| |||||||||||||||||||
Mageia alert MGASA-2012-0178 (krb5)
MGASA-2012-0178 Date: July 24th, 2012 Affected releases: 1, 2 Description: Updated krb5 packages fix security vulnerabilities: The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password (CVE-2012-1013). Additionally, the paths to the principal database and kpropd access list in the kadmin and kpropd init scripts have been fixed. Finally, the paths to the rsh and rlogin commands used by krsh and krlogin were fixed in the krb5-appl-clients package on Mageia 2. Updated Packages: Mageia 1: krb5-1.8.3-5.3.mga1 krb5-pkinit-openssl-1.8.3-5.3.mga1 krb5-server-1.8.3-5.3.mga1 krb5-server-ldap-1.8.3-5.3.mga1 krb5-workstation-1.8.3-5.3.mga1 lib(64)krb53-1.8.3-5.3.mga1 lib(64)krb53-devel-1.8.3-5.3.mga1 Mageia 2: krb5-1.9.2-2.2.mga2 krb5-pkinit-openssl-1.9.2-2.2.mga2 krb5-server-1.9.2-2.2.mga2 krb5-server-ldap-1.9.2-2.2.mga2 krb5-workstation-1.9.2-2.2.mga2 lib(64)krb53-1.9.2-2.2.mga2 lib(64)krb53-devel-1.9.2-2.2.mga2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1013 http://lists.fedoraproject.org/pipermail/package-announce... https://bugs.mageia.org/show_bug.cgi?id=6469 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-... (Log in to post comments)
|
|||||||||||||||||||