MDVSA-2011:184
- Package name
- krb5
- Date
- 2011-12-12
- Advisory ID
- MDVSA-2011:184
- Affected versions
- 2011 i586 , 2011 x86_64
Problem description
A vulnerability has been discovered and corrected in krb5:
The process_tgs_req function in do_tgs_req.c in the Key Distribution
Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows
remote authenticated users to cause a denial of service (NULL pointer
dereference and daemon crash) via a crafted TGS request that triggers
an error other than the KRB5_KDB_NOENTRY error (CVE-2011-1530).
The updated packages have been patched to correct this issue.
Updated packages
2011 i586
54a83cd6cdbc7f0d8c6a42294bc113b9 2011/i586/krb5-1.9.1-1.2-mdv2011.0.i586.rpm c31913958d5883a6dbc0325704cc39fa 2011/i586/krb5-pkinit-openssl-1.9.1-1.2-mdv2011.0.i586.rpm 946695d8f81db41d8d96dc7f042f7b5a 2011/i586/krb5-server-1.9.1-1.2-mdv2011.0.i586.rpm 8d4c45656dee7a304c2949b310e4ac15 2011/i586/krb5-server-ldap-1.9.1-1.2-mdv2011.0.i586.rpm 793a023ecb27c0da74fd5ce2d427f313 2011/i586/krb5-workstation-1.9.1-1.2-mdv2011.0.i586.rpm 21adde2be479d0d88cc4d4b4ccdc830f 2011/i586/libkrb53-1.9.1-1.2-mdv2011.0.i586.rpm 2e6fccb5bd6d4952760ea9f775cbc82f 2011/i586/libkrb53-devel-1.9.1-1.2-mdv2011.0.i586.rpm 969f9571e81879d930765641058a36d7 2011/SRPMS/krb5-1.9.1-1.2.src.rpm
2011 x86_64
2c955a204331355400fbb314916e08c3 2011/x86_64/krb5-1.9.1-1.2-mdv2011.0.x86_64.rpm 96830217b39f95a75c4595bad116b767 2011/x86_64/krb5-pkinit-openssl-1.9.1-1.2-mdv2011.0.x86_64.rpm 1fda8cc8c58d6b7676fda754cc94fee8 2011/x86_64/krb5-server-1.9.1-1.2-mdv2011.0.x86_64.rpm d96a439614ec95f1382b617ce1d8fa26 2011/x86_64/krb5-server-ldap-1.9.1-1.2-mdv2011.0.x86_64.rpm 5bedc418631830dbe231dffa7fe95f69 2011/x86_64/krb5-workstation-1.9.1-1.2-mdv2011.0.x86_64.rpm be039c2f29add507c55fa24e67f151ce 2011/x86_64/lib64krb53-1.9.1-1.2-mdv2011.0.x86_64.rpm bafc29ad3c0bc69293b06742743dc915 2011/x86_64/lib64krb53-devel-1.9.1-1.2-mdv2011.0.x86_64.rpm 969f9571e81879d930765641058a36d7 2011/SRPMS/krb5-1.9.1-1.2.src.rpm