Paketname
krb5
Datum
2009-03-30
Advisory ID
MDVSA-2009:082
Betroffene Versionen
2009.0 x86_64 , 2008.0 i586 , 2009.0 i586 , 2008.0 x86_64 , 2008.1 x86_64 , 2008.1 i586

Problembeschreibung

The spnego_gss_accept_sec_context function in
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.6.3,
when SPNEGO is used, allows remote attackers to cause a denial of
service (NULL pointer dereference and application crash) via invalid
ContextFlags data in the reqFlags field in a negTokenInit token
(CVE-2009-0845).

This update provides the fix for that security issue.

Aktualisierte Pakete

2009.0 x86_64

 91674ae49f677de9a3668387298e55c8  2009.0/x86_64/ftp-client-krb5-1.6.3-6.1mdv2009.0.x86_64.rpm
 340778bb02e00f90e76a8607d70da274  2009.0/x86_64/ftp-server-krb5-1.6.3-6.1mdv2009.0.x86_64.rpm
 06e071f10e53fa4dc98584e83e99f250  2009.0/x86_64/krb5-1.6.3-6.1mdv2009.0.x86_64.rpm
 e1d71c1315d5c57372bb532849e99238  2009.0/x86_64/krb5-server-1.6.3-6.1mdv2009.0.x86_64.rpm
 2c020178838c11639584e0cb78265d96  2009.0/x86_64/krb5-workstation-1.6.3-6.1mdv2009.0.x86_64.rpm
 f1ff13e8ff000a60a57702c4030eb782  2009.0/x86_64/lib64krb53-1.6.3-6.1mdv2009.0.x86_64.rpm
 bbd9d17d5c02468ce5e3dfe475a2daf0  2009.0/x86_64/lib64krb53-devel-1.6.3-6.1mdv2009.0.x86_64.rpm
 71b14ba1165e4e792e7eaef511c83c14  2009.0/x86_64/telnet-client-krb5-1.6.3-6.1mdv2009.0.x86_64.rpm
 17b7bd824ec891d873c5b80a36a6110e  2009.0/x86_64/telnet-server-krb5-1.6.3-6.1mdv2009.0.x86_64.rpm 
 6b3cb2c6eba23f22c4fa5d641e1d732a  2009.0/SRPMS/krb5-1.6.3-6.1mdv2009.0.src.rpm

2008.0 i586

 5ce18c7f810209979b0d670c989fcdc2  2008.0/i586/ftp-client-krb5-1.6.2-7.2mdv2008.0.i586.rpm
 6d58576196a55749c3bdd7157a2ba7e9  2008.0/i586/ftp-server-krb5-1.6.2-7.2mdv2008.0.i586.rpm
 9b14295be74bcd2e8ca158703fe574af  2008.0/i586/krb5-1.6.2-7.2mdv2008.0.i586.rpm
 c6b9a9720d60df5fccb5811e7be1350a  2008.0/i586/krb5-server-1.6.2-7.2mdv2008.0.i586.rpm
 f0ab1b71b472dee0c7c7d9af32f9fe6e  2008.0/i586/krb5-workstation-1.6.2-7.2mdv2008.0.i586.rpm
 aec6870df99ff689b0e34e94878bd62e  2008.0/i586/libkrb53-1.6.2-7.2mdv2008.0.i586.rpm
 5d3cc34a120ab4e0d5e796ef2cc85e02  2008.0/i586/libkrb53-devel-1.6.2-7.2mdv2008.0.i586.rpm
 7efb86a61cd8ce6f16f1df14b05fb76f  2008.0/i586/telnet-client-krb5-1.6.2-7.2mdv2008.0.i586.rpm
 5798de6ed5b7e418cc66e863c9d1c25d  2008.0/i586/telnet-server-krb5-1.6.2-7.2mdv2008.0.i586.rpm 
 4499bdc87bba4214f3a3e50675ad6ce1  2008.0/SRPMS/krb5-1.6.2-7.2mdv2008.0.src.rpm

2009.0 i586

 d2cd9967a894064c2ff33e4c6970b296  2009.0/i586/ftp-client-krb5-1.6.3-6.1mdv2009.0.i586.rpm
 b476eddeae5bb76df6b5091a2efa6bc8  2009.0/i586/ftp-server-krb5-1.6.3-6.1mdv2009.0.i586.rpm
 1c3cfae7f5472af3c74f11ed62024496  2009.0/i586/krb5-1.6.3-6.1mdv2009.0.i586.rpm
 cbbd5704c0bbc54d022d477185b70380  2009.0/i586/krb5-server-1.6.3-6.1mdv2009.0.i586.rpm
 19bf11bf9967c1cdd62634cba5b11554  2009.0/i586/krb5-workstation-1.6.3-6.1mdv2009.0.i586.rpm
 e55d4e80433f89c4b6a4f44102ab1393  2009.0/i586/libkrb53-1.6.3-6.1mdv2009.0.i586.rpm
 6c4aa5674b0a4e0994161a41259d6329  2009.0/i586/libkrb53-devel-1.6.3-6.1mdv2009.0.i586.rpm
 a12749b4bd1404fad9133e8be4a03092  2009.0/i586/telnet-client-krb5-1.6.3-6.1mdv2009.0.i586.rpm
 ee48a33cc0415e1f7b8baa62c309a5a0  2009.0/i586/telnet-server-krb5-1.6.3-6.1mdv2009.0.i586.rpm 
 6b3cb2c6eba23f22c4fa5d641e1d732a  2009.0/SRPMS/krb5-1.6.3-6.1mdv2009.0.src.rpm

2008.0 x86_64

 c258b4f264fa004e755c90c4ec03ecd5  2008.0/x86_64/ftp-client-krb5-1.6.2-7.2mdv2008.0.x86_64.rpm
 6b2582771b5d8c46041b85451b8f70f4  2008.0/x86_64/ftp-server-krb5-1.6.2-7.2mdv2008.0.x86_64.rpm
 0728d70f5053343781ee4d216e6080fa  2008.0/x86_64/krb5-1.6.2-7.2mdv2008.0.x86_64.rpm
 08e7f28f6fd18c9cbe613d0785239390  2008.0/x86_64/krb5-server-1.6.2-7.2mdv2008.0.x86_64.rpm
 f03416152ba0487939fdbc23b60ee054  2008.0/x86_64/krb5-workstation-1.6.2-7.2mdv2008.0.x86_64.rpm
 fd5d56e93430c0a15ba87dd7950eed28  2008.0/x86_64/lib64krb53-1.6.2-7.2mdv2008.0.x86_64.rpm
 3d34e20016be66d98601fa03652ab523  2008.0/x86_64/lib64krb53-devel-1.6.2-7.2mdv2008.0.x86_64.rpm
 cc07613f6e26f48701d8089a0f15056f  2008.0/x86_64/telnet-client-krb5-1.6.2-7.2mdv2008.0.x86_64.rpm
 fa8776c1c3a70b301434937f5ba60c9d  2008.0/x86_64/telnet-server-krb5-1.6.2-7.2mdv2008.0.x86_64.rpm 
 4499bdc87bba4214f3a3e50675ad6ce1  2008.0/SRPMS/krb5-1.6.2-7.2mdv2008.0.src.rpm

2008.1 x86_64

 229800b13b28dbd13b032e37032d9342  2008.1/x86_64/ftp-client-krb5-1.6.3-6.1mdv2008.1.x86_64.rpm
 3aa80e2ce37b3d5892041314a37247f1  2008.1/x86_64/ftp-server-krb5-1.6.3-6.1mdv2008.1.x86_64.rpm
 d582b216c833e422b10a884c8b6e82a4  2008.1/x86_64/krb5-1.6.3-6.1mdv2008.1.x86_64.rpm
 a479750fc340e67888ce78b1774f26e1  2008.1/x86_64/krb5-server-1.6.3-6.1mdv2008.1.x86_64.rpm
 a457722a46fad670369250761c2747ad  2008.1/x86_64/krb5-workstation-1.6.3-6.1mdv2008.1.x86_64.rpm
 ce56dff13552bf9937577de0fa492f05  2008.1/x86_64/lib64krb53-1.6.3-6.1mdv2008.1.x86_64.rpm
 e804e47ddad22d93bc3d5e792097f77c  2008.1/x86_64/lib64krb53-devel-1.6.3-6.1mdv2008.1.x86_64.rpm
 618aba8252aed6b011c7e25836242a1b  2008.1/x86_64/telnet-client-krb5-1.6.3-6.1mdv2008.1.x86_64.rpm
 acb8f57d05dff96485af9763684dead5  2008.1/x86_64/telnet-server-krb5-1.6.3-6.1mdv2008.1.x86_64.rpm 
 5d8ec12aeac32033ad66f977ea61f878  2008.1/SRPMS/krb5-1.6.3-6.1mdv2008.1.src.rpm

2008.1 i586

 592aefb75780bf23b1b44f0a40b54da1  2008.1/i586/ftp-client-krb5-1.6.3-6.1mdv2008.1.i586.rpm
 b21e7612f59bec538c68eacb4688d384  2008.1/i586/ftp-server-krb5-1.6.3-6.1mdv2008.1.i586.rpm
 7abf7a73566130cbfc0bd4d25eb4596e  2008.1/i586/krb5-1.6.3-6.1mdv2008.1.i586.rpm
 78a7dfeb9dc53cfa7e3bbee6250696d2  2008.1/i586/krb5-server-1.6.3-6.1mdv2008.1.i586.rpm
 5471b67366a10ab5de61acfe68d683b1  2008.1/i586/krb5-workstation-1.6.3-6.1mdv2008.1.i586.rpm
 9004c8d03615552f687f6f31292fa57e  2008.1/i586/libkrb53-1.6.3-6.1mdv2008.1.i586.rpm
 0c0fd6e1aeb4839503d7dda0a167de83  2008.1/i586/libkrb53-devel-1.6.3-6.1mdv2008.1.i586.rpm
 1770b94a6e97336541cd72daa2196b01  2008.1/i586/telnet-client-krb5-1.6.3-6.1mdv2008.1.i586.rpm
 a8949f3aefe925ed5411198a7c7ec211  2008.1/i586/telnet-server-krb5-1.6.3-6.1mdv2008.1.i586.rpm 
 5d8ec12aeac32033ad66f977ea61f878  2008.1/SRPMS/krb5-1.6.3-6.1mdv2008.1.src.rpm

Referenzen