Login
Newsletter
Werbung

Sicherheit: Denial of Service in krb5
Aktuelle Meldungen Distributionen
Name: Denial of Service in krb5
ID: FEDORA-2011-16296
Distribution: Fedora
Plattformen: Fedora 16
Datum: Di, 13. Dezember 2011, 07:03
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1530
Applikationen: krb5

Originalnachricht

Name        : krb5
Product : Fedora 16
Version : 1.9.2
Release : 4.fc16
URL : http://web.mit.edu/kerberos/www/
Summary : The Kerberos network authentication system
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.

-------------------------------------------------------------------------------
-
Update Information:

This update rebases Fedora 15 and 16 from version 1.9.1 to version 1.9.2,
incorporating a recent security update, and some of the fixes we were previously backporting, among others. It also incorporates fixes for null pointer dereferences which the KDC could make while processing TGS requests (CVE-2011-1530).
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Dec 6 2011 Nalin Dahyabhai <nalin@redhat.com> 1.9.2-4
- apply upstream patch to fix a null pointer dereference when processing
TGS requests (CVE-2011-1530, #753748)
* Wed Nov 30 2011 Nalin Dahyabhai <nalin@redhat.com> 1.9.2-3
- correct a bug in the fix for #754001 so that the file creation context is
consistently reset
* Tue Nov 22 2011 Nalin Dahyabhai <nalin@redhat.com> 1.9.2-2
- pull patch from trunk so that when computing an HMAC, we don't assume
that
the HMAC output size is the same as the input key length (RT#6994, #756139)
* Tue Nov 15 2011 Nalin Dahyabhai <nalin@redhat.com> 1.9.2-1
- update to 1.9.2, incorporating the recent security update and some of the
things we were previously backporting, among other fixes
* Tue Nov 15 2011 Nalin Dahyabhai <nalin@redhat.com> 1.9.1-19
- selinux: reset the creation context properly after expunging replay caches
if they were previously set to the default value (#754001)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #754001 - ssh_selinux_change_context: setcon failed with Invalid
argument (openssh, krb5)
https://bugzilla.redhat.com/show_bug.cgi?id=754001
[ 2 ] Bug #756139 - krb5_pac_verify() fail with AES keys
https://bugzilla.redhat.com/show_bug.cgi?id=756139
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update krb5' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung