[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1UepVg-0003bs-Oe@titan.mandriva.com>
Date: Tue, 21 May 2013 18:34:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2013:166 ] krb5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:166
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : krb5
Date : May 21, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been discovered and corrected in krb5:
The kpasswd service provided by kadmind was vulnerable to a UDP
ping-pong attack (CVE-2002-2443).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2443
https://bugzilla.redhat.com/show_bug.cgi?id=962531
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
762c01ff4ce813cd3c5acce794c29aa3 mes5/i586/krb5-1.8.1-0.11mdvmes5.2.i586.rpm
415beef49e20f8b89c84b0270afbf1d6 mes5/i586/krb5-pkinit-openssl-1.8.1-0.11mdvmes5.2.i586.rpm
a6bd6778ab49710b1a50633555b0dc27 mes5/i586/krb5-server-1.8.1-0.11mdvmes5.2.i586.rpm
497cfca620c25dd7ce523a61afdccc5e mes5/i586/krb5-server-ldap-1.8.1-0.11mdvmes5.2.i586.rpm
2fe4670b52795e8c74f53e7eee826c2c mes5/i586/krb5-workstation-1.8.1-0.11mdvmes5.2.i586.rpm
22926f634ea6ba5f816c14a2e30cc38a mes5/i586/libkrb53-1.8.1-0.11mdvmes5.2.i586.rpm
477f8f61cd9c8e577cd6797e850978ce mes5/i586/libkrb53-devel-1.8.1-0.11mdvmes5.2.i586.rpm
77c66246600b71f6471f75054e886cd4 mes5/SRPMS/krb5-1.8.1-0.11mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
1cab52ff4c719378b97ec3acbc7d911f mes5/x86_64/krb5-1.8.1-0.11mdvmes5.2.x86_64.rpm
b5d51d32e5eaa96ab973e5ce151a5254 mes5/x86_64/krb5-pkinit-openssl-1.8.1-0.11mdvmes5.2.x86_64.rpm
6218fc79250aaec5c7ca19b193fdb8dc mes5/x86_64/krb5-server-1.8.1-0.11mdvmes5.2.x86_64.rpm
88de99aa8cde8adaee672c265292a355 mes5/x86_64/krb5-server-ldap-1.8.1-0.11mdvmes5.2.x86_64.rpm
39791a90573b4de08efdaf0193bbc5dc mes5/x86_64/krb5-workstation-1.8.1-0.11mdvmes5.2.x86_64.rpm
846b75578bb5559cfcf7aa2ce9e43156 mes5/x86_64/lib64krb53-1.8.1-0.11mdvmes5.2.x86_64.rpm
7351a8d2be13df25ab9c2534489a2da0 mes5/x86_64/lib64krb53-devel-1.8.1-0.11mdvmes5.2.x86_64.rpm
77c66246600b71f6471f75054e886cd4 mes5/SRPMS/krb5-1.8.1-0.11mdvmes5.2.src.rpm
Mandriva Business Server 1/X86_64:
3150d604a21be2373d223457da156734 mbs1/x86_64/krb5-1.9.2-3.3.mbs1.x86_64.rpm
52729f0759e686cfdf5f9c99efc28862 mbs1/x86_64/krb5-pkinit-openssl-1.9.2-3.3.mbs1.x86_64.rpm
4b997282ad6dd76eb7a10f07809bef71 mbs1/x86_64/krb5-server-1.9.2-3.3.mbs1.x86_64.rpm
b10b3c0211e071ab93e818db684098f9 mbs1/x86_64/krb5-server-ldap-1.9.2-3.3.mbs1.x86_64.rpm
417d23306554b1d7d290e8d3fed1a2d8 mbs1/x86_64/krb5-workstation-1.9.2-3.3.mbs1.x86_64.rpm
a17c8e2438c0415c9ea478bcc0715101 mbs1/x86_64/lib64krb53-1.9.2-3.3.mbs1.x86_64.rpm
2d05c4ac4b44be10ea1e3d4337689512 mbs1/x86_64/lib64krb53-devel-1.9.2-3.3.mbs1.x86_64.rpm
95305e2323d63546e970538b7d692447 mbs1/SRPMS/krb5-1.9.2-3.3.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFRm3ZlmqjQ0CJFipgRAmRWAJ42vFSB5f9jXtt3hRarBQpqxARd/ACfa9qv
esFWMrXe/0P1/wv2ag87c6w=
=Lg3K
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists