[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1O1oCD-00016q-MP@titan.mandriva.com>
Date: Wed, 14 Apr 2010 00:03:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:071 ] krb5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:071
http://www.mandriva.com/security/
_______________________________________________________________________
Package : krb5
Date : April 13, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in krb5:
Use-after-free vulnerability in kadmin/server/server_stubs.c in
kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote
authenticated users to cause a denial of service (daemon crash) via a
request from a kadmin client that sends an invalid API version number
(CVE-2010-0629).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0629
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
9f5448a45cc6394e3da51fb7e6ec08bc 2008.0/i586/ftp-client-krb5-1.6.2-7.5mdv2008.0.i586.rpm
968a57e5b23bc0d5ef4683f217faf9f7 2008.0/i586/ftp-server-krb5-1.6.2-7.5mdv2008.0.i586.rpm
13a58b947627923124f543fd78c28d7c 2008.0/i586/krb5-1.6.2-7.5mdv2008.0.i586.rpm
514d2a71f353964c6b14a749f2cdb829 2008.0/i586/krb5-server-1.6.2-7.5mdv2008.0.i586.rpm
56ff05cd8403c4338e1c2fa608b792be 2008.0/i586/krb5-workstation-1.6.2-7.5mdv2008.0.i586.rpm
67698f7233a12092f566f85a86382eb2 2008.0/i586/libkrb53-1.6.2-7.5mdv2008.0.i586.rpm
1abe9d1e13fe231319cc7cae37915c29 2008.0/i586/libkrb53-devel-1.6.2-7.5mdv2008.0.i586.rpm
bed30e41b5ce69fc5444b26906f979f8 2008.0/i586/telnet-client-krb5-1.6.2-7.5mdv2008.0.i586.rpm
654a0c8c81f1aea5d33202f1578e1885 2008.0/i586/telnet-server-krb5-1.6.2-7.5mdv2008.0.i586.rpm
95622dc4bf6889e9a6158d44d246dd91 2008.0/SRPMS/krb5-1.6.2-7.5mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
e4673bd73f3775f5ce5f434de624d530 2008.0/x86_64/ftp-client-krb5-1.6.2-7.5mdv2008.0.x86_64.rpm
b158842dd80fd66e9b6622b20807f110 2008.0/x86_64/ftp-server-krb5-1.6.2-7.5mdv2008.0.x86_64.rpm
d0e0ade51e083c731e017b497ccda4c2 2008.0/x86_64/krb5-1.6.2-7.5mdv2008.0.x86_64.rpm
1f4a82c960c74a0ea1fefae8c65fa66e 2008.0/x86_64/krb5-server-1.6.2-7.5mdv2008.0.x86_64.rpm
1057aae9fb229fccbce2045588a6d16c 2008.0/x86_64/krb5-workstation-1.6.2-7.5mdv2008.0.x86_64.rpm
7bdc70834ad6f9eda31b200705925753 2008.0/x86_64/lib64krb53-1.6.2-7.5mdv2008.0.x86_64.rpm
2a34731e5d0fbe15441e5b418a65ac22 2008.0/x86_64/lib64krb53-devel-1.6.2-7.5mdv2008.0.x86_64.rpm
e219ef1b48482ebc2423a0ba06db1de8 2008.0/x86_64/telnet-client-krb5-1.6.2-7.5mdv2008.0.x86_64.rpm
79ec8f653a001101eba5b31e8601ee74 2008.0/x86_64/telnet-server-krb5-1.6.2-7.5mdv2008.0.x86_64.rpm
95622dc4bf6889e9a6158d44d246dd91 2008.0/SRPMS/krb5-1.6.2-7.5mdv2008.0.src.rpm
Mandriva Linux 2009.0:
d0ce291e2fe1a4b6af1316d3f2d0fe37 2009.0/i586/ftp-client-krb5-1.6.3-6.4mdv2009.0.i586.rpm
5721a43fc1639950e72d325c0e5805ae 2009.0/i586/ftp-server-krb5-1.6.3-6.4mdv2009.0.i586.rpm
b5e98b37fc839557ca8955fd2d1f6df0 2009.0/i586/krb5-1.6.3-6.4mdv2009.0.i586.rpm
c25511c0aaacbd5074b28ef96b11a284 2009.0/i586/krb5-server-1.6.3-6.4mdv2009.0.i586.rpm
1be6fde5300973cbbc5333cfc4ca62de 2009.0/i586/krb5-workstation-1.6.3-6.4mdv2009.0.i586.rpm
f12ba0691620b45433d4f1b34d25aa64 2009.0/i586/libkrb53-1.6.3-6.4mdv2009.0.i586.rpm
efb5d14eb2be141e82cd205ce1933ba4 2009.0/i586/libkrb53-devel-1.6.3-6.4mdv2009.0.i586.rpm
a0f25c33e20331ad8b2a98491b38df45 2009.0/i586/telnet-client-krb5-1.6.3-6.4mdv2009.0.i586.rpm
d942cd60585968be2dba268e7b3406de 2009.0/i586/telnet-server-krb5-1.6.3-6.4mdv2009.0.i586.rpm
7cbc1aaee5fb3362be27aa77be3d9412 2009.0/SRPMS/krb5-1.6.3-6.4mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
f364c0ab824eb86e65f4771321f1e29b 2009.0/x86_64/ftp-client-krb5-1.6.3-6.4mdv2009.0.x86_64.rpm
32c188df8aedb1932560b452af4bb5d3 2009.0/x86_64/ftp-server-krb5-1.6.3-6.4mdv2009.0.x86_64.rpm
e0865b99261d419368156066f2548f77 2009.0/x86_64/krb5-1.6.3-6.4mdv2009.0.x86_64.rpm
1c5bf5b0450f8700f66486f52f2759c8 2009.0/x86_64/krb5-server-1.6.3-6.4mdv2009.0.x86_64.rpm
f8321e736bd0b45b86fc0108f5a87943 2009.0/x86_64/krb5-workstation-1.6.3-6.4mdv2009.0.x86_64.rpm
a4d2dddcf44deab78c17a896d14bdce1 2009.0/x86_64/lib64krb53-1.6.3-6.4mdv2009.0.x86_64.rpm
f9d887acea115fe36aa461a54155f005 2009.0/x86_64/lib64krb53-devel-1.6.3-6.4mdv2009.0.x86_64.rpm
1e0f22c1a9f5214a1bbae61ff8ab3a31 2009.0/x86_64/telnet-client-krb5-1.6.3-6.4mdv2009.0.x86_64.rpm
5e2821158e40752b8a07f851db66ed35 2009.0/x86_64/telnet-server-krb5-1.6.3-6.4mdv2009.0.x86_64.rpm
7cbc1aaee5fb3362be27aa77be3d9412 2009.0/SRPMS/krb5-1.6.3-6.4mdv2009.0.src.rpm
Mandriva Linux 2009.1:
d3797e882a86653255e902623a3cf3f9 2009.1/i586/ftp-client-krb5-1.6.3-9.2mdv2009.1.i586.rpm
67c9aa3d27e2181e02e79f7363660ea1 2009.1/i586/ftp-server-krb5-1.6.3-9.2mdv2009.1.i586.rpm
42734e976bfcf6ee8b87dd481be524c4 2009.1/i586/krb5-1.6.3-9.2mdv2009.1.i586.rpm
eb798728bce3837a44ac7c5f069a0e8c 2009.1/i586/krb5-server-1.6.3-9.2mdv2009.1.i586.rpm
6c9b183842bda575bb8a7e9b71ada6d7 2009.1/i586/krb5-workstation-1.6.3-9.2mdv2009.1.i586.rpm
e5bb1b8b3b92957a254efe9f17e499a5 2009.1/i586/libkrb53-1.6.3-9.2mdv2009.1.i586.rpm
59e485882ce3c831c82111ec8cf6d6f5 2009.1/i586/libkrb53-devel-1.6.3-9.2mdv2009.1.i586.rpm
77bb67892dd8cb7940bfda9e1d2c34c3 2009.1/i586/telnet-client-krb5-1.6.3-9.2mdv2009.1.i586.rpm
507af6e15bfacbe4402967d1c433c8f2 2009.1/i586/telnet-server-krb5-1.6.3-9.2mdv2009.1.i586.rpm
ffaee3102c21aa6fb331d9c162ed85c5 2009.1/SRPMS/krb5-1.6.3-9.2mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
693b9e783e72152e5b2f0090761effa3 2009.1/x86_64/ftp-client-krb5-1.6.3-9.2mdv2009.1.x86_64.rpm
686980549d52655c0f90125b860bd35c 2009.1/x86_64/ftp-server-krb5-1.6.3-9.2mdv2009.1.x86_64.rpm
668480cd1caaed4260817332d7363865 2009.1/x86_64/krb5-1.6.3-9.2mdv2009.1.x86_64.rpm
85be4a8d535b7b8a6ff8aca5fa9cad4e 2009.1/x86_64/krb5-server-1.6.3-9.2mdv2009.1.x86_64.rpm
dee036cdd5b4fcf191758d005427cb31 2009.1/x86_64/krb5-workstation-1.6.3-9.2mdv2009.1.x86_64.rpm
0b78211edc327ca551a2f04f13f762cb 2009.1/x86_64/lib64krb53-1.6.3-9.2mdv2009.1.x86_64.rpm
9a195e5101ce90428e71effa108f467e 2009.1/x86_64/lib64krb53-devel-1.6.3-9.2mdv2009.1.x86_64.rpm
6f752a88a2e720bfe726b3e9a03f87b1 2009.1/x86_64/telnet-client-krb5-1.6.3-9.2mdv2009.1.x86_64.rpm
ce7d2d7a6520ec12991168833a17be54 2009.1/x86_64/telnet-server-krb5-1.6.3-9.2mdv2009.1.x86_64.rpm
ffaee3102c21aa6fb331d9c162ed85c5 2009.1/SRPMS/krb5-1.6.3-9.2mdv2009.1.src.rpm
Mandriva Linux 2010.0:
f5de56f00e0f12a401233c7cf6b277c8 2010.0/i586/ftp-client-krb5-1.6.3-10.2mdv2010.0.i586.rpm
1c415d39c9ad358334993832a44e2f04 2010.0/i586/ftp-server-krb5-1.6.3-10.2mdv2010.0.i586.rpm
075d78b1a6af6929ee084e393e6a6794 2010.0/i586/krb5-1.6.3-10.2mdv2010.0.i586.rpm
736f52f95297a7921441814749de2df4 2010.0/i586/krb5-server-1.6.3-10.2mdv2010.0.i586.rpm
068ac9c2ed40309eaaadd6cf0a2262bf 2010.0/i586/krb5-workstation-1.6.3-10.2mdv2010.0.i586.rpm
6f7ccc99aa8fa4e53c19b67a97ffa357 2010.0/i586/libkrb53-1.6.3-10.2mdv2010.0.i586.rpm
ac1737e20e86c6ca59c94dfd700fdfd6 2010.0/i586/libkrb53-devel-1.6.3-10.2mdv2010.0.i586.rpm
3c6938f80e287373be0f99ed887279ff 2010.0/i586/telnet-client-krb5-1.6.3-10.2mdv2010.0.i586.rpm
79118bac500bc5ced30eba0e79cb3c6f 2010.0/i586/telnet-server-krb5-1.6.3-10.2mdv2010.0.i586.rpm
7f7033999c5cf42adfbd0af07404d1e9 2010.0/SRPMS/krb5-1.6.3-10.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
cf9948b74fca374f80f56dbe8c4a9b6c 2010.0/x86_64/ftp-client-krb5-1.6.3-10.2mdv2010.0.x86_64.rpm
62c9f4bac25c24c7ae6cada9e9eaa48d 2010.0/x86_64/ftp-server-krb5-1.6.3-10.2mdv2010.0.x86_64.rpm
9c1464f370f6f8c6a3df1f2801b0988a 2010.0/x86_64/krb5-1.6.3-10.2mdv2010.0.x86_64.rpm
c23833e105fe5a97c29b450f57e0d123 2010.0/x86_64/krb5-server-1.6.3-10.2mdv2010.0.x86_64.rpm
d87a5bac9a1625b3c06ef24a5191c01e 2010.0/x86_64/krb5-workstation-1.6.3-10.2mdv2010.0.x86_64.rpm
a36f6fdaacde00702d78e7f024985039 2010.0/x86_64/lib64krb53-1.6.3-10.2mdv2010.0.x86_64.rpm
bfbc547ef9c1ad6c927ce329694872fe 2010.0/x86_64/lib64krb53-devel-1.6.3-10.2mdv2010.0.x86_64.rpm
6d29133065be39b8335f728e68631758 2010.0/x86_64/telnet-client-krb5-1.6.3-10.2mdv2010.0.x86_64.rpm
41fbdb4989719e390f80b3236fdaf796 2010.0/x86_64/telnet-server-krb5-1.6.3-10.2mdv2010.0.x86_64.rpm
7f7033999c5cf42adfbd0af07404d1e9 2010.0/SRPMS/krb5-1.6.3-10.2mdv2010.0.src.rpm
Mandriva Enterprise Server 5:
ab8053538358ec3ec56f120e650165b3 mes5/i586/ftp-client-krb5-1.6.3-6.4mdvmes5.1.i586.rpm
a5445d1c4ece54c4c3deefc858fb70de mes5/i586/ftp-server-krb5-1.6.3-6.4mdvmes5.1.i586.rpm
6e79cd988eec11dc7f0c3bd7c65bf2fb mes5/i586/krb5-1.6.3-6.4mdvmes5.1.i586.rpm
448d1ea0b2ccd0b5f16038c53297b526 mes5/i586/krb5-server-1.6.3-6.4mdvmes5.1.i586.rpm
bfbd8c95b9a1ee0b4f65cd9494561eab mes5/i586/krb5-workstation-1.6.3-6.4mdvmes5.1.i586.rpm
ace6f5c1b8ac1b875edfa0abac726805 mes5/i586/libkrb53-1.6.3-6.4mdvmes5.1.i586.rpm
e5d676b320562110e6b0aa53c8e639b0 mes5/i586/libkrb53-devel-1.6.3-6.4mdvmes5.1.i586.rpm
f8a27a35e1a04b4bac38648420ca4eb5 mes5/i586/telnet-client-krb5-1.6.3-6.4mdvmes5.1.i586.rpm
9823347a514dd9d96f6858fd04c0edc2 mes5/i586/telnet-server-krb5-1.6.3-6.4mdvmes5.1.i586.rpm
6db397cb4c5c5b5d6baba8ca5bd521f7 mes5/SRPMS/krb5-1.6.3-6.4mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
4eadd84cd3e0837ef376e6ae81cf04ec mes5/x86_64/ftp-client-krb5-1.6.3-6.4mdvmes5.1.x86_64.rpm
65c97c903061e9d0afde1ba39d36b07b mes5/x86_64/ftp-server-krb5-1.6.3-6.4mdvmes5.1.x86_64.rpm
b8f83a7048b4a89d08914a88a3a960ce mes5/x86_64/krb5-1.6.3-6.4mdvmes5.1.x86_64.rpm
3404a9f30a95d8700802fe3369c57316 mes5/x86_64/krb5-server-1.6.3-6.4mdvmes5.1.x86_64.rpm
413a4f947660b4ccdce80196026c9917 mes5/x86_64/krb5-workstation-1.6.3-6.4mdvmes5.1.x86_64.rpm
d9abf54fa81e41cdc0850153e0104e72 mes5/x86_64/lib64krb53-1.6.3-6.4mdvmes5.1.x86_64.rpm
518c7102cbacee2f1762625991cca5fe mes5/x86_64/lib64krb53-devel-1.6.3-6.4mdvmes5.1.x86_64.rpm
a34eb8985df6fd7aa7c6cacfd99fdd1c mes5/x86_64/telnet-client-krb5-1.6.3-6.4mdvmes5.1.x86_64.rpm
11ed7bf016030cdf2313beeaf2133523 mes5/x86_64/telnet-server-krb5-1.6.3-6.4mdvmes5.1.x86_64.rpm
6db397cb4c5c5b5d6baba8ca5bd521f7 mes5/SRPMS/krb5-1.6.3-6.4mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD4DBQFLxLpsmqjQ0CJFipgRAhg4AJ4949nEcMnTapTDl3/86drdxewLqgCYiAfY
+OC55wzjaO6hH0/M7nzE1w==
=WMuW
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists