[<prev] [next>] [day] [month] [year] [list]
Message-ID: <46154582.6070805@foresightlinux.org>
Date: Thu, 05 Apr 2007 14:52:50 -0400
From: Foresight Linux Essential Announcement Service <foresight-security-noreply@...esightlinux.org>
To: foresight-security-announce@...ts.rpath.org
Cc: lwn@....net, full-disclosure@...ts.grok.org.uk,
bugtraq@...urityfocus.com
Subject: FLEA-2007-0008-1: krb5
Foresight Linux Essential Advisory: 2007-0008-1
Published: 2007-04-05
Rating: Informational
Updated Versions:
krb5=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
krb5-server=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
krb5-services=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
krb5-test=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
krb5-workstation=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
group-dist=/foresight.rpath.org@fl:1-devel//1/1.1-0.13-2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216
https://issues.rpath.com/browse/RPL-1212
Description:
Previous versions of the krb5 package are vulnerable to three attacks that
can be triggered remotely, one of which is known to provide unauthenticated
unrestricted shell access to any system running the krb5 telnet daemon.
Foresight Linux proper is not vulnerable to these attacks, since krb5-server is
not included in Foresight.
Powered by blists - more mailing lists