Nome do pacote
krb5
Data
2013-04-30
ID Alerta
MDVSA-2013:158
Versões afetadas
MBS1 x86_64

Descrição do problema

A vulnerability has been discovered and corrected in krb5:

The prep_reprocess_req function in do_tgs_req.c in the Key Distribution
Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not
properly perform service-principal realm referral, which allows
remote authenticated users to cause a denial of service (NULL
pointer dereference and daemon crash) via a crafted TGS-REQ request
(CVE-2013-1416).

The updated packages have been patched to correct this issue.

Pacotes atualizados

MBS1 x86_64

 a5cc93b1d14c7cee5598a597614ac059  mbs1/x86_64/krb5-1.9.2-3.2.mbs1.x86_64.rpm
 15a9332ef3c0551e1ee5bd44b94c519f  mbs1/x86_64/krb5-pkinit-openssl-1.9.2-3.2.mbs1.x86_64.rpm
 4623151b5610336a738812c2a3669c03  mbs1/x86_64/krb5-server-1.9.2-3.2.mbs1.x86_64.rpm
 1b3886f11763a485d02427a0a20610ae  mbs1/x86_64/krb5-server-ldap-1.9.2-3.2.mbs1.x86_64.rpm
 d31d4dfa8efedc4882e9c5bbd6545ca7  mbs1/x86_64/krb5-workstation-1.9.2-3.2.mbs1.x86_64.rpm
 ed22ef65fff912a3fc43f8e420999d9a  mbs1/x86_64/lib64krb53-1.9.2-3.2.mbs1.x86_64.rpm
 53c7f6143291f3babfdb34689dedb940  mbs1/x86_64/lib64krb53-devel-1.9.2-3.2.mbs1.x86_64.rpm 
 39256166cb6f0563533942345c637d47  mbs1/SRPMS/krb5-1.9.2-3.2.mbs1.src.rpm

Referências