lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Sn94i-0006er-O5@titan.mandriva.com>
Date: Fri, 06 Jul 2012 16:00:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2012:102 ] krb5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:102
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : krb5
 Date    : July 6, 2012
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in krb5:
 
 Fix a kadmind denial of service issue (null pointer dereference),
 which could only be triggered by an administrator with the create
 privilege (CVE-2012-1013).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1013
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 1175a2115b82a645413fcabe5cb71f70  2010.1/i586/krb5-1.8.1-5.7mdv2010.2.i586.rpm
 e5ac2389b258577b59514a7a16063227  2010.1/i586/krb5-pkinit-openssl-1.8.1-5.7mdv2010.2.i586.rpm
 8ee366b386f58a5f29ad28890e3b3413  2010.1/i586/krb5-server-1.8.1-5.7mdv2010.2.i586.rpm
 a6b3a278f170057a70e046023f18c155  2010.1/i586/krb5-server-ldap-1.8.1-5.7mdv2010.2.i586.rpm
 5aa836c1da611a4cd8f095bdd5b28717  2010.1/i586/krb5-workstation-1.8.1-5.7mdv2010.2.i586.rpm
 11dc88b663661efa1132797f9c05761d  2010.1/i586/libkrb53-1.8.1-5.7mdv2010.2.i586.rpm
 0dcb87015e7bd3e96800aadcab29bba5  2010.1/i586/libkrb53-devel-1.8.1-5.7mdv2010.2.i586.rpm 
 052b607d6ea19fd3d66b84a75c04f7e6  2010.1/SRPMS/krb5-1.8.1-5.7mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 68805dbdfdde01d47d8fc27ab895144e  2010.1/x86_64/krb5-1.8.1-5.7mdv2010.2.x86_64.rpm
 989661661a97f251545f5ee808a314c6  2010.1/x86_64/krb5-pkinit-openssl-1.8.1-5.7mdv2010.2.x86_64.rpm
 6aa59d2c09d12e1a720bc474a0eeeaaf  2010.1/x86_64/krb5-server-1.8.1-5.7mdv2010.2.x86_64.rpm
 c3337bb7d19cb6aa706c44902eb0d2ec  2010.1/x86_64/krb5-server-ldap-1.8.1-5.7mdv2010.2.x86_64.rpm
 84f2946439c82482844f6e0893ce19f1  2010.1/x86_64/krb5-workstation-1.8.1-5.7mdv2010.2.x86_64.rpm
 60299d66703a7112f11a2663fc09edcf  2010.1/x86_64/lib64krb53-1.8.1-5.7mdv2010.2.x86_64.rpm
 6bea584af11149070818f884f5d312b6  2010.1/x86_64/lib64krb53-devel-1.8.1-5.7mdv2010.2.x86_64.rpm 
 052b607d6ea19fd3d66b84a75c04f7e6  2010.1/SRPMS/krb5-1.8.1-5.7mdv2010.2.src.rpm

 Mandriva Linux 2011:
 a8d4bd01471bba983f8a0110d3710716  2011/i586/krb5-1.9.1-1.3-mdv2011.0.i586.rpm
 efb2ea866b62de3ae05d1f3b7ec215da  2011/i586/krb5-pkinit-openssl-1.9.1-1.3-mdv2011.0.i586.rpm
 2403bc6016e27189a5b1279b9fa36a91  2011/i586/krb5-server-1.9.1-1.3-mdv2011.0.i586.rpm
 ad5d818c9346d69db175291a1c089056  2011/i586/krb5-server-ldap-1.9.1-1.3-mdv2011.0.i586.rpm
 226bc0f073d3a6cbf8045c49f0afbe14  2011/i586/krb5-workstation-1.9.1-1.3-mdv2011.0.i586.rpm
 acf3849720c9cc90246fb5c171b2af67  2011/i586/libkrb53-1.9.1-1.3-mdv2011.0.i586.rpm
 b5592a358e88d5330dffcd2784f113db  2011/i586/libkrb53-devel-1.9.1-1.3-mdv2011.0.i586.rpm 
 8444bf31b0ddf8ad23768d79bf69a2a8  2011/SRPMS/krb5-1.9.1-1.3.src.rpm

 Mandriva Linux 2011/X86_64:
 8e2cb70c3064945a5bb01e946b93720a  2011/x86_64/krb5-1.9.1-1.3-mdv2011.0.x86_64.rpm
 8df8bb54172a0070ad770a2bf97d1c74  2011/x86_64/krb5-pkinit-openssl-1.9.1-1.3-mdv2011.0.x86_64.rpm
 c4ad3af421de33b7d330d340d0556f91  2011/x86_64/krb5-server-1.9.1-1.3-mdv2011.0.x86_64.rpm
 545fc63143f4e45639908a39f49c1f40  2011/x86_64/krb5-server-ldap-1.9.1-1.3-mdv2011.0.x86_64.rpm
 531353da8c826397adab7a902d577ed2  2011/x86_64/krb5-workstation-1.9.1-1.3-mdv2011.0.x86_64.rpm
 f64777b5ff24e62a3faae65161fc7102  2011/x86_64/lib64krb53-1.9.1-1.3-mdv2011.0.x86_64.rpm
 f5f700c716fd7c62c4a7cc44ca5aca13  2011/x86_64/lib64krb53-devel-1.9.1-1.3-mdv2011.0.x86_64.rpm 
 8444bf31b0ddf8ad23768d79bf69a2a8  2011/SRPMS/krb5-1.9.1-1.3.src.rpm

 Mandriva Enterprise Server 5:
 98fa3187ade33c8dcc63604c6ebc02ce  mes5/i586/krb5-1.8.1-0.8mdvmes5.2.i586.rpm
 b509b9b7b2138a6e9b058bb991e1d6e2  mes5/i586/krb5-pkinit-openssl-1.8.1-0.8mdvmes5.2.i586.rpm
 3ba432fe4f3c1ae79146d44241002551  mes5/i586/krb5-server-1.8.1-0.8mdvmes5.2.i586.rpm
 330e1002801b9d21d1b8d3bae8ba860c  mes5/i586/krb5-server-ldap-1.8.1-0.8mdvmes5.2.i586.rpm
 fec59596107996bffaede76be60621de  mes5/i586/krb5-workstation-1.8.1-0.8mdvmes5.2.i586.rpm
 5ae5bdbee59e6367406648ca3bd2933a  mes5/i586/libkrb53-1.8.1-0.8mdvmes5.2.i586.rpm
 9b2904fc426a312f7a1e9c9afc58a26c  mes5/i586/libkrb53-devel-1.8.1-0.8mdvmes5.2.i586.rpm 
 f57f14346425b502ee0a10fc2faaa3c6  mes5/SRPMS/krb5-1.8.1-0.8mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 bcb24a17293d01d0c393a1c95074d2c8  mes5/x86_64/krb5-1.8.1-0.8mdvmes5.2.x86_64.rpm
 3ddf8eed66107c373a412faf5715e824  mes5/x86_64/krb5-pkinit-openssl-1.8.1-0.8mdvmes5.2.x86_64.rpm
 8b43725a277670421b3b1b0bba3e8dac  mes5/x86_64/krb5-server-1.8.1-0.8mdvmes5.2.x86_64.rpm
 4ef2f93d362b930f5f7970ef64578b1c  mes5/x86_64/krb5-server-ldap-1.8.1-0.8mdvmes5.2.x86_64.rpm
 f4aaa95f71a326a650113a425bd3fe80  mes5/x86_64/krb5-workstation-1.8.1-0.8mdvmes5.2.x86_64.rpm
 2e055df16c60cfdd456ec0dd80dc3246  mes5/x86_64/lib64krb53-1.8.1-0.8mdvmes5.2.x86_64.rpm
 3dad4c1c066a22eae7931bb40cf59833  mes5/x86_64/lib64krb53-devel-1.8.1-0.8mdvmes5.2.x86_64.rpm 
 f57f14346425b502ee0a10fc2faaa3c6  mes5/SRPMS/krb5-1.8.1-0.8mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFP9sD7mqjQ0CJFipgRAls6AJ9atdFYwXSfo6wpuo//Jrx9qfAFvQCgnn9w
n1HVs0rIYS+NV6s3DemhTfM=
=S/BX
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ