MDVSA-2010:005
- Nom du paquet
- krb5
- Date
- 2010-01-13
- Advisory ID
- MDVSA-2010:005
- Affected versions
- MNF2.0 i586
Problem description
Multiple vulnerabilities has been found and corrected in krb5:
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in
the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before
1.6.4 allows remote attackers to cause a denial of service (daemon
crash) or possibly execute arbitrary code via vectors involving an
invalid DER encoding that triggers a free of an uninitialized pointer
(CVE-2009-0846).
The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5
(aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to
cause a denial of service (application crash) via a crafted length
value that triggers an erroneous malloc call, related to incorrect
calculations with pointer arithmetic (CVE-2009-0847).
The updated packages have been patched to correct these issues.
Updated packages
MNF2.0 i586
89a9a2ea150c9a935ef6aae518f9bc6a mnf/2.0/i586/ftp-client-krb5-1.3-6.11.M20mdk.i586.rpm 50547a6dcfd037ebd10222b4c25954bc mnf/2.0/i586/ftp-server-krb5-1.3-6.11.M20mdk.i586.rpm 7ebbbd6d7374bebdff12ab28da4f3a12 mnf/2.0/i586/krb5-server-1.3-6.11.M20mdk.i586.rpm d2f2265f0d9b68df799dc82fadda5887 mnf/2.0/i586/krb5-workstation-1.3-6.11.M20mdk.i586.rpm 3a467a675f59c3f8ea6778290abebaf6 mnf/2.0/i586/libkrb51-1.3-6.11.M20mdk.i586.rpm 02601a40f77c526174e26667daf63cc2 mnf/2.0/i586/libkrb51-devel-1.3-6.11.M20mdk.i586.rpm 43eaff29e6cd398c0b6cdb9dcdf28b74 mnf/2.0/i586/telnet-client-krb5-1.3-6.11.M20mdk.i586.rpm 99b454ab3a0b20cae15da89ae69aa423 mnf/2.0/i586/telnet-server-krb5-1.3-6.11.M20mdk.i586.rpm 55029456c5057afbe7b344a265d2e53a mnf/2.0/SRPMS/krb5-1.3-6.11.M20mdk.src.rpm