[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PnCh3-00006J-E1@titan.mandriva.com>
Date: Wed, 09 Feb 2011 17:15:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:024 ] krb5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:024
http://www.mandriva.com/security/
_______________________________________________________________________
Package : krb5
Date : January 9, 2011
Affected: 2009.0, 2010.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities were discovered and corrected in krb5:
The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable
to denial of service attacks from unauthenticated remote attackers
(CVE-2011-0281, CVE-2011-0282).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0282
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
a19b45095a4c3a3325a23a98c9b62123 2009.0/i586/ftp-client-krb5-1.6.3-6.7mdv2009.0.i586.rpm
62ee1d7005c6fecc20f43d50773a8ab0 2009.0/i586/ftp-server-krb5-1.6.3-6.7mdv2009.0.i586.rpm
4a670066b022ca0d1e780e535b5dad34 2009.0/i586/krb5-1.6.3-6.7mdv2009.0.i586.rpm
27479079f1205258ebf1a95cde9c72c4 2009.0/i586/krb5-server-1.6.3-6.7mdv2009.0.i586.rpm
2b8bc1f146ae12947eb0d66571e71b6c 2009.0/i586/krb5-workstation-1.6.3-6.7mdv2009.0.i586.rpm
19fdf51bf9e901e42f59ca9e6e98f467 2009.0/i586/libkrb53-1.6.3-6.7mdv2009.0.i586.rpm
d605d6a2482a43395f7099900bff82f2 2009.0/i586/libkrb53-devel-1.6.3-6.7mdv2009.0.i586.rpm
462f1389fe4095a4c4f0f6207672f2f3 2009.0/i586/telnet-client-krb5-1.6.3-6.7mdv2009.0.i586.rpm
296db9f5769dde078cb94e6e0d82095a 2009.0/i586/telnet-server-krb5-1.6.3-6.7mdv2009.0.i586.rpm
2bad38c6316246a6dc19064862355946 2009.0/SRPMS/krb5-1.6.3-6.7mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
874d1f1e9d08f0fd037dafb02f27e25a 2009.0/x86_64/ftp-client-krb5-1.6.3-6.7mdv2009.0.x86_64.rpm
809e11d3f613310a554cc410b265340a 2009.0/x86_64/ftp-server-krb5-1.6.3-6.7mdv2009.0.x86_64.rpm
1cba00d3b76c822327e475f65b8eb297 2009.0/x86_64/krb5-1.6.3-6.7mdv2009.0.x86_64.rpm
2cec696b37dca1c6838f22e6d15be960 2009.0/x86_64/krb5-server-1.6.3-6.7mdv2009.0.x86_64.rpm
2e5224b06920992dd089155524f59a84 2009.0/x86_64/krb5-workstation-1.6.3-6.7mdv2009.0.x86_64.rpm
cc71b41dd2694b64ae0bd0a29f5901ae 2009.0/x86_64/lib64krb53-1.6.3-6.7mdv2009.0.x86_64.rpm
570353d6ce78ce9df326002439caec90 2009.0/x86_64/lib64krb53-devel-1.6.3-6.7mdv2009.0.x86_64.rpm
fac2a3ec4699ea5468edd525581c176c 2009.0/x86_64/telnet-client-krb5-1.6.3-6.7mdv2009.0.x86_64.rpm
c6101ff519432a473fe54813dee91920 2009.0/x86_64/telnet-server-krb5-1.6.3-6.7mdv2009.0.x86_64.rpm
2bad38c6316246a6dc19064862355946 2009.0/SRPMS/krb5-1.6.3-6.7mdv2009.0.src.rpm
Mandriva Linux 2010.0:
d5b2da171f65a6b7ac3e60e01e4d1712 2010.0/i586/ftp-client-krb5-1.6.3-10.5mdv2010.0.i586.rpm
27ae96d163768f10187a40eca4f754d2 2010.0/i586/ftp-server-krb5-1.6.3-10.5mdv2010.0.i586.rpm
498c4f101072718c07c2b7639d9d814d 2010.0/i586/krb5-1.6.3-10.5mdv2010.0.i586.rpm
afdbc93b50cb27f0cede08efc9e3bc61 2010.0/i586/krb5-server-1.6.3-10.5mdv2010.0.i586.rpm
6f8b0b82cb75fdf87f25eb123a65fdcf 2010.0/i586/krb5-workstation-1.6.3-10.5mdv2010.0.i586.rpm
4273fddffc5937d7b026051eb7078a6d 2010.0/i586/libkrb53-1.6.3-10.5mdv2010.0.i586.rpm
65b924acbef7b5c7d1c5cfee4b050f89 2010.0/i586/libkrb53-devel-1.6.3-10.5mdv2010.0.i586.rpm
1c2d6cbdcffb7a34fb8ad3771d5ca037 2010.0/i586/telnet-client-krb5-1.6.3-10.5mdv2010.0.i586.rpm
3b562494dcadb73e4b92ce1f3e028c82 2010.0/i586/telnet-server-krb5-1.6.3-10.5mdv2010.0.i586.rpm
ba422d1791aa61edbd91c90e544e216b 2010.0/SRPMS/krb5-1.6.3-10.5mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
893e5137d26a641a661495f8faa9d0f5 2010.0/x86_64/ftp-client-krb5-1.6.3-10.5mdv2010.0.x86_64.rpm
086f6d9a7614e866c813da5d3d92fde7 2010.0/x86_64/ftp-server-krb5-1.6.3-10.5mdv2010.0.x86_64.rpm
3402310b1f1717057f09ee11985d4aa6 2010.0/x86_64/krb5-1.6.3-10.5mdv2010.0.x86_64.rpm
e0ec3c4ef7ac973fa938152aaaf53a29 2010.0/x86_64/krb5-server-1.6.3-10.5mdv2010.0.x86_64.rpm
499e66ced99df6f4bc037abccb80e025 2010.0/x86_64/krb5-workstation-1.6.3-10.5mdv2010.0.x86_64.rpm
125db3395bdf7efeaccf1316e6ed82d3 2010.0/x86_64/lib64krb53-1.6.3-10.5mdv2010.0.x86_64.rpm
e76d507737e1f700a1525465e0521ddd 2010.0/x86_64/lib64krb53-devel-1.6.3-10.5mdv2010.0.x86_64.rpm
445d12b6d5a017d1d7be171c405177e6 2010.0/x86_64/telnet-client-krb5-1.6.3-10.5mdv2010.0.x86_64.rpm
4f70e288a102af2b67738fad436715fc 2010.0/x86_64/telnet-server-krb5-1.6.3-10.5mdv2010.0.x86_64.rpm
ba422d1791aa61edbd91c90e544e216b 2010.0/SRPMS/krb5-1.6.3-10.5mdv2010.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNUo9BmqjQ0CJFipgRAmMoAKDFB46juPm6JexkKwC8TD5inxiIrQCfRra9
+o6dlSIfW5r4AX2DNw/cjdA=
=R4xv
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists