First Last Prev Next    This bug is not in your last search results.
Bug 1142545 - mod_auth_kerb segmentation fault when using basic authentication
mod_auth_kerb segmentation fault when using basic authentication
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Apache
Leap 15.0
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Michael Calmer
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-07-23 20:48 UTC by Tom Coogan
Modified: 2022-11-28 17:15 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
mod_auth_kerb.c patch (702 bytes, patch)
2019-07-23 20:48 UTC, Tom Coogan 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tom Coogan 2019-07-23 20:48:49 UTC 
Created attachment 811365 [details]
mod_auth_kerb.c patch

A segmentation fault is triggered in function authenticate_user_krb5pwd() when credentials are supplied using basic authentication.

A description of the bug and patch (attached to this report) is described at:
https://sourceforge.net/p/modauthkerb/bugs/61/

Since mod_auth_kerb is not being actively developed, it would be convenient if the patch was applied through the openSUSE build.  The source RPM already includes numerous patches to the mod_auth_kerb source.
Comment 1 Petr Gajdos 2019-07-24 08:09:14 UTC 
Thanks for the report, reassigning to the package maintainer.

(In reply to Tom Coogan from comment #0)
> Since mod_auth_kerb is not being actively developed, it would be convenient
> if the patch was applied through the openSUSE build.  The source RPM already
> includes numerous patches to the mod_auth_kerb source.

I would recommend to drop it from openSUSE:Factory then (it was even dropped in SLE between 12 and 15). apache2-mod_auth_kerb can remain in Apache:Modules built for whatever openSUSE and SUSE version.
Comment 2 Kristyna Streitova 2019-07-24 13:34:30 UTC 
I submitted the patch for openSUSE:Leap:15/15.1 (mr#718260) and for Apache:Modules (sr#718261).

Petr is right, if mod_auth_kerb is not maintained by upstream anymore, it's pointless to keep it in Factory. I opened a request for deletion from Factory (req#718259). It can stay in Apache:Modules for hard-core fans.
Comment 3 Swamp Workflow Management 2019-07-24 14:10:07 UTC 
This is an autogenerated message for OBS integration:
This bug (1142545) was mentioned in
https://build.opensuse.org/request/show/718260 15.0+15.1 / apache2-mod_auth_kerb
Comment 4 Swamp Workflow Management 2019-08-19 16:14:11 UTC 
openSUSE-RU-2019:1953-1: An update that has one recommended fix can now be installed.

Category: recommended (moderate)
Bug References: 1142545
CVE References: 
Sources used:
openSUSE Leap 15.1 (src):    apache2-mod_auth_kerb-5.4-lp151.3.3.1
openSUSE Leap 15.0 (src):    apache2-mod_auth_kerb-5.4-lp150.2.3.1
Comment 5 Swamp Workflow Management 2019-08-24 22:17:54 UTC 
openSUSE-RU-2019:2006-1: An update that has one recommended fix can now be installed.

Category: recommended (moderate)
Bug References: 1142545
CVE References: 
Sources used:
openSUSE Backports SLE-15-SP1 (src):    apache2-mod_auth_kerb-5.4-bp151.4.3.1
openSUSE Backports SLE-15 (src):    apache2-mod_auth_kerb-5.4-bp150.3.3.1
Comment 6 Swamp Workflow Management 2020-01-29 20:43:19 UTC 
openSUSE-RU-2020:0130-1: An update that has one recommended fix can now be installed.

Category: recommended (moderate)
Bug References: 1142545
CVE References: 
Sources used:
openSUSE Backports SLE-15-SP1 (src):    apache2-mod_auth_kerb-5.4-bp151.4.6.1
Comment 7 OBSbugzilla Bot 2022-11-28 17:15:03 UTC 
This is an autogenerated message for OBS integration:
This bug (1142545) was mentioned in
https://build.opensuse.org/request/show/1038742 Backports:SLE-15-SP4 / apache2-mod_auth_kerb
First Last Prev Next    This bug is not in your last search results.