Nom du paquet
krb5
Date
2013-04-30
Advisory ID
MDVSA-2013:157
Affected versions
MES5 i586 , MES5 x86_64

Problem description

Multiple vulnerabilities has been discovered and corrected in krb5:

The pkinit_check_kdc_pkid function in
plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT
implementation in the Key Distribution Center (KDC) in MIT Kerberos
5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not
properly handle errors during extraction of fields from an X.509
certificate, which allows remote attackers to cause a denial of
service (NULL pointer dereference and daemon crash) via a malformed
KRB5_PADATA_PK_AS_REQ AS-REQ request (CVE-2013-1415).

The prep_reprocess_req function in do_tgs_req.c in the Key Distribution
Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not
properly perform service-principal realm referral, which allows
remote authenticated users to cause a denial of service (NULL
pointer dereference and daemon crash) via a crafted TGS-REQ request
(CVE-2013-1416).

The updated packages have been patched to correct these issues.

Updated packages

MES5 i586

 b0468b389b1e175acf762a21823aa870  mes5/i586/krb5-1.8.1-0.10mdvmes5.2.i586.rpm
 f6f34e48c32e7372262387ee0f8a6d6d  mes5/i586/krb5-pkinit-openssl-1.8.1-0.10mdvmes5.2.i586.rpm
 49f04f126409a7c7524dd84bd576513a  mes5/i586/krb5-server-1.8.1-0.10mdvmes5.2.i586.rpm
 763e9df7e32acdf9036e835822ddd337  mes5/i586/krb5-server-ldap-1.8.1-0.10mdvmes5.2.i586.rpm
 ab890e3c1524d97c930f3878437893ee  mes5/i586/krb5-workstation-1.8.1-0.10mdvmes5.2.i586.rpm
 fa03c5d3e3672d61acd9ae43c610e015  mes5/i586/libkrb53-1.8.1-0.10mdvmes5.2.i586.rpm
 7b4d78d59d007dbe82d8827999e2ddc5  mes5/i586/libkrb53-devel-1.8.1-0.10mdvmes5.2.i586.rpm 
 d3630020107ecd02a73e7f329db767bf  mes5/SRPMS/krb5-1.8.1-0.10mdvmes5.2.src.rpm

MES5 x86_64

 eb2e6ec461ee09d091851697b40e3b2c  mes5/x86_64/krb5-1.8.1-0.10mdvmes5.2.x86_64.rpm
 6c583fdc171bc22d8dde7a424f025d3a  mes5/x86_64/krb5-pkinit-openssl-1.8.1-0.10mdvmes5.2.x86_64.rpm
 e83a30d3f387d251b319008c03f2e3b6  mes5/x86_64/krb5-server-1.8.1-0.10mdvmes5.2.x86_64.rpm
 2834b0d57d3a6736f70673c2db4d8e59  mes5/x86_64/krb5-server-ldap-1.8.1-0.10mdvmes5.2.x86_64.rpm
 f69261c7cad2c08af623c3551da65255  mes5/x86_64/krb5-workstation-1.8.1-0.10mdvmes5.2.x86_64.rpm
 8944f84aa13359ee37be6222857b8fae  mes5/x86_64/lib64krb53-1.8.1-0.10mdvmes5.2.x86_64.rpm
 5348e078ac132dac87fd6a124c60e41f  mes5/x86_64/lib64krb53-devel-1.8.1-0.10mdvmes5.2.x86_64.rpm 
 d3630020107ecd02a73e7f329db767bf  mes5/SRPMS/krb5-1.8.1-0.10mdvmes5.2.src.rpm

References