[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1VjTdw-00046q-UZ@titan.mandriva.com>
Date: Thu, 21 Nov 2013 13:46:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2013:275 ] krb5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:275
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : krb5
Date : November 21, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Updated krb5 package fixes security vulnerabily:
If a KDC serves multiple realms, certain requests can cause
setup_server_realm() to dereference a null pointer, crashing
the KDC. This can be triggered by an unauthenticated user
(CVE-2013-1418).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418
http://advisories.mageia.org/MGASA-2013-0335.html
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
c6e2a12f9334c9b0861f738e309ef21c mes5/i586/krb5-1.8.1-0.12mdvmes5.2.i586.rpm
099870aeac2424420be5a47718443e88 mes5/i586/krb5-pkinit-openssl-1.8.1-0.12mdvmes5.2.i586.rpm
f683b619aed5b347c7d6b92070a86b77 mes5/i586/krb5-server-1.8.1-0.12mdvmes5.2.i586.rpm
369a1ac36bd88019c207aa1982f50753 mes5/i586/krb5-server-ldap-1.8.1-0.12mdvmes5.2.i586.rpm
b303c5a842bc235c64cf1521e905bf4e mes5/i586/krb5-workstation-1.8.1-0.12mdvmes5.2.i586.rpm
24b5128661cb61497a8965abfc1b0e43 mes5/i586/libkrb53-1.8.1-0.12mdvmes5.2.i586.rpm
f5dba26c5fdf746de303591346b8de63 mes5/i586/libkrb53-devel-1.8.1-0.12mdvmes5.2.i586.rpm
56849bc96afd72468707d055d286ce0a mes5/SRPMS/krb5-1.8.1-0.12mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
aaf04d799c2bb6e9bac4dc9f0c24ba99 mes5/x86_64/krb5-1.8.1-0.12mdvmes5.2.x86_64.rpm
29b3214d94a789911404d03a1e176403 mes5/x86_64/krb5-pkinit-openssl-1.8.1-0.12mdvmes5.2.x86_64.rpm
46ffafde92974ccc43501486b53028db mes5/x86_64/krb5-server-1.8.1-0.12mdvmes5.2.x86_64.rpm
1ad22a59ef287c424f6eaae5cc891365 mes5/x86_64/krb5-server-ldap-1.8.1-0.12mdvmes5.2.x86_64.rpm
63aa45265bc290f807cf14d4aa43843f mes5/x86_64/krb5-workstation-1.8.1-0.12mdvmes5.2.x86_64.rpm
c884dcc1f33f1f802c2d8cee153cea85 mes5/x86_64/lib64krb53-1.8.1-0.12mdvmes5.2.x86_64.rpm
ff88b48603330887ddf7d7c732600a7e mes5/x86_64/lib64krb53-devel-1.8.1-0.12mdvmes5.2.x86_64.rpm
56849bc96afd72468707d055d286ce0a mes5/SRPMS/krb5-1.8.1-0.12mdvmes5.2.src.rpm
Mandriva Business Server 1/X86_64:
76b585b948b99099d7f4176af973f0fd mbs1/x86_64/krb5-1.9.2-3.4.mbs1.x86_64.rpm
1081705b0e90cf301fe6a709d5f3661f mbs1/x86_64/krb5-pkinit-openssl-1.9.2-3.4.mbs1.x86_64.rpm
dc28a054d134b3c74d5de881407e8391 mbs1/x86_64/krb5-server-1.9.2-3.4.mbs1.x86_64.rpm
006ede11ef91663f9f03a270110db97a mbs1/x86_64/krb5-server-ldap-1.9.2-3.4.mbs1.x86_64.rpm
a86c414f752c1a663a304d8151116d02 mbs1/x86_64/krb5-workstation-1.9.2-3.4.mbs1.x86_64.rpm
d1fac5ab68f0f8df723d9d83abcfef78 mbs1/x86_64/lib64krb53-1.9.2-3.4.mbs1.x86_64.rpm
1ec050aa3173941d0e4dbdb501085315 mbs1/x86_64/lib64krb53-devel-1.9.2-3.4.mbs1.x86_64.rpm
fb6fa067fd8857905b0433d366470c15 mbs1/SRPMS/krb5-1.9.2-3.4.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFSjdSRmqjQ0CJFipgRAvYCAKDOR+UvyukA+sBAuu1ZOHax2R2hhwCfWZbu
zrWz2FmnSu0pcKLe+wofc0s=
=fank
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists