lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1UepVg-0003bs-Oe@titan.mandriva.com>
Date: Tue, 21 May 2013 18:34:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2013:166 ] krb5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:166
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : krb5
 Date    : May 21, 2013
 Affected: Business Server 1.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in krb5:
 
 The kpasswd service provided by kadmind was vulnerable to a UDP
 ping-pong attack (CVE-2002-2443).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2443
 https://bugzilla.redhat.com/show_bug.cgi?id=962531
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 762c01ff4ce813cd3c5acce794c29aa3  mes5/i586/krb5-1.8.1-0.11mdvmes5.2.i586.rpm
 415beef49e20f8b89c84b0270afbf1d6  mes5/i586/krb5-pkinit-openssl-1.8.1-0.11mdvmes5.2.i586.rpm
 a6bd6778ab49710b1a50633555b0dc27  mes5/i586/krb5-server-1.8.1-0.11mdvmes5.2.i586.rpm
 497cfca620c25dd7ce523a61afdccc5e  mes5/i586/krb5-server-ldap-1.8.1-0.11mdvmes5.2.i586.rpm
 2fe4670b52795e8c74f53e7eee826c2c  mes5/i586/krb5-workstation-1.8.1-0.11mdvmes5.2.i586.rpm
 22926f634ea6ba5f816c14a2e30cc38a  mes5/i586/libkrb53-1.8.1-0.11mdvmes5.2.i586.rpm
 477f8f61cd9c8e577cd6797e850978ce  mes5/i586/libkrb53-devel-1.8.1-0.11mdvmes5.2.i586.rpm 
 77c66246600b71f6471f75054e886cd4  mes5/SRPMS/krb5-1.8.1-0.11mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 1cab52ff4c719378b97ec3acbc7d911f  mes5/x86_64/krb5-1.8.1-0.11mdvmes5.2.x86_64.rpm
 b5d51d32e5eaa96ab973e5ce151a5254  mes5/x86_64/krb5-pkinit-openssl-1.8.1-0.11mdvmes5.2.x86_64.rpm
 6218fc79250aaec5c7ca19b193fdb8dc  mes5/x86_64/krb5-server-1.8.1-0.11mdvmes5.2.x86_64.rpm
 88de99aa8cde8adaee672c265292a355  mes5/x86_64/krb5-server-ldap-1.8.1-0.11mdvmes5.2.x86_64.rpm
 39791a90573b4de08efdaf0193bbc5dc  mes5/x86_64/krb5-workstation-1.8.1-0.11mdvmes5.2.x86_64.rpm
 846b75578bb5559cfcf7aa2ce9e43156  mes5/x86_64/lib64krb53-1.8.1-0.11mdvmes5.2.x86_64.rpm
 7351a8d2be13df25ab9c2534489a2da0  mes5/x86_64/lib64krb53-devel-1.8.1-0.11mdvmes5.2.x86_64.rpm 
 77c66246600b71f6471f75054e886cd4  mes5/SRPMS/krb5-1.8.1-0.11mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 3150d604a21be2373d223457da156734  mbs1/x86_64/krb5-1.9.2-3.3.mbs1.x86_64.rpm
 52729f0759e686cfdf5f9c99efc28862  mbs1/x86_64/krb5-pkinit-openssl-1.9.2-3.3.mbs1.x86_64.rpm
 4b997282ad6dd76eb7a10f07809bef71  mbs1/x86_64/krb5-server-1.9.2-3.3.mbs1.x86_64.rpm
 b10b3c0211e071ab93e818db684098f9  mbs1/x86_64/krb5-server-ldap-1.9.2-3.3.mbs1.x86_64.rpm
 417d23306554b1d7d290e8d3fed1a2d8  mbs1/x86_64/krb5-workstation-1.9.2-3.3.mbs1.x86_64.rpm
 a17c8e2438c0415c9ea478bcc0715101  mbs1/x86_64/lib64krb53-1.9.2-3.3.mbs1.x86_64.rpm
 2d05c4ac4b44be10ea1e3d4337689512  mbs1/x86_64/lib64krb53-devel-1.9.2-3.3.mbs1.x86_64.rpm 
 95305e2323d63546e970538b7d692447  mbs1/SRPMS/krb5-1.9.2-3.3.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFRm3ZlmqjQ0CJFipgRAmRWAJ42vFSB5f9jXtt3hRarBQpqxARd/ACfa9qv
esFWMrXe/0P1/wv2ag87c6w=
=Lg3K
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ