lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PnCh3-00006J-E1@titan.mandriva.com>
Date: Wed, 09 Feb 2011 17:15:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:024 ] krb5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:024
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : krb5
 Date    : January 9, 2011
 Affected: 2009.0, 2010.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities were discovered and corrected in krb5:
 
 The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable
 to denial of service attacks from unauthenticated remote attackers
 (CVE-2011-0281, CVE-2011-0282).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0281
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0282
 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 a19b45095a4c3a3325a23a98c9b62123  2009.0/i586/ftp-client-krb5-1.6.3-6.7mdv2009.0.i586.rpm
 62ee1d7005c6fecc20f43d50773a8ab0  2009.0/i586/ftp-server-krb5-1.6.3-6.7mdv2009.0.i586.rpm
 4a670066b022ca0d1e780e535b5dad34  2009.0/i586/krb5-1.6.3-6.7mdv2009.0.i586.rpm
 27479079f1205258ebf1a95cde9c72c4  2009.0/i586/krb5-server-1.6.3-6.7mdv2009.0.i586.rpm
 2b8bc1f146ae12947eb0d66571e71b6c  2009.0/i586/krb5-workstation-1.6.3-6.7mdv2009.0.i586.rpm
 19fdf51bf9e901e42f59ca9e6e98f467  2009.0/i586/libkrb53-1.6.3-6.7mdv2009.0.i586.rpm
 d605d6a2482a43395f7099900bff82f2  2009.0/i586/libkrb53-devel-1.6.3-6.7mdv2009.0.i586.rpm
 462f1389fe4095a4c4f0f6207672f2f3  2009.0/i586/telnet-client-krb5-1.6.3-6.7mdv2009.0.i586.rpm
 296db9f5769dde078cb94e6e0d82095a  2009.0/i586/telnet-server-krb5-1.6.3-6.7mdv2009.0.i586.rpm 
 2bad38c6316246a6dc19064862355946  2009.0/SRPMS/krb5-1.6.3-6.7mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 874d1f1e9d08f0fd037dafb02f27e25a  2009.0/x86_64/ftp-client-krb5-1.6.3-6.7mdv2009.0.x86_64.rpm
 809e11d3f613310a554cc410b265340a  2009.0/x86_64/ftp-server-krb5-1.6.3-6.7mdv2009.0.x86_64.rpm
 1cba00d3b76c822327e475f65b8eb297  2009.0/x86_64/krb5-1.6.3-6.7mdv2009.0.x86_64.rpm
 2cec696b37dca1c6838f22e6d15be960  2009.0/x86_64/krb5-server-1.6.3-6.7mdv2009.0.x86_64.rpm
 2e5224b06920992dd089155524f59a84  2009.0/x86_64/krb5-workstation-1.6.3-6.7mdv2009.0.x86_64.rpm
 cc71b41dd2694b64ae0bd0a29f5901ae  2009.0/x86_64/lib64krb53-1.6.3-6.7mdv2009.0.x86_64.rpm
 570353d6ce78ce9df326002439caec90  2009.0/x86_64/lib64krb53-devel-1.6.3-6.7mdv2009.0.x86_64.rpm
 fac2a3ec4699ea5468edd525581c176c  2009.0/x86_64/telnet-client-krb5-1.6.3-6.7mdv2009.0.x86_64.rpm
 c6101ff519432a473fe54813dee91920  2009.0/x86_64/telnet-server-krb5-1.6.3-6.7mdv2009.0.x86_64.rpm 
 2bad38c6316246a6dc19064862355946  2009.0/SRPMS/krb5-1.6.3-6.7mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 d5b2da171f65a6b7ac3e60e01e4d1712  2010.0/i586/ftp-client-krb5-1.6.3-10.5mdv2010.0.i586.rpm
 27ae96d163768f10187a40eca4f754d2  2010.0/i586/ftp-server-krb5-1.6.3-10.5mdv2010.0.i586.rpm
 498c4f101072718c07c2b7639d9d814d  2010.0/i586/krb5-1.6.3-10.5mdv2010.0.i586.rpm
 afdbc93b50cb27f0cede08efc9e3bc61  2010.0/i586/krb5-server-1.6.3-10.5mdv2010.0.i586.rpm
 6f8b0b82cb75fdf87f25eb123a65fdcf  2010.0/i586/krb5-workstation-1.6.3-10.5mdv2010.0.i586.rpm
 4273fddffc5937d7b026051eb7078a6d  2010.0/i586/libkrb53-1.6.3-10.5mdv2010.0.i586.rpm
 65b924acbef7b5c7d1c5cfee4b050f89  2010.0/i586/libkrb53-devel-1.6.3-10.5mdv2010.0.i586.rpm
 1c2d6cbdcffb7a34fb8ad3771d5ca037  2010.0/i586/telnet-client-krb5-1.6.3-10.5mdv2010.0.i586.rpm
 3b562494dcadb73e4b92ce1f3e028c82  2010.0/i586/telnet-server-krb5-1.6.3-10.5mdv2010.0.i586.rpm 
 ba422d1791aa61edbd91c90e544e216b  2010.0/SRPMS/krb5-1.6.3-10.5mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 893e5137d26a641a661495f8faa9d0f5  2010.0/x86_64/ftp-client-krb5-1.6.3-10.5mdv2010.0.x86_64.rpm
 086f6d9a7614e866c813da5d3d92fde7  2010.0/x86_64/ftp-server-krb5-1.6.3-10.5mdv2010.0.x86_64.rpm
 3402310b1f1717057f09ee11985d4aa6  2010.0/x86_64/krb5-1.6.3-10.5mdv2010.0.x86_64.rpm
 e0ec3c4ef7ac973fa938152aaaf53a29  2010.0/x86_64/krb5-server-1.6.3-10.5mdv2010.0.x86_64.rpm
 499e66ced99df6f4bc037abccb80e025  2010.0/x86_64/krb5-workstation-1.6.3-10.5mdv2010.0.x86_64.rpm
 125db3395bdf7efeaccf1316e6ed82d3  2010.0/x86_64/lib64krb53-1.6.3-10.5mdv2010.0.x86_64.rpm
 e76d507737e1f700a1525465e0521ddd  2010.0/x86_64/lib64krb53-devel-1.6.3-10.5mdv2010.0.x86_64.rpm
 445d12b6d5a017d1d7be171c405177e6  2010.0/x86_64/telnet-client-krb5-1.6.3-10.5mdv2010.0.x86_64.rpm
 4f70e288a102af2b67738fad436715fc  2010.0/x86_64/telnet-server-krb5-1.6.3-10.5mdv2010.0.x86_64.rpm 
 ba422d1791aa61edbd91c90e544e216b  2010.0/SRPMS/krb5-1.6.3-10.5mdv2010.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNUo9BmqjQ0CJFipgRAmMoAKDFB46juPm6JexkKwC8TD5inxiIrQCfRra9
+o6dlSIfW5r4AX2DNw/cjdA=
=R4xv
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ