Paketname
krb5
Datum
2011-12-12
Advisory ID
MDVSA-2011:184
Betroffene Versionen
2011 i586 , 2011 x86_64

Problembeschreibung

A vulnerability has been discovered and corrected in krb5:

The process_tgs_req function in do_tgs_req.c in the Key Distribution
Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows
remote authenticated users to cause a denial of service (NULL pointer
dereference and daemon crash) via a crafted TGS request that triggers
an error other than the KRB5_KDB_NOENTRY error (CVE-2011-1530).

The updated packages have been patched to correct this issue.

Aktualisierte Pakete

2011 i586

 54a83cd6cdbc7f0d8c6a42294bc113b9  2011/i586/krb5-1.9.1-1.2-mdv2011.0.i586.rpm
 c31913958d5883a6dbc0325704cc39fa  2011/i586/krb5-pkinit-openssl-1.9.1-1.2-mdv2011.0.i586.rpm
 946695d8f81db41d8d96dc7f042f7b5a  2011/i586/krb5-server-1.9.1-1.2-mdv2011.0.i586.rpm
 8d4c45656dee7a304c2949b310e4ac15  2011/i586/krb5-server-ldap-1.9.1-1.2-mdv2011.0.i586.rpm
 793a023ecb27c0da74fd5ce2d427f313  2011/i586/krb5-workstation-1.9.1-1.2-mdv2011.0.i586.rpm
 21adde2be479d0d88cc4d4b4ccdc830f  2011/i586/libkrb53-1.9.1-1.2-mdv2011.0.i586.rpm
 2e6fccb5bd6d4952760ea9f775cbc82f  2011/i586/libkrb53-devel-1.9.1-1.2-mdv2011.0.i586.rpm 
 969f9571e81879d930765641058a36d7  2011/SRPMS/krb5-1.9.1-1.2.src.rpm

2011 x86_64

 2c955a204331355400fbb314916e08c3  2011/x86_64/krb5-1.9.1-1.2-mdv2011.0.x86_64.rpm
 96830217b39f95a75c4595bad116b767  2011/x86_64/krb5-pkinit-openssl-1.9.1-1.2-mdv2011.0.x86_64.rpm
 1fda8cc8c58d6b7676fda754cc94fee8  2011/x86_64/krb5-server-1.9.1-1.2-mdv2011.0.x86_64.rpm
 d96a439614ec95f1382b617ce1d8fa26  2011/x86_64/krb5-server-ldap-1.9.1-1.2-mdv2011.0.x86_64.rpm
 5bedc418631830dbe231dffa7fe95f69  2011/x86_64/krb5-workstation-1.9.1-1.2-mdv2011.0.x86_64.rpm
 be039c2f29add507c55fa24e67f151ce  2011/x86_64/lib64krb53-1.9.1-1.2-mdv2011.0.x86_64.rpm
 bafc29ad3c0bc69293b06742743dc915  2011/x86_64/lib64krb53-devel-1.9.1-1.2-mdv2011.0.x86_64.rpm 
 969f9571e81879d930765641058a36d7  2011/SRPMS/krb5-1.9.1-1.2.src.rpm

Referenzen