch
NOTE 3: To get the complete fix for BugId 6496178 (krb5 mech resends AS-REQ
to the same KDC (master) after user enters a bad password), please
also install the following patch:
115168-15 (or greater) krb5 shared object patch
NOTE 4: To get the complete fix for KDC and kadmind stack/buffer overflows,
please also install the following patches:
116044-04 (or greater) kdb5_util patch
116045-02 (or greater) krb5kdc patch
116175-05 (or greater) pam_krb5 patch
README -- Last modified date: Saturday, November 10, 2012