[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1LyTTx-0004bI-JL@titan.mandriva.com>
Date: Mon, 27 Apr 2009 18:15:01 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2009:098 ] krb5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:098
http://www.mandriva.com/security/
_______________________________________________________________________
Package : krb5
Date : April 27, 2009
Affected: 2008.1, 2009.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in krb5:
The get_input_token function in the SPNEGO implementation in MIT
Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to
cause a denial of service (daemon crash) and possibly obtain sensitive
information via a crafted length value that triggers a buffer over-read
(CVE-2009-0844).
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in
the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before
1.6.4 allows remote attackers to cause a denial of service (daemon
crash) or possibly execute arbitrary code via vectors involving an
invalid DER encoding that triggers a free of an uninitialized pointer
(CVE-2009-0846).
The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5
(aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to
cause a denial of service (application crash) via a crafted length
value that triggers an erroneous malloc call, related to incorrect
calculations with pointer arithmetic (CVE-2009-0847).
The updated packages have been patched to correct these issues.
Update:
krb5 packages for Mandriva Linux Corporate Server 3 and 4 are not
affected by CVE-2009-0844 and CVE-2009-0845
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0844
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0847
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
8fd37c3b7905d709149e949341a1cef5 2008.1/i586/ftp-client-krb5-1.6.3-6.2mdv2008.1.i586.rpm
5bfecf2eea4e760cabb8fabb99c2319e 2008.1/i586/ftp-server-krb5-1.6.3-6.2mdv2008.1.i586.rpm
2d93da6ed6fa398a4757f054036d5631 2008.1/i586/krb5-1.6.3-6.2mdv2008.1.i586.rpm
32bab4463f4e90f86b5793dc39c44100 2008.1/i586/krb5-server-1.6.3-6.2mdv2008.1.i586.rpm
a1530d87332a48cf90e3e52489cebc8a 2008.1/i586/krb5-workstation-1.6.3-6.2mdv2008.1.i586.rpm
7df9ee6615eda87dc94fdc9bf6425b2e 2008.1/i586/libkrb53-1.6.3-6.2mdv2008.1.i586.rpm
cf9e0fd5e84e427970aa625b30feb2b4 2008.1/i586/libkrb53-devel-1.6.3-6.2mdv2008.1.i586.rpm
677e51076cec19f129ef56f1cdab8f03 2008.1/i586/telnet-client-krb5-1.6.3-6.2mdv2008.1.i586.rpm
619cb1d107395184eb8affbd0901b189 2008.1/i586/telnet-server-krb5-1.6.3-6.2mdv2008.1.i586.rpm
177a17eaba5c495a99e5db26251dba08 2008.1/SRPMS/krb5-1.6.3-6.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
1679393718e45595011f6b3c55058403 2008.1/x86_64/ftp-client-krb5-1.6.3-6.2mdv2008.1.x86_64.rpm
ab83a1b935d84dfb3ed167567286ef44 2008.1/x86_64/ftp-server-krb5-1.6.3-6.2mdv2008.1.x86_64.rpm
5d8c9714a0662f703ce64e2d3ffec248 2008.1/x86_64/krb5-1.6.3-6.2mdv2008.1.x86_64.rpm
564fcc2fa623f51ec0d49db3933002c6 2008.1/x86_64/krb5-server-1.6.3-6.2mdv2008.1.x86_64.rpm
1a6900fa4b8945bac082a655282730ce 2008.1/x86_64/krb5-workstation-1.6.3-6.2mdv2008.1.x86_64.rpm
786d21d01c4605cca4dcc49a644f46cb 2008.1/x86_64/lib64krb53-1.6.3-6.2mdv2008.1.x86_64.rpm
efc04ec60d2765f6d988011ab3407472 2008.1/x86_64/lib64krb53-devel-1.6.3-6.2mdv2008.1.x86_64.rpm
0b2818f503dd4aa22688c868b51f1228 2008.1/x86_64/telnet-client-krb5-1.6.3-6.2mdv2008.1.x86_64.rpm
112d154ca517a31fd2a4fa467d5d4e3c 2008.1/x86_64/telnet-server-krb5-1.6.3-6.2mdv2008.1.x86_64.rpm
177a17eaba5c495a99e5db26251dba08 2008.1/SRPMS/krb5-1.6.3-6.2mdv2008.1.src.rpm
Mandriva Linux 2009.0:
c2cda7b765baa64dbb0f1a7b976a1591 2009.0/i586/ftp-client-krb5-1.6.3-6.2mdv2009.0.i586.rpm
1dda8aa526a297dbc9038f280fa6883c 2009.0/i586/ftp-server-krb5-1.6.3-6.2mdv2009.0.i586.rpm
c8ad63842e6e8be0b4a5b5d21e458391 2009.0/i586/krb5-1.6.3-6.2mdv2009.0.i586.rpm
bee377a64972f0fcb0b2d31e1d286385 2009.0/i586/krb5-server-1.6.3-6.2mdv2009.0.i586.rpm
a83c03666c857e0c88a863dbf15ae526 2009.0/i586/krb5-workstation-1.6.3-6.2mdv2009.0.i586.rpm
17a89f6840ec8f2a60941fec75fba00b 2009.0/i586/libkrb53-1.6.3-6.2mdv2009.0.i586.rpm
4977c8d2353b28501d671b66b44e4133 2009.0/i586/libkrb53-devel-1.6.3-6.2mdv2009.0.i586.rpm
cdeef84c6cde6ddf8912718a88e66bf4 2009.0/i586/telnet-client-krb5-1.6.3-6.2mdv2009.0.i586.rpm
1e4906e2d74331a38e29b6b04a0ea8ba 2009.0/i586/telnet-server-krb5-1.6.3-6.2mdv2009.0.i586.rpm
4ad1f1a599a545334c80d9759def48ed 2009.0/SRPMS/krb5-1.6.3-6.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
fdc1779a9c4c7bc31880435fa8afbbb5 2009.0/x86_64/ftp-client-krb5-1.6.3-6.2mdv2009.0.x86_64.rpm
ccbde6246adfa07175b5cf2da9809d81 2009.0/x86_64/ftp-server-krb5-1.6.3-6.2mdv2009.0.x86_64.rpm
17662205327ac45a9fcc6ab270a8ef4f 2009.0/x86_64/krb5-1.6.3-6.2mdv2009.0.x86_64.rpm
b19fb986950c065345a28e9b8a444ab4 2009.0/x86_64/krb5-server-1.6.3-6.2mdv2009.0.x86_64.rpm
a2bba1358dfdfc458782357d805a566b 2009.0/x86_64/krb5-workstation-1.6.3-6.2mdv2009.0.x86_64.rpm
72a6f9be1607868e5d7c10ec8a7d2295 2009.0/x86_64/lib64krb53-1.6.3-6.2mdv2009.0.x86_64.rpm
7956f8bca30bbd637422189606b41e3a 2009.0/x86_64/lib64krb53-devel-1.6.3-6.2mdv2009.0.x86_64.rpm
34b741d881ef3b12905a9d624f4fc901 2009.0/x86_64/telnet-client-krb5-1.6.3-6.2mdv2009.0.x86_64.rpm
59d905047019f89cdd0a04e3bfe0ab14 2009.0/x86_64/telnet-server-krb5-1.6.3-6.2mdv2009.0.x86_64.rpm
4ad1f1a599a545334c80d9759def48ed 2009.0/SRPMS/krb5-1.6.3-6.2mdv2009.0.src.rpm
Corporate 3.0:
304218624241e5ce340f6c20534edaac corporate/3.0/i586/ftp-client-krb5-1.3-6.11.C30mdk.i586.rpm
4b2ced385b76878b5eeca08d68cf8741 corporate/3.0/i586/ftp-server-krb5-1.3-6.11.C30mdk.i586.rpm
e652820a091fcb438ae0cc973e579dfa corporate/3.0/i586/krb5-server-1.3-6.11.C30mdk.i586.rpm
c8136e55b22095692d3de5266e742ec1 corporate/3.0/i586/krb5-workstation-1.3-6.11.C30mdk.i586.rpm
75ef8ea188a73d9c0da28987ba42aa8d corporate/3.0/i586/libkrb51-1.3-6.11.C30mdk.i586.rpm
023862f9970d739299d9653b31d164c2 corporate/3.0/i586/libkrb51-devel-1.3-6.11.C30mdk.i586.rpm
c30c68b3c4726e37e010ca816cefe2a7 corporate/3.0/i586/telnet-client-krb5-1.3-6.11.C30mdk.i586.rpm
ffd71b666478d27ccc1fc06ad5175a8b corporate/3.0/i586/telnet-server-krb5-1.3-6.11.C30mdk.i586.rpm
4458f2259fef080bbece26f0235f1418 corporate/3.0/SRPMS/krb5-1.3-6.11.C30mdk.src.rpm
Corporate 3.0/X86_64:
d981c4f2a7925adb6feff0c252f00626 corporate/3.0/x86_64/ftp-client-krb5-1.3-6.11.C30mdk.x86_64.rpm
f59125ae3c7d1efa7151c5c8a86a1476 corporate/3.0/x86_64/ftp-server-krb5-1.3-6.11.C30mdk.x86_64.rpm
b17ece09b31395a413ae5eeeb5bd32a6 corporate/3.0/x86_64/krb5-server-1.3-6.11.C30mdk.x86_64.rpm
fc0b7f2fb95220c1607a72f5c25a45c3 corporate/3.0/x86_64/krb5-workstation-1.3-6.11.C30mdk.x86_64.rpm
156b5df78ec1239559e8720299f679e7 corporate/3.0/x86_64/lib64krb51-1.3-6.11.C30mdk.x86_64.rpm
4635489e850e52abca2df6db7d4a5ebc corporate/3.0/x86_64/lib64krb51-devel-1.3-6.11.C30mdk.x86_64.rpm
49806cab645a6a1d596f5b5a1cedd96c corporate/3.0/x86_64/telnet-client-krb5-1.3-6.11.C30mdk.x86_64.rpm
38fdcdf20d4ef0243fb6dbfe6a7780d5 corporate/3.0/x86_64/telnet-server-krb5-1.3-6.11.C30mdk.x86_64.rpm
4458f2259fef080bbece26f0235f1418 corporate/3.0/SRPMS/krb5-1.3-6.11.C30mdk.src.rpm
Corporate 4.0:
ab3ccbb8ce757efec2db8132432ae11f corporate/4.0/i586/ftp-client-krb5-1.4.3-5.7.20060mlcs4.i586.rpm
275e178b54b246c15ed10dc723e1920d corporate/4.0/i586/ftp-server-krb5-1.4.3-5.7.20060mlcs4.i586.rpm
7d3baabbf55efbebdef4357d46d350de corporate/4.0/i586/krb5-server-1.4.3-5.7.20060mlcs4.i586.rpm
0ae5311265df889ac567e0100a518eb6 corporate/4.0/i586/krb5-workstation-1.4.3-5.7.20060mlcs4.i586.rpm
70c681507015a10de964bf024abc9654 corporate/4.0/i586/libkrb53-1.4.3-5.7.20060mlcs4.i586.rpm
c3d01b1057490701edf645168ec0f0eb corporate/4.0/i586/libkrb53-devel-1.4.3-5.7.20060mlcs4.i586.rpm
e8e983e847571dfed35669719abf39be corporate/4.0/i586/telnet-client-krb5-1.4.3-5.7.20060mlcs4.i586.rpm
acc59a77acfd6ed95e29bdd1e99f3795 corporate/4.0/i586/telnet-server-krb5-1.4.3-5.7.20060mlcs4.i586.rpm
a4c146bd8c32f15d0997a72b7a90e944 corporate/4.0/SRPMS/krb5-1.4.3-5.7.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
62bbdd34df62287729d1b14ec2ab4d73 corporate/4.0/x86_64/ftp-client-krb5-1.4.3-5.7.20060mlcs4.x86_64.rpm
1e948554c70318ce09d4b6392e7b931d corporate/4.0/x86_64/ftp-server-krb5-1.4.3-5.7.20060mlcs4.x86_64.rpm
bceebd8909400563345b2d282c3b4baf corporate/4.0/x86_64/krb5-server-1.4.3-5.7.20060mlcs4.x86_64.rpm
579beed3249c720a8421a7706d718783 corporate/4.0/x86_64/krb5-workstation-1.4.3-5.7.20060mlcs4.x86_64.rpm
417e35f8f3954181367dca4ee82b5580 corporate/4.0/x86_64/lib64krb53-1.4.3-5.7.20060mlcs4.x86_64.rpm
74fdeb37faf6cba35cc0b071166d08cb corporate/4.0/x86_64/lib64krb53-devel-1.4.3-5.7.20060mlcs4.x86_64.rpm
9e0a1ba777a7229ab71ffdb58bea6a88 corporate/4.0/x86_64/telnet-client-krb5-1.4.3-5.7.20060mlcs4.x86_64.rpm
e6c8b6748465b44bed26cc9913f0bc34 corporate/4.0/x86_64/telnet-server-krb5-1.4.3-5.7.20060mlcs4.x86_64.rpm
a4c146bd8c32f15d0997a72b7a90e944 corporate/4.0/SRPMS/krb5-1.4.3-5.7.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJ9a0ZmqjQ0CJFipgRAmKGAJ9/gvDEmpyKrpEICEb2TZ/A8JGjTwCgmGxz
A8MpLcIJtfquCFfmrU5PlZQ=
=6HOC
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists