lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1I3OJ0-0007zm-Hf@artemis.annvix.ca>
Date: Tue, 26 Jun 2007 21:34:58 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2007:137 ] - Updated krb5 packages fix vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:137
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : krb5
 Date    : June 26, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 David Coffey discovered an uninitialized pointer free flaw in the
 RPC library used by kadmind.  A remote unauthenticated attacker who
 could access kadmind could trigger the flaw causing kadmind to crash
 or possibly execute arbitrary code (CVE-2007-2442).
 
 David Coffey also discovered an overflow flaw in the same RPC library.
 A remote unauthenticated attacker who could access kadmind could
 trigger the flaw causing kadmind to crash or possibly execute arbitrary
 code (CVE-2007-2443).
 
 Finally, a stack buffer overflow vulnerability was found in kadmind
 that allowed an unauthenticated user able to access kadmind the
 ability to trigger the vulnerability and possibly execute arbitrary
 code (CVE-2007-2798).
 
 Updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2443
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2798
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 c40e0406d699b6462958ba826bc07b0f  2007.0/i586/ftp-client-krb5-1.4.3-6.2mdv2007.0.i586.rpm
 277d33c0658a89d6cb84cb1f59c92c26  2007.0/i586/ftp-server-krb5-1.4.3-6.2mdv2007.0.i586.rpm
 113dac274e1114a18cc98574751bce78  2007.0/i586/krb5-server-1.4.3-6.2mdv2007.0.i586.rpm
 e8cdd1aabdf760187281469abe2652ba  2007.0/i586/krb5-workstation-1.4.3-6.2mdv2007.0.i586.rpm
 c7e9a8326e18ea7f0b410422f3a6606e  2007.0/i586/libkrb53-1.4.3-6.2mdv2007.0.i586.rpm
 a0adaedd79d3277d2854e8ca090f209d  2007.0/i586/libkrb53-devel-1.4.3-6.2mdv2007.0.i586.rpm
 6150e3f69a9d45e045933c8d26a2ba31  2007.0/i586/telnet-client-krb5-1.4.3-6.2mdv2007.0.i586.rpm
 d31790fb758cc166a014ecc8d4add4ec  2007.0/i586/telnet-server-krb5-1.4.3-6.2mdv2007.0.i586.rpm 
 8ddcbd575ad6a4e62439b3703ad3c7ce  2007.0/SRPMS/krb5-1.4.3-6.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 4b4b657644f4cd0c7c33120c761b726a  2007.0/x86_64/ftp-client-krb5-1.4.3-6.2mdv2007.0.x86_64.rpm
 18039af3abc4be030a77e90394a88a32  2007.0/x86_64/ftp-server-krb5-1.4.3-6.2mdv2007.0.x86_64.rpm
 320c60b4082483bd985e30b2cd0fe6a4  2007.0/x86_64/krb5-server-1.4.3-6.2mdv2007.0.x86_64.rpm
 8a7244f4a692acbdca04876c1e46d005  2007.0/x86_64/krb5-workstation-1.4.3-6.2mdv2007.0.x86_64.rpm
 0166bcd0000d113fa384f0203e076bd5  2007.0/x86_64/lib64krb53-1.4.3-6.2mdv2007.0.x86_64.rpm
 071527893b9eba78d4ed36fbe3cf7420  2007.0/x86_64/lib64krb53-devel-1.4.3-6.2mdv2007.0.x86_64.rpm
 f2e098076719090d0a6770120cd30cc8  2007.0/x86_64/telnet-client-krb5-1.4.3-6.2mdv2007.0.x86_64.rpm
 244dd2dfed4c33af6c5c407f9e748696  2007.0/x86_64/telnet-server-krb5-1.4.3-6.2mdv2007.0.x86_64.rpm 
 8ddcbd575ad6a4e62439b3703ad3c7ce  2007.0/SRPMS/krb5-1.4.3-6.2mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 0e97e3acc4d6576ec1056b84bf56d0f0  2007.1/i586/ftp-client-krb5-1.5.2-6.3mdv2007.1.i586.rpm
 a925df48618989379f3e2033a63574fa  2007.1/i586/ftp-server-krb5-1.5.2-6.3mdv2007.1.i586.rpm
 5b5bbdf3ce50e207bb8af9b51e870566  2007.1/i586/krb5-server-1.5.2-6.3mdv2007.1.i586.rpm
 7a0ec635b839a1bd581f4d66b4ced6ac  2007.1/i586/krb5-workstation-1.5.2-6.3mdv2007.1.i586.rpm
 d4471551ede1911b808a9727806dae2e  2007.1/i586/libkrb53-1.5.2-6.3mdv2007.1.i586.rpm
 933ed747e6aa73bf183dd8e7a08a6f46  2007.1/i586/libkrb53-devel-1.5.2-6.3mdv2007.1.i586.rpm
 abadf7a96beb3d8dcce72610f58a8c06  2007.1/i586/telnet-client-krb5-1.5.2-6.3mdv2007.1.i586.rpm
 c66b3a784087e698037e143fa95ee0c1  2007.1/i586/telnet-server-krb5-1.5.2-6.3mdv2007.1.i586.rpm 
 ea1893535e462dd1919bd0abedbed87e  2007.1/SRPMS/krb5-1.5.2-6.3mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 47e94578a13f82a20f4d000f8392eb02  2007.1/x86_64/ftp-client-krb5-1.5.2-6.3mdv2007.1.x86_64.rpm
 50b2d99b55411b4a721c3a613ad5ba2a  2007.1/x86_64/ftp-server-krb5-1.5.2-6.3mdv2007.1.x86_64.rpm
 27fcedcfa2741bf0f8049a4cc176bd81  2007.1/x86_64/krb5-server-1.5.2-6.3mdv2007.1.x86_64.rpm
 5839bb7446c0f6f999f141f8b27bd08a  2007.1/x86_64/krb5-workstation-1.5.2-6.3mdv2007.1.x86_64.rpm
 8e7315638bab378e0257cb89a2aa69e8  2007.1/x86_64/lib64krb53-1.5.2-6.3mdv2007.1.x86_64.rpm
 27aaf37c6e64f000cc5b98d3ffb81700  2007.1/x86_64/lib64krb53-devel-1.5.2-6.3mdv2007.1.x86_64.rpm
 dc945c4871d314bc3eff2d3bfe51d8d2  2007.1/x86_64/telnet-client-krb5-1.5.2-6.3mdv2007.1.x86_64.rpm
 e702159871325f6e4eae2ba4eda4b1fa  2007.1/x86_64/telnet-server-krb5-1.5.2-6.3mdv2007.1.x86_64.rpm 
 ea1893535e462dd1919bd0abedbed87e  2007.1/SRPMS/krb5-1.5.2-6.3mdv2007.1.src.rpm

 Corporate 3.0:
 f0547c5bf734e1e4e7ebdaaa45643183  corporate/3.0/i586/ftp-client-krb5-1.3-6.9.C30mdk.i586.rpm
 e47318f20875193315c2f90a0aa73893  corporate/3.0/i586/ftp-server-krb5-1.3-6.9.C30mdk.i586.rpm
 0c2b238bd3597f7207bf3a3ab3659364  corporate/3.0/i586/krb5-server-1.3-6.9.C30mdk.i586.rpm
 dd4b1f9a85a297fbc03b8d2f38c6e43b  corporate/3.0/i586/krb5-workstation-1.3-6.9.C30mdk.i586.rpm
 1590e1a8231e0b5bfcbbdfaaa2832ed4  corporate/3.0/i586/libkrb51-1.3-6.9.C30mdk.i586.rpm
 ec4d5de3a00caca779eec5d41d514e14  corporate/3.0/i586/libkrb51-devel-1.3-6.9.C30mdk.i586.rpm
 3ff052270404ba6ee2649b11f3fef987  corporate/3.0/i586/telnet-client-krb5-1.3-6.9.C30mdk.i586.rpm
 afed9d2d655fd6a8b84b270c7c02bb27  corporate/3.0/i586/telnet-server-krb5-1.3-6.9.C30mdk.i586.rpm 
 2457d3a60e45048a670ccfdcc0ecb378  corporate/3.0/SRPMS/krb5-1.3-6.9.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 d97ee0f157987a221b80d9136ece289d  corporate/3.0/x86_64/ftp-client-krb5-1.3-6.9.C30mdk.x86_64.rpm
 c5684ae9f26b06083b96364d27cc6b17  corporate/3.0/x86_64/ftp-server-krb5-1.3-6.9.C30mdk.x86_64.rpm
 c76727d14b575a3d95c626230fb36e21  corporate/3.0/x86_64/krb5-server-1.3-6.9.C30mdk.x86_64.rpm
 d997ead69ebc1259cff22e0f95cd94b2  corporate/3.0/x86_64/krb5-workstation-1.3-6.9.C30mdk.x86_64.rpm
 940488184a42d9488083f8505cf51f31  corporate/3.0/x86_64/lib64krb51-1.3-6.9.C30mdk.x86_64.rpm
 6380542588680c89410735ffe7e4187c  corporate/3.0/x86_64/lib64krb51-devel-1.3-6.9.C30mdk.x86_64.rpm
 ad90e57cc1a38053b80dc992fb7e9821  corporate/3.0/x86_64/telnet-client-krb5-1.3-6.9.C30mdk.x86_64.rpm
 88bff515db340c5ba1941d7911061df9  corporate/3.0/x86_64/telnet-server-krb5-1.3-6.9.C30mdk.x86_64.rpm 
 2457d3a60e45048a670ccfdcc0ecb378  corporate/3.0/SRPMS/krb5-1.3-6.9.C30mdk.src.rpm

 Corporate 4.0:
 efddcdd277b1aabfe333628806fe0760  corporate/4.0/i586/ftp-client-krb5-1.4.3-5.3.20060mlcs4.i586.rpm
 726aacc0586b726a411b02b0c95f1fa9  corporate/4.0/i586/ftp-server-krb5-1.4.3-5.3.20060mlcs4.i586.rpm
 82f95b50e28a98b39e02a5c3911a2b92  corporate/4.0/i586/krb5-server-1.4.3-5.3.20060mlcs4.i586.rpm
 7c181fd1bc3f55f80f82b96301bb19cb  corporate/4.0/i586/krb5-workstation-1.4.3-5.3.20060mlcs4.i586.rpm
 2aae375fed863e40005547b81f4d6899  corporate/4.0/i586/libkrb53-1.4.3-5.3.20060mlcs4.i586.rpm
 3b4b780acd51067ec8b3f83d13838bf4  corporate/4.0/i586/libkrb53-devel-1.4.3-5.3.20060mlcs4.i586.rpm
 000a146dc869c4fc6bcb02b9ac6eaae1  corporate/4.0/i586/telnet-client-krb5-1.4.3-5.3.20060mlcs4.i586.rpm
 34403d6595fc096d7e6b09d8e50ad7de  corporate/4.0/i586/telnet-server-krb5-1.4.3-5.3.20060mlcs4.i586.rpm 
 f500eec032ef1404ae965d3a7b25bdb4  corporate/4.0/SRPMS/krb5-1.4.3-5.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 1ce29ebf6d7a319ab53350e38a8ef3af  corporate/4.0/x86_64/ftp-client-krb5-1.4.3-5.3.20060mlcs4.x86_64.rpm
 9df889b6fccdb1f5660a6ac1c1e019ac  corporate/4.0/x86_64/ftp-server-krb5-1.4.3-5.3.20060mlcs4.x86_64.rpm
 9dca2e1f57ca43a8c0f392c4f8cdea40  corporate/4.0/x86_64/krb5-server-1.4.3-5.3.20060mlcs4.x86_64.rpm
 8e6b55bef97e7c0109c02d7caca2c434  corporate/4.0/x86_64/krb5-workstation-1.4.3-5.3.20060mlcs4.x86_64.rpm
 32bc813142a311d128ac00437f9bbc6b  corporate/4.0/x86_64/lib64krb53-1.4.3-5.3.20060mlcs4.x86_64.rpm
 e08ce03ada5d6378509df0ba897a2b28  corporate/4.0/x86_64/lib64krb53-devel-1.4.3-5.3.20060mlcs4.x86_64.rpm
 7d6e28c5837e5e3d1f57d3170209efa5  corporate/4.0/x86_64/telnet-client-krb5-1.4.3-5.3.20060mlcs4.x86_64.rpm
 bc4796289d578b2fd226e26fd2e05765  corporate/4.0/x86_64/telnet-server-krb5-1.4.3-5.3.20060mlcs4.x86_64.rpm 
 f500eec032ef1404ae965d3a7b25bdb4  corporate/4.0/SRPMS/krb5-1.4.3-5.3.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 387a140e280b355674318964905fc506  mnf/2.0/i586/libkrb51-1.3-6.9.M20mdk.i586.rpm 
 8100f18f25a150efc52414692e456b49  mnf/2.0/SRPMS/krb5-1.3-6.9.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGga9JmqjQ0CJFipgRAuwPAJ9WZHyIKqGp2Zd3THW9I4FrnMiXHQCeK3Ix
aBJaUBpAxTQBi97q3ZfFNkk=
=x9wE
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ