Описание
ELSA-2014-1245: krb5 security and bug fix update (MODERATE)
[1.6.1-78.el5]
- gssapi: pull in upstream fix for a possible NULL dereference in spnego (CVE-2014-4344, #1121509)
[1.6.1-77.el5]
- fix what appears to be a cosmetic error in the patch for self-tests for CVE-2014-4341
[1.6.1-76.el5]
- run the backported self-tests, such as they are, for CVE-2014-4341
[1.6.1-75.el5]
- pull in backported fix for denial of service by injection of malformed GSSAPI tokens (CVE-2014-4341, #1121509)
[1.6.1-74.el5]
- add patch based on one from Filip Krska to not call poll() with a negative timeout when the caller's intent is for us to just stop calling it (#1089732)
[1.6.1-73.el5]
- incorporate backported upstream patch for remote crash of KDCs which serve multiple realms simultaneously (RT#7756, CVE-2013-1418/CVE-2013-6800,
[1.6.1-72.el5]
- add part-backported fix to avoid possible use-after-free when encrypting delegated creds (Jatin Nansi, #1004632)
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
krb5-devel
1.6.1-78.el5
krb5-libs
1.6.1-78.el5
krb5-server
1.6.1-78.el5
krb5-server-ldap
1.6.1-78.el5
krb5-workstation
1.6.1-78.el5
Oracle Linux x86_64
krb5-devel
1.6.1-78.el5
krb5-libs
1.6.1-78.el5
krb5-server
1.6.1-78.el5
krb5-server-ldap
1.6.1-78.el5
krb5-workstation
1.6.1-78.el5
Oracle Linux i386
krb5-devel
1.6.1-78.el5
krb5-libs
1.6.1-78.el5
krb5-server
1.6.1-78.el5
krb5-server-ldap
1.6.1-78.el5
krb5-workstation
1.6.1-78.el5
Связанные CVE
Связанные уязвимости
ELSA-2014-1389: krb5 security and bug fix update (MODERATE)
The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.
The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.
The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.
The setup_server_realm function in main.c in the Key Distribution Cent ...