lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Q0ZZ2-0000hk-Rz@titan.mandriva.com>
Date: Fri, 18 Mar 2011 14:18:00 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2011:048 ] krb5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:048
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : krb5
 Date    : March 18, 2011
 Affected: 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in krb5:
 
 The MIT Kerberos 5 Key Distribution Center (KDC) daemon is vulnerable
 to a double-free condition if the Public Key Cryptography for Initial
 Authentication (PKINIT) capability is enabled, resulting in daemon
 crash or arbitrary code execution (which is believed to be difficult)
 (CVE-2011-0284).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0284
 http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-003.txt
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 89a5146c09e531a05db7839dedb0a339  2010.1/i586/krb5-1.8.1-5.4mdv2010.2.i586.rpm
 a4fbd4e66104d0b025ca5af74042f21a  2010.1/i586/krb5-pkinit-openssl-1.8.1-5.4mdv2010.2.i586.rpm
 52d37491abb6044371064e031e3f782c  2010.1/i586/krb5-server-1.8.1-5.4mdv2010.2.i586.rpm
 6420550804a52d0cc7602b0d6ce43dd9  2010.1/i586/krb5-server-ldap-1.8.1-5.4mdv2010.2.i586.rpm
 a272a19cb39e01caa81f076e98e77b18  2010.1/i586/krb5-workstation-1.8.1-5.4mdv2010.2.i586.rpm
 9f1c62745a31910be6574d41b513fff9  2010.1/i586/libkrb53-1.8.1-5.4mdv2010.2.i586.rpm
 d3f252a3ee7c998fb475e8c847568f64  2010.1/i586/libkrb53-devel-1.8.1-5.4mdv2010.2.i586.rpm 
 2148b8ff4cb03a84b7394a09ce8e374c  2010.1/SRPMS/krb5-1.8.1-5.4mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 5fb7896e15aabb6413b5a4a8eb389de2  2010.1/x86_64/krb5-1.8.1-5.4mdv2010.2.x86_64.rpm
 87a70bdae97ff07485761ef2825f9af9  2010.1/x86_64/krb5-pkinit-openssl-1.8.1-5.4mdv2010.2.x86_64.rpm
 8b533208a389cdc53ef1c7ae175441a7  2010.1/x86_64/krb5-server-1.8.1-5.4mdv2010.2.x86_64.rpm
 bc1962507833f15e4dff3f02b3827caa  2010.1/x86_64/krb5-server-ldap-1.8.1-5.4mdv2010.2.x86_64.rpm
 b1592aca21fa62525b3ee0d47eca9359  2010.1/x86_64/krb5-workstation-1.8.1-5.4mdv2010.2.x86_64.rpm
 6007c476bbe0ed6b77157d01bc71fd56  2010.1/x86_64/lib64krb53-1.8.1-5.4mdv2010.2.x86_64.rpm
 3855f3d0ab75f54ebf4dc05f42efed3c  2010.1/x86_64/lib64krb53-devel-1.8.1-5.4mdv2010.2.x86_64.rpm 
 2148b8ff4cb03a84b7394a09ce8e374c  2010.1/SRPMS/krb5-1.8.1-5.4mdv2010.2.src.rpm

 Mandriva Enterprise Server 5:
 99f05c23d6049230037ab6fef72b61c2  mes5/i586/krb5-1.8.1-0.5mdvmes5.2.i586.rpm
 23bdfb95ae19f56fc5e719cc1a480260  mes5/i586/krb5-pkinit-openssl-1.8.1-0.5mdvmes5.2.i586.rpm
 848f15a20fa86057cfdbe2b60c095987  mes5/i586/krb5-server-1.8.1-0.5mdvmes5.2.i586.rpm
 485c559ae048ba13e50950b3868a7946  mes5/i586/krb5-server-ldap-1.8.1-0.5mdvmes5.2.i586.rpm
 534efaed5cc1a76d53277ac07d7759b4  mes5/i586/krb5-workstation-1.8.1-0.5mdvmes5.2.i586.rpm
 93411c0c22cf9d0346b0d3bc8f032db4  mes5/i586/libkrb53-1.8.1-0.5mdvmes5.2.i586.rpm
 b40b3bca351d0468893c30dc42174c4c  mes5/i586/libkrb53-devel-1.8.1-0.5mdvmes5.2.i586.rpm 
 79c72436e944990111e6a801166c06b6  mes5/SRPMS/krb5-1.8.1-0.5mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 53eb81cf4d662f16fef45c6c89a48bbb  mes5/x86_64/krb5-1.8.1-0.5mdvmes5.2.x86_64.rpm
 ae27d729c6a9fd714aaed4ad3692d72d  mes5/x86_64/krb5-pkinit-openssl-1.8.1-0.5mdvmes5.2.x86_64.rpm
 eff836f154bf1364b5b10be1c80e1373  mes5/x86_64/krb5-server-1.8.1-0.5mdvmes5.2.x86_64.rpm
 f22c47a5a4127a1ebb6dcf4e3d8ae8b8  mes5/x86_64/krb5-server-ldap-1.8.1-0.5mdvmes5.2.x86_64.rpm
 159e5d962bbb0614fcdeaebd3df3575e  mes5/x86_64/krb5-workstation-1.8.1-0.5mdvmes5.2.x86_64.rpm
 ad752198fef0ad908eb3e436dec68e82  mes5/x86_64/lib64krb53-1.8.1-0.5mdvmes5.2.x86_64.rpm
 80d6aa2d81a91e36ba81725e511b850c  mes5/x86_64/lib64krb53-devel-1.8.1-0.5mdvmes5.2.x86_64.rpm 
 79c72436e944990111e6a801166c06b6  mes5/SRPMS/krb5-1.8.1-0.5mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNgy93mqjQ0CJFipgRAuaiAJ4tzw4dzc/pVOQ9wiQk05dQucvgyQCg2FuS
tK2qBOyw887nWs3Nc/dGDSc=
=Zn18
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ