ELSA-2010-0343

Опубликовано: 08 апр. 2010

Источник: oracle-oval

Платформа: Oracle Linux 5

Описание

ELSA-2010-0343: krb5 security and bug fix update (IMPORTANT)

[1.6.1-36.el5_5.3]

add upstream patch to fix a few use-after-free bugs, including one in kadmind (CVE-2010-0629, #578185)

[1.6.1-36.el5_5.2]

pull changes to libkrb5 to properly handle and chase off-path referrals back from 1.7 (#574387)

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

krb5-devel

1.6.1-36.el5_5.2

krb5-libs

1.6.1-36.el5_5.2

krb5-server

1.6.1-36.el5_5.2

krb5-workstation

1.6.1-36.el5_5.2

Oracle Linux x86_64

krb5-devel

1.6.1-36.el5_5.2

krb5-libs

1.6.1-36.el5_5.2

krb5-server

1.6.1-36.el5_5.2

krb5-workstation

1.6.1-36.el5_5.2

Oracle Linux i386

krb5-devel

1.6.1-36.el5_5.2

krb5-libs

1.6.1-36.el5_5.2

krb5-server

1.6.1-36.el5_5.2

krb5-workstation

1.6.1-36.el5_5.2

Связанные CVE

CVE-2010-0629

Ссылки на источники

Связанные уязвимости

CVE-2010-0629

CVSS3: 6.5

ubuntu

около 15 лет назад

Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.