MIT KRB5 Security patches:

1. MIT krb5 Security Advisory 2007-001: Telnetd allows login as arbitrary user
   CVE: CVE-2007-0956
   CERT: VU#220816

2. MIT krb5 Security Advisory 2007-002: KDC, kadmind stack overflow in krb5_klog_syslog
   CVE: CVE-2007-0957
   CERT: VU#704024

1 files changed, 31 insertions, 0 deletions

diff --git a/security/krb5-16/files/patch-kadmin-server-kadm_rpc_svc.c b/security/krb5-16/files/patch-kadmin-server-kadm_rpc_svc.c
new file mode 100644
index 000000000000..40cc158e5fe3
--- /dev/null
+++ b/security/krb5-16/files/patch-kadmin-server-kadm_rpc_svc.c
@@ -0,0 +1,31 @@
+--- kadmin/server/kadm_rpc_svc.c.orig	Fri Mar 31 19:08:17 2006
++++ kadmin/server/kadm_rpc_svc.c	Wed Apr  4 13:53:04 2007
+@@ -250,6 +250,8 @@
+      krb5_data *c1, *c2, *realm;
+      gss_buffer_desc gss_str;
+      kadm5_server_handle_t handle;
++     size_t slen;
++     char *sdots;
+ 
+      success = 0;
+      handle = (kadm5_server_handle_t)global_server_handle;
+@@ -274,6 +276,8 @@
+      if (ret == 0)
+ 	  goto fail_name;
+ 
++     slen = gss_str.length;
++     trunc_name(&slen, &sdots);
+      /*
+       * Since we accept with GSS_C_NO_NAME, the client can authenticate
+       * against the entire kdb.  Therefore, ensure that the service
+@@ -296,8 +300,8 @@
+ 
+ fail_princ:
+      if (!success) {
+-	 krb5_klog_syslog(LOG_ERR, "bad service principal %.*s",
+-			  gss_str.length, gss_str.value);
++	 krb5_klog_syslog(LOG_ERR, "bad service principal %.*s%s",
++			  slen, gss_str.value, sdots);
+      }
+      gss_release_buffer(&min_stat, &gss_str);
+      krb5_free_principal(kctx, princ);