oss-sec mailing list archives
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization
From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 24 Apr 2012 12:03:58 +0200
* Marcus Meissner:
Would you mind sharing the patch you used in SLE packages? It does not seem to have been fixed in OpenSUSE yet. Thanks!I just did a basic uid check.
Shouldn't you check GID against EGID, too, for completeness?
Current thread:
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Sebastian Krahmer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Sebastian Krahmer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Sebastian Krahmer (Apr 24)