oss-sec mailing list archives
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization
From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 24 Apr 2012 15:09:02 +0200
* Sebastian Krahmer:
nfs-client-1.2.5 rpm which is probably a result of the nfs-utils-1.2.5 source package.
Thanks, it turns out that the dependency on libgssglue is pulled in via libtirpc. This doesn't happen in older versions (with Sun RPC from libc, I guess).
Current thread:
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Sebastian Krahmer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Sebastian Krahmer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Sebastian Krahmer (Apr 24)