Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2010:100 ] krb5
From: security () mandriva com
Date: Wed, 19 May 2010 17:28:01 +0200


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:100
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : krb5
 Date    : May 19, 2010
 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
           Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in krb5:
 
 Certain invalid GSS-API tokens can cause a GSS-API acceptor (server)
 to crash due to a null pointer dereference in the GSS-API library
 (CVE-2010-1321).
 
 Packages for 2008.0 and 2009.0 are provided due to the Extended
 Maintenance Program for those products.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321
 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 2520c8f32483e397282d8efc9f7a9575  2008.0/i586/ftp-client-krb5-1.6.2-7.6mdv2008.0.i586.rpm
 22b32fc5f9baca5e11e6732bc1fa915b  2008.0/i586/ftp-server-krb5-1.6.2-7.6mdv2008.0.i586.rpm
 d393113b6af975d0b39fe9a4d65cf7e8  2008.0/i586/krb5-1.6.2-7.6mdv2008.0.i586.rpm
 e33072b8a3b6224f5aecf7011218cd1f  2008.0/i586/krb5-server-1.6.2-7.6mdv2008.0.i586.rpm
 0c9f8c605686f6520bf2478ae25bb105  2008.0/i586/krb5-workstation-1.6.2-7.6mdv2008.0.i586.rpm
 4792b7d9585bb91f4143848160831459  2008.0/i586/libkrb53-1.6.2-7.6mdv2008.0.i586.rpm
 6108a96de40deaad64893aaec2e9169b  2008.0/i586/libkrb53-devel-1.6.2-7.6mdv2008.0.i586.rpm
 6647c6d8323324f4f89c8e15f5abc184  2008.0/i586/telnet-client-krb5-1.6.2-7.6mdv2008.0.i586.rpm
 e3f73dd8b66154eef8df85f068f45a32  2008.0/i586/telnet-server-krb5-1.6.2-7.6mdv2008.0.i586.rpm 
 462548c305077345e9cca8cea9b2e07c  2008.0/SRPMS/krb5-1.6.2-7.6mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 4169daff665cacc305b2e4460ae34b8b  2008.0/x86_64/ftp-client-krb5-1.6.2-7.6mdv2008.0.x86_64.rpm
 5ffc8e8939414ec5fc44408ae5a3263e  2008.0/x86_64/ftp-server-krb5-1.6.2-7.6mdv2008.0.x86_64.rpm
 70ef16ef90a1e8d1c061f68126b99695  2008.0/x86_64/krb5-1.6.2-7.6mdv2008.0.x86_64.rpm
 51a7698ce79eee2017ba11e8fa710a5a  2008.0/x86_64/krb5-server-1.6.2-7.6mdv2008.0.x86_64.rpm
 a8e4fc325e3d603895651e6f8b6faacb  2008.0/x86_64/krb5-workstation-1.6.2-7.6mdv2008.0.x86_64.rpm
 807b5d4e6f97715f54ccf7de0234277c  2008.0/x86_64/lib64krb53-1.6.2-7.6mdv2008.0.x86_64.rpm
 1574a131535b6f7daed77b9d75335d5f  2008.0/x86_64/lib64krb53-devel-1.6.2-7.6mdv2008.0.x86_64.rpm
 aedf0e161faaa2c697d9f389e1c6ccdd  2008.0/x86_64/telnet-client-krb5-1.6.2-7.6mdv2008.0.x86_64.rpm
 33921c3b9d483ee531637b85bdf2f9f7  2008.0/x86_64/telnet-server-krb5-1.6.2-7.6mdv2008.0.x86_64.rpm 
 462548c305077345e9cca8cea9b2e07c  2008.0/SRPMS/krb5-1.6.2-7.6mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 8348b4c0e2fcaeadf561d89a9bc30eff  2009.0/i586/ftp-client-krb5-1.6.3-6.5mdv2009.0.i586.rpm
 ec446d86c4d0ca38e6627d20a3b5b062  2009.0/i586/ftp-server-krb5-1.6.3-6.5mdv2009.0.i586.rpm
 bbf43873ea9b64c7d39e7ed3a3fe3af9  2009.0/i586/krb5-1.6.3-6.5mdv2009.0.i586.rpm
 bf03084dce6b6663eb8cace3d8f575ed  2009.0/i586/krb5-server-1.6.3-6.5mdv2009.0.i586.rpm
 c97d923cf9676702f61fa9abe7cc6d6e  2009.0/i586/krb5-workstation-1.6.3-6.5mdv2009.0.i586.rpm
 23879f2dc505a4b5e1cdd47c615dfbdc  2009.0/i586/libkrb53-1.6.3-6.5mdv2009.0.i586.rpm
 8d54be1d19731ee34c6151e354261ace  2009.0/i586/libkrb53-devel-1.6.3-6.5mdv2009.0.i586.rpm
 a14c815a5ee87e3d93dc9df1775e0d28  2009.0/i586/telnet-client-krb5-1.6.3-6.5mdv2009.0.i586.rpm
 868455eb75ec804f5355b0be763e9857  2009.0/i586/telnet-server-krb5-1.6.3-6.5mdv2009.0.i586.rpm 
 548a22a46ab58c305f1a2f3ccbe45605  2009.0/SRPMS/krb5-1.6.3-6.5mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 ffb2cc7d487b28f298d83f41cb5042cd  2009.0/x86_64/ftp-client-krb5-1.6.3-6.5mdv2009.0.x86_64.rpm
 d003a3957d8a93f81ec3e8c408d41aed  2009.0/x86_64/ftp-server-krb5-1.6.3-6.5mdv2009.0.x86_64.rpm
 1cfc7fb186531bc674485b831f65e99e  2009.0/x86_64/krb5-1.6.3-6.5mdv2009.0.x86_64.rpm
 2ba9ee4fa6fee4dbb356cc8d2e2e1caa  2009.0/x86_64/krb5-server-1.6.3-6.5mdv2009.0.x86_64.rpm
 55b750acf97f15ebcc005c587635d658  2009.0/x86_64/krb5-workstation-1.6.3-6.5mdv2009.0.x86_64.rpm
 76d3c4a434f9551be3623eabd051105e  2009.0/x86_64/lib64krb53-1.6.3-6.5mdv2009.0.x86_64.rpm
 ea7072c168ef6b8726bb9d6956aa8d10  2009.0/x86_64/lib64krb53-devel-1.6.3-6.5mdv2009.0.x86_64.rpm
 c470271cb9895c4733561b6084c46399  2009.0/x86_64/telnet-client-krb5-1.6.3-6.5mdv2009.0.x86_64.rpm
 2e8a9f79a7a8821bd313e74f915e5dfa  2009.0/x86_64/telnet-server-krb5-1.6.3-6.5mdv2009.0.x86_64.rpm 
 548a22a46ab58c305f1a2f3ccbe45605  2009.0/SRPMS/krb5-1.6.3-6.5mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 0461fef49b6e6990c6351421c7b49400  2009.1/i586/ftp-client-krb5-1.6.3-9.3mdv2009.1.i586.rpm
 2079c269a882a5d217c93f0a7d0a3f2e  2009.1/i586/ftp-server-krb5-1.6.3-9.3mdv2009.1.i586.rpm
 26d7cce15de17218237f99a98a156d3e  2009.1/i586/krb5-1.6.3-9.3mdv2009.1.i586.rpm
 5809edeb53147ad4ac807637d5ce77ca  2009.1/i586/krb5-server-1.6.3-9.3mdv2009.1.i586.rpm
 0ebf738e81cd9539f9806e561a002f6b  2009.1/i586/krb5-workstation-1.6.3-9.3mdv2009.1.i586.rpm
 dae6d71e81fee5f6f4908d10e1e33ad7  2009.1/i586/libkrb53-1.6.3-9.3mdv2009.1.i586.rpm
 238c953aff7ff92287f4cc9b99ceafd7  2009.1/i586/libkrb53-devel-1.6.3-9.3mdv2009.1.i586.rpm
 74f7d4c3b8312a8a8cebbd0afb08276b  2009.1/i586/telnet-client-krb5-1.6.3-9.3mdv2009.1.i586.rpm
 550b2308d05d74a4e001e59093582c36  2009.1/i586/telnet-server-krb5-1.6.3-9.3mdv2009.1.i586.rpm 
 a831559162fce01ef507fc1feb73e9a3  2009.1/SRPMS/krb5-1.6.3-9.3mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 f9aaff955bfe4b09cd719b53ef578154  2009.1/x86_64/ftp-client-krb5-1.6.3-9.3mdv2009.1.x86_64.rpm
 8e9a4eaa2d4472912de043b703f787fa  2009.1/x86_64/ftp-server-krb5-1.6.3-9.3mdv2009.1.x86_64.rpm
 b819737bd6ecb850192af853056c336d  2009.1/x86_64/krb5-1.6.3-9.3mdv2009.1.x86_64.rpm
 fa2ff36617c3bd6354fd9abb57a72fb0  2009.1/x86_64/krb5-server-1.6.3-9.3mdv2009.1.x86_64.rpm
 132df6e2791be5e227020c3cacbad37c  2009.1/x86_64/krb5-workstation-1.6.3-9.3mdv2009.1.x86_64.rpm
 7896f2aad05f97b3810609f741d740d6  2009.1/x86_64/lib64krb53-1.6.3-9.3mdv2009.1.x86_64.rpm
 420acd75c5f1fb967e4e44fbcac421a9  2009.1/x86_64/lib64krb53-devel-1.6.3-9.3mdv2009.1.x86_64.rpm
 d5bbeb4daa9ed044dadb66fbd6041ead  2009.1/x86_64/telnet-client-krb5-1.6.3-9.3mdv2009.1.x86_64.rpm
 9e4c89357ffa2cb57f13016463162103  2009.1/x86_64/telnet-server-krb5-1.6.3-9.3mdv2009.1.x86_64.rpm 
 a831559162fce01ef507fc1feb73e9a3  2009.1/SRPMS/krb5-1.6.3-9.3mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 4f33d6e1a070ddc10a1193a575d2c62a  2010.0/i586/ftp-client-krb5-1.6.3-10.3mdv2010.0.i586.rpm
 291f4429160419c3db509469a7886125  2010.0/i586/ftp-server-krb5-1.6.3-10.3mdv2010.0.i586.rpm
 37931a40e27fefa202d794880f352b84  2010.0/i586/krb5-1.6.3-10.3mdv2010.0.i586.rpm
 04897cc980635327d46e7318a0342f90  2010.0/i586/krb5-server-1.6.3-10.3mdv2010.0.i586.rpm
 ab418fa061a440f6ac044edf15101df6  2010.0/i586/krb5-workstation-1.6.3-10.3mdv2010.0.i586.rpm
 674a6102c46b7126eb5c73d7872c3cc3  2010.0/i586/libkrb53-1.6.3-10.3mdv2010.0.i586.rpm
 210e2ac26cdd2d28349245677218a01b  2010.0/i586/libkrb53-devel-1.6.3-10.3mdv2010.0.i586.rpm
 b400e04778bb788dc33970b01b4c137e  2010.0/i586/telnet-client-krb5-1.6.3-10.3mdv2010.0.i586.rpm
 da8114785174c01dceeab63359822b68  2010.0/i586/telnet-server-krb5-1.6.3-10.3mdv2010.0.i586.rpm 
 9c68770f7cf1e801cfd2a3bb48fa3bf9  2010.0/SRPMS/krb5-1.6.3-10.3mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 607227ab277d30a67b0f04e00fac6beb  2010.0/x86_64/ftp-client-krb5-1.6.3-10.3mdv2010.0.x86_64.rpm
 4894ebd2a03755a100dd4b28e6dc75e9  2010.0/x86_64/ftp-server-krb5-1.6.3-10.3mdv2010.0.x86_64.rpm
 33051fb650eb78d70311f0fd0da690bd  2010.0/x86_64/krb5-1.6.3-10.3mdv2010.0.x86_64.rpm
 b5e1a5dbdfcbb509713edce5531e5ec3  2010.0/x86_64/krb5-server-1.6.3-10.3mdv2010.0.x86_64.rpm
 e21919b8244a99334c41ce17afed4e07  2010.0/x86_64/krb5-workstation-1.6.3-10.3mdv2010.0.x86_64.rpm
 367f9dffd8fd57422de1e6a5163d4ba1  2010.0/x86_64/lib64krb53-1.6.3-10.3mdv2010.0.x86_64.rpm
 898754305b0ac980809a35c69b40976a  2010.0/x86_64/lib64krb53-devel-1.6.3-10.3mdv2010.0.x86_64.rpm
 02b52ef9de658a117e103b97f41277f3  2010.0/x86_64/telnet-client-krb5-1.6.3-10.3mdv2010.0.x86_64.rpm
 deb44c8ba11b4d53a88f25c5fcb79001  2010.0/x86_64/telnet-server-krb5-1.6.3-10.3mdv2010.0.x86_64.rpm 
 9c68770f7cf1e801cfd2a3bb48fa3bf9  2010.0/SRPMS/krb5-1.6.3-10.3mdv2010.0.src.rpm

 Corporate 4.0:
 439079e5d3ebb2297761880598e8d8bb  corporate/4.0/i586/ftp-client-krb5-1.4.3-5.9.20060mlcs4.i586.rpm
 365c4b8b5a82875a5c8bd129b399734a  corporate/4.0/i586/ftp-server-krb5-1.4.3-5.9.20060mlcs4.i586.rpm
 dc1f6e63f3aaa284212e8aa7ddb6f6b0  corporate/4.0/i586/krb5-server-1.4.3-5.9.20060mlcs4.i586.rpm
 9586f6e33e57a4c3f1c347b86f9c70c4  corporate/4.0/i586/krb5-workstation-1.4.3-5.9.20060mlcs4.i586.rpm
 b49c574d86c42a0085a54b236aced5b6  corporate/4.0/i586/libkrb53-1.4.3-5.9.20060mlcs4.i586.rpm
 ae348bc8ff358a87f44aa026b2484713  corporate/4.0/i586/libkrb53-devel-1.4.3-5.9.20060mlcs4.i586.rpm
 4aac082d59cc3489b374b00ebded127a  corporate/4.0/i586/telnet-client-krb5-1.4.3-5.9.20060mlcs4.i586.rpm
 af304d77c7495a826fdac206d7496b12  corporate/4.0/i586/telnet-server-krb5-1.4.3-5.9.20060mlcs4.i586.rpm 
 8fe0d91a46de9233e71234b6032dc214  corporate/4.0/SRPMS/krb5-1.4.3-5.9.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 9fc7ce52541dfacaeee5fc0455865ae5  corporate/4.0/x86_64/ftp-client-krb5-1.4.3-5.9.20060mlcs4.x86_64.rpm
 3a12cba54fb121a23cab340379e77fd5  corporate/4.0/x86_64/ftp-server-krb5-1.4.3-5.9.20060mlcs4.x86_64.rpm
 5dc163e2745b11ecef99569c77ff06f5  corporate/4.0/x86_64/krb5-server-1.4.3-5.9.20060mlcs4.x86_64.rpm
 8a037d6178e0bdb9bceca59bc8b8d851  corporate/4.0/x86_64/krb5-workstation-1.4.3-5.9.20060mlcs4.x86_64.rpm
 20f86152565bafc44b052ea4e2facedf  corporate/4.0/x86_64/lib64krb53-1.4.3-5.9.20060mlcs4.x86_64.rpm
 74730d4716f994493f2488b5a906d31b  corporate/4.0/x86_64/lib64krb53-devel-1.4.3-5.9.20060mlcs4.x86_64.rpm
 b8fe0bb902f9bf5edbdcf84301b0ecc7  corporate/4.0/x86_64/telnet-client-krb5-1.4.3-5.9.20060mlcs4.x86_64.rpm
 dc82c7658d75c7bb3f5f929f426d32d7  corporate/4.0/x86_64/telnet-server-krb5-1.4.3-5.9.20060mlcs4.x86_64.rpm 
 8fe0d91a46de9233e71234b6032dc214  corporate/4.0/SRPMS/krb5-1.4.3-5.9.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 450f4f0744f09403449067e4d723b4f8  mes5/i586/ftp-client-krb5-1.6.3-6.5mdvmes5.1.i586.rpm
 961588fc63027b180aaadf5e3142ba30  mes5/i586/ftp-server-krb5-1.6.3-6.5mdvmes5.1.i586.rpm
 d9703f6bfdcbb1145fa426b43cc66933  mes5/i586/krb5-1.6.3-6.5mdvmes5.1.i586.rpm
 ddd5d23707c5962eae2c8b5b64cb9941  mes5/i586/krb5-server-1.6.3-6.5mdvmes5.1.i586.rpm
 8c1f6fca8be6b41a9dc117e2b92602f5  mes5/i586/krb5-workstation-1.6.3-6.5mdvmes5.1.i586.rpm
 d0e4e1e49866342c5d3b1872e7839004  mes5/i586/libkrb53-1.6.3-6.5mdvmes5.1.i586.rpm
 a470b862aab815bd5b15f9805bb1c9c4  mes5/i586/libkrb53-devel-1.6.3-6.5mdvmes5.1.i586.rpm
 395f721ca339c7788fb7c6cf4bb24992  mes5/i586/telnet-client-krb5-1.6.3-6.5mdvmes5.1.i586.rpm
 b788c681f33d6453577a62ec96ac77fa  mes5/i586/telnet-server-krb5-1.6.3-6.5mdvmes5.1.i586.rpm 
 d53598acef53207817d160e0e0d7f3c0  mes5/SRPMS/krb5-1.6.3-6.5mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 086ec6ed1c4fbc4889a0d44dfb6f1343  mes5/x86_64/ftp-client-krb5-1.6.3-6.5mdvmes5.1.x86_64.rpm
 8db64a3244be34c8d22c4768d974b615  mes5/x86_64/ftp-server-krb5-1.6.3-6.5mdvmes5.1.x86_64.rpm
 7fb5a7cd740c8a92bc6f689ec359b032  mes5/x86_64/krb5-1.6.3-6.5mdvmes5.1.x86_64.rpm
 88b4670b643991dab5fd43744f0e273f  mes5/x86_64/krb5-server-1.6.3-6.5mdvmes5.1.x86_64.rpm
 5d7ef6681adefcb41097b1dd3b69c3a7  mes5/x86_64/krb5-workstation-1.6.3-6.5mdvmes5.1.x86_64.rpm
 1e579a1776641d9c17fcecfbeb0848ad  mes5/x86_64/lib64krb53-1.6.3-6.5mdvmes5.1.x86_64.rpm
 fcd9991a3e00e8dda9a042d1a9bf6d45  mes5/x86_64/lib64krb53-devel-1.6.3-6.5mdvmes5.1.x86_64.rpm
 49c49b4fc7cd1a61cdbcbe9e9a68e5d5  mes5/x86_64/telnet-client-krb5-1.6.3-6.5mdvmes5.1.x86_64.rpm
 110ef8e1fee86869ab57cdc703923efa  mes5/x86_64/telnet-server-krb5-1.6.3-6.5mdvmes5.1.x86_64.rpm 
 d53598acef53207817d160e0e0d7f3c0  mes5/SRPMS/krb5-1.6.3-6.5mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFL89HamqjQ0CJFipgRAl7cAKCBY7ftHoN15da08Q5S0k+FSj4hGQCglEu1
jAu7N43nMyjWj0m/AchwC3o=
=li8R
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2010:100 ] krb5 security (May 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault