ELSA-2016-2591

Опубликовано: 09 нояб. 2016

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2016-2591: krb5 security, bug fix, and enhancement update (LOW)

[1.14.1-26]

Use responder in non-preauth AS reqs
Resolves: #1363690

[1.14.1-25]

Fix bad debug_log() call in selinux handling
Resolves: #1292153

[1.14.1-24]

Fix KKDCPP with TLS SNI by always presenting 'Host:' header
Resolves: #1364993

[1.14.1-23]

Add dependency on libkadm5 to krb5-devel
Resolves: #1347403

[1.14.1-22]

Builders have new version of mock; adapt.
Resolves: #1290239

[1.14.1-21]

Fix CVE-2016-3120
Resolves: #1361504

[1.14.1-20]

Make version dependencies on libkadm5 more explicit to appease rpmdiff
Resolves: #1347403

[1.14.1-19]

Add in upstream version of kprop port and tests
Resolves: #1292795

[1.14.1-18]

Fix incorrect recv() size calculation in libkrad
Resolves: #1349042

[1.14.1-17]

Separate out the kadm5 libs
Resolves: #1347403

[1.14.1-16]

Fix kprop/iprop handling of default realm
Fix t_kprop.py
Resolves: #1290561
Resolves: #1302967
Resolves: #1292795

[1.14.1-15]

Fix SPNEGO with NTLM to conform to MS-SPNG section 3.3.5.1
Resolves: #1341726

[1.14.1-14]

Do not indicate depricated mechanisms when requested
Resolves: #1293908

[1.14.1-13]

Fix OTP module incorrectly overwriting as_key
Resolves: #1340304

[1.14.1-12]

Fix CVE-2016-3119 (LDAP NULL dereference)
Resolves: #1339562

[1.14.1-11]

Make ksu not ask for password without -n
Resolves: #1247261

[1.14.1-10]

Frob kadm5 soname version so that the rebase does not break things
Resolves: #1292153

[1.14.1-9]

Revamp selinux patch to not leak memory
Resolves: #1313457

[1.14.1-8]

Add snippet support in /etc/krb5.conf.d
Resolves: #1146945

[1.14.1-7]

Skip unnecessary mech calls in gss_inquire_cred
Resolves: #1314493

[1.14.1-6]

Fix impersonate_name to work with interposers
Resolves: #1284987

[1.14.1-5]

Fix change tracking of krb5.conf
Resolves: #1208243

[1.14.1-4]

Ensure log files are not world-readable
Resolves: #1256735

[1.14.1-3]

Clean up initscript handling in spec file
Resolves: #1283902
Resolves: #1183058

[1.14.1-2]

Backport spec file changes from Fedora
Resolves: #1290239

[1.14.1-1]

Rebase to new upstream version 1.14.1
Remove pax logic
Resolves: #1292153
Resolves: #1135427
Resolves: #1265509
Resolves: #1265510
Resolves: #1296241

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

krb5-devel

1.14.1-26.el7

krb5-libs

1.14.1-26.el7

krb5-pkinit

1.14.1-26.el7

krb5-server

1.14.1-26.el7

krb5-server-ldap

1.14.1-26.el7

krb5-workstation

1.14.1-26.el7

libkadm5

1.14.1-26.el7

Связанные CVE

CVE-2016-3120

CVE-2016-3119

Ссылки на источники

Связанные уязвимости

CVE-2016-3120

CVSS3: 6.5

ubuntu

около 9 лет назад

The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.

CVE-2016-3120

CVSS3: 5.3

redhat

около 9 лет назад

CVE-2016-3120

CVSS3: 6.5

nvd

около 9 лет назад

CVE-2016-3120

CVSS3: 6.5

debian

около 9 лет назад

The validate_as_request function in kdc_util.c in the Key Distribution ...

CVE-2016-3119

CVSS3: 5.3

ubuntu

больше 9 лет назад

The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.