drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in krb5
| Name: |
Denial of Service in krb5 |
|
| ID: |
MDVSA-2013:275 |
|
| Distribution: |
Mandriva |
|
| Plattformen: |
Mandriva Enterprise Server 5.0, Mandriva Business Server 1.0 |
|
| Datum: |
Fr, 22. November 2013, 06:38 |
|
| Referenzen: |
http://advisories.mageia.org/MGASA-2013-0335.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418 |
|
| Applikationen: |
MIT Kerberos |
|
Originalnachricht |
This is a multi-part message in MIME format...
------------=_1385039253-2618-31
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:275
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : krb5
Date : November 21, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Updated krb5 package fixes security vulnerabily:
If a KDC serves multiple realms, certain requests can cause
setup_server_realm() to dereference a null pointer, crashing
the KDC. This can be triggered by an unauthenticated user
(CVE-2013-1418).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418
http://advisories.mageia.org/MGASA-2013-0335.html
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
c6e2a12f9334c9b0861f738e309ef21c mes5/i586/krb5-1.8.1-0.12mdvmes5.2.i586.rpm
099870aeac2424420be5a47718443e88
mes5/i586/krb5-pkinit-openssl-1.8.1-0.12mdvmes5.2.i586.rpm
f683b619aed5b347c7d6b92070a86b77
mes5/i586/krb5-server-1.8.1-0.12mdvmes5.2.i586.rpm
369a1ac36bd88019c207aa1982f50753
mes5/i586/krb5-server-ldap-1.8.1-0.12mdvmes5.2.i586.rpm
b303c5a842bc235c64cf1521e905bf4e
mes5/i586/krb5-workstation-1.8.1-0.12mdvmes5.2.i586.rpm
24b5128661cb61497a8965abfc1b0e43
mes5/i586/libkrb53-1.8.1-0.12mdvmes5.2.i586.rpm
f5dba26c5fdf746de303591346b8de63
mes5/i586/libkrb53-devel-1.8.1-0.12mdvmes5.2.i586.rpm
56849bc96afd72468707d055d286ce0a mes5/SRPMS/krb5-1.8.1-0.12mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
aaf04d799c2bb6e9bac4dc9f0c24ba99
mes5/x86_64/krb5-1.8.1-0.12mdvmes5.2.x86_64.rpm
29b3214d94a789911404d03a1e176403
mes5/x86_64/krb5-pkinit-openssl-1.8.1-0.12mdvmes5.2.x86_64.rpm
46ffafde92974ccc43501486b53028db
mes5/x86_64/krb5-server-1.8.1-0.12mdvmes5.2.x86_64.rpm
1ad22a59ef287c424f6eaae5cc891365
mes5/x86_64/krb5-server-ldap-1.8.1-0.12mdvmes5.2.x86_64.rpm
63aa45265bc290f807cf14d4aa43843f
mes5/x86_64/krb5-workstation-1.8.1-0.12mdvmes5.2.x86_64.rpm
c884dcc1f33f1f802c2d8cee153cea85
mes5/x86_64/lib64krb53-1.8.1-0.12mdvmes5.2.x86_64.rpm
ff88b48603330887ddf7d7c732600a7e
mes5/x86_64/lib64krb53-devel-1.8.1-0.12mdvmes5.2.x86_64.rpm
56849bc96afd72468707d055d286ce0a mes5/SRPMS/krb5-1.8.1-0.12mdvmes5.2.src.rpm
Mandriva Business Server 1/X86_64:
76b585b948b99099d7f4176af973f0fd mbs1/x86_64/krb5-1.9.2-3.4.mbs1.x86_64.rpm
1081705b0e90cf301fe6a709d5f3661f
mbs1/x86_64/krb5-pkinit-openssl-1.9.2-3.4.mbs1.x86_64.rpm
dc28a054d134b3c74d5de881407e8391
mbs1/x86_64/krb5-server-1.9.2-3.4.mbs1.x86_64.rpm
006ede11ef91663f9f03a270110db97a
mbs1/x86_64/krb5-server-ldap-1.9.2-3.4.mbs1.x86_64.rpm
a86c414f752c1a663a304d8151116d02
mbs1/x86_64/krb5-workstation-1.9.2-3.4.mbs1.x86_64.rpm
d1fac5ab68f0f8df723d9d83abcfef78
mbs1/x86_64/lib64krb53-1.9.2-3.4.mbs1.x86_64.rpm
1ec050aa3173941d0e4dbdb501085315
mbs1/x86_64/lib64krb53-devel-1.9.2-3.4.mbs1.x86_64.rpm
fb6fa067fd8857905b0433d366470c15 mbs1/SRPMS/krb5-1.9.2-3.4.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFSjdSRmqjQ0CJFipgRAvYCAKDOR+UvyukA+sBAuu1ZOHax2R2hhwCfWZbu
zrWz2FmnSu0pcKLe+wofc0s=
=fank
-----END PGP SIGNATURE-----
------------=_1385039253-2618-31
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit
To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________
------------=_1385039253-2618-31--
|
|
|
|
