Date: Wed, 09 Feb 2011 18:17:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:025 ] krb5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:025
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : krb5
 Date    : January 9, 2011
 Affected: 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities were discovered and corrected in krb5:
 
 The MIT krb5 KDC database propagation daemon (kpropd) is vulnerable to
 a denial-of-service attack triggered by invalid network input.  If a
 kpropd worker process receives invalid input that causes it to exit
 with an abnormal status, it can cause the termination of the listening
 process that spawned it, preventing the slave KDC it was running on
 From receiving database updates from the master KDC (CVE-2010-4022).
 
 The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable
 to denial of service attacks from unauthenticated remote attackers
 (CVE-2011-0281, CVE-2011-0282).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4022
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0281
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0282
 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-001.txt
 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 4257cc617b96c71c95256eab33442bc2  2010.1/i586/krb5-1.8.1-5.3mdv2010.2.i586.rpm
 025655b729ac32712c54f801849e93c2  2010.1/i586/krb5-pkinit-openssl-1.8.1-5.3mdv2010.2.i586.rpm
 b690a8719f533a29ae7f92397b8c89fd  2010.1/i586/krb5-server-1.8.1-5.3mdv2010.2.i586.rpm
 60cf99234bd79802947425404eb4493b  2010.1/i586/krb5-server-ldap-1.8.1-5.3mdv2010.2.i586.rpm
 adab88a879966d2a0daf4d17bfd288fc  2010.1/i586/krb5-workstation-1.8.1-5.3mdv2010.2.i586.rpm
 a481d252c831d40de9d7ccf00403105e  2010.1/i586/libkrb53-1.8.1-5.3mdv2010.2.i586.rpm
 b031d51a205194decf50c5187e0d0e50  2010.1/i586/libkrb53-devel-1.8.1-5.3mdv2010.2.i586.rpm 
 a2e5bcabf3633d6f32c214b03f1252eb  2010.1/SRPMS/krb5-1.8.1-5.3mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 586ecee11e45dc3266f172a58169a945  2010.1/x86_64/krb5-1.8.1-5.3mdv2010.2.x86_64.rpm
 d9418b6bfe4aff10c9de32d08a4cd4fc  2010.1/x86_64/krb5-pkinit-openssl-1.8.1-5.3mdv2010.2.x86_64.rpm
 31a9d6629d25eea120fbd11853e25e0c  2010.1/x86_64/krb5-server-1.8.1-5.3mdv2010.2.x86_64.rpm
 7fd34307e298b4f47970d3c77851ecdb  2010.1/x86_64/krb5-server-ldap-1.8.1-5.3mdv2010.2.x86_64.rpm
 42552d1978fc6e66c3d7138da59b103d  2010.1/x86_64/krb5-workstation-1.8.1-5.3mdv2010.2.x86_64.rpm
 362506d043aa087dcb743a0a3aa4f687  2010.1/x86_64/lib64krb53-1.8.1-5.3mdv2010.2.x86_64.rpm
 f5f376d22fe98cdb7ec542c9a917873a  2010.1/x86_64/lib64krb53-devel-1.8.1-5.3mdv2010.2.x86_64.rpm 
 a2e5bcabf3633d6f32c214b03f1252eb  2010.1/SRPMS/krb5-1.8.1-5.3mdv2010.2.src.rpm

 Mandriva Enterprise Server 5:
 9195a6f446623619ecca9433108b8ce2  mes5/i586/krb5-1.8.1-0.4mdvmes5.1.i586.rpm
 d0de4724705b78ebaccdc0f1e332bdc0  mes5/i586/krb5-pkinit-openssl-1.8.1-0.4mdvmes5.1.i586.rpm
 c573a00957ba2f5c9f813bf66d2639b6  mes5/i586/krb5-server-1.8.1-0.4mdvmes5.1.i586.rpm
 d8e5bb51f39680e0e034864f3c7ab389  mes5/i586/krb5-server-ldap-1.8.1-0.4mdvmes5.1.i586.rpm
 a6d37c289467daf9ec6be7386fd08804  mes5/i586/krb5-workstation-1.8.1-0.4mdvmes5.1.i586.rpm
 5fe3268dc275b2255503b45b9dad1710  mes5/i586/libkrb53-1.8.1-0.4mdvmes5.1.i586.rpm
 9fa6291f9bcf123e151743681c197e20  mes5/i586/libkrb53-devel-1.8.1-0.4mdvmes5.1.i586.rpm 
 f3636ce525a3743da670335fad739b4d  mes5/SRPMS/krb5-1.8.1-0.4mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 e8f92b4b8d9e80929bc40df9398e7407  mes5/x86_64/krb5-1.8.1-0.4mdvmes5.1.x86_64.rpm
 c7c9cc07256630ad3580ac8af6fd1731  mes5/x86_64/krb5-pkinit-openssl-1.8.1-0.4mdvmes5.1.x86_64.rpm
 da836bd502a81c68e486a59e0dc59576  mes5/x86_64/krb5-server-1.8.1-0.4mdvmes5.1.x86_64.rpm
 1b4f41d239d1e17b460711961a4be093  mes5/x86_64/krb5-server-ldap-1.8.1-0.4mdvmes5.1.x86_64.rpm
 0f63908285e6aba326b1af6b40456385  mes5/x86_64/krb5-workstation-1.8.1-0.4mdvmes5.1.x86_64.rpm
 a8d6ded793ecdfd542557a2ce625f212  mes5/x86_64/lib64krb53-1.8.1-0.4mdvmes5.1.x86_64.rpm
 3ad9fe51b83ba903dd347aae73bd8e09  mes5/x86_64/lib64krb53-devel-1.8.1-0.4mdvmes5.1.x86_64.rpm 
 f3636ce525a3743da670335fad739b4d  mes5/SRPMS/krb5-1.8.1-0.4mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNUp/qmqjQ0CJFipgRAg0nAJwO+ObUmGm8k1KR4skSGzTYl8SYCACeIiio
Qpo7J6nxtEPLAtCuOk53zwk=
=TsGk
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists