Описание
ELSA-2011-0200: krb5 security update (IMPORTANT)
[1.8.2-3.4]
- add upstream patches to fix standalone kpropd exiting if the per-client child process exits with an error, and hang or crash in the KDC when using the LDAP kdb backend (CVE-2010-4022, CVE-2011-0281, CVE-2011-0282, #671101)
[1.8.2-3.3]
- pull up crypto changes made between 1.8.2 and 1.8.3 to fix upstream #6751, assumed to already be there for the next fix
- incorporate candidate patch to fix various issues from MITKRB5-SA-2010-007 (CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, #651962)
[1.8.2-3.2]
- fix reading of keyUsage extensions when attempting to select pkinit client certs (part of #644825, RT#6775)
- fix selection of pkinit client certs when one or more don't include a subjectAltName extension (part of #644825, RT#6774)
[1.8.2-3.1]
- incorporate candidate patch to fix uninitialized pointer crash in the KDC (CVE-2010-1322, #636336)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
krb5-devel
1.8.2-3.el6_0.4
krb5-libs
1.8.2-3.el6_0.4
krb5-pkinit-openssl
1.8.2-3.el6_0.4
krb5-server
1.8.2-3.el6_0.4
krb5-server-ldap
1.8.2-3.el6_0.4
krb5-workstation
1.8.2-3.el6_0.4
Oracle Linux i686
krb5-devel
1.8.2-3.el6_0.4
krb5-libs
1.8.2-3.el6_0.4
krb5-pkinit-openssl
1.8.2-3.el6_0.4
krb5-server
1.8.2-3.el6_0.4
krb5-server-ldap
1.8.2-3.el6_0.4
krb5-workstation
1.8.2-3.el6_0.4
Ссылки на источники
Связанные уязвимости
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.