Mageia alert MGASA-2013-0087 (krb5) [LWN.net]


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2013-0087: krb5-1.9.2-2.4.mga2 (2/core) 
Date:
    	       Sat, 9 Mar 2013 01:49:45 +0100
Message-ID:
    	       <20130309004945.GA28660@valstar.mageia.org>
Archive-link:
    	       Article, Thread
              
MGASA-2013-0087
Date:	March 9rd, 2013
Affected releases:	2
Media:	Core

Description:
Updated krb5 packages fix security vulnerability:

It was reported that the KDC plugin for PKINIT could dereference a NULL
pointer when a malformed packet caused processing to terminate early,
which led to a crash of the KDC process. An attacker would require a valid
PKINIT certificate or have observed a successful PKINIT authentication to
execute a successful attack. In addition, an unauthenticated attacker could
execute the attack of anonymouse PKINIT was enabled (CVE-2013-1415).

Updated Packages:
i586:
krb5-1.9.2-2.4.mga2.i586 
libkrb53-devel-1.9.2-2.4.mga2.i586 
libkrb53-1.9.2-2.4.mga2.i586
krb5-workstation-1.9.2-2.4.mga2.i586
krb5-server-ldap-1.9.2-2.4.mga2.i586
krb5-server-1.9.2-2.4.mga2.i586


x86_64:
lib64krb53-1.9.2-2.4.mga2.x86_64
krb5-server-1.9.2-2.4.mga2.x86_64
krb5-workstation-1.9.2-2.4.mga2.x86_64
krb5-1.9.2-2.4.mga2.x86_64
lib64krb53-devel-1.9.2-2.4.mga2.x86_64
krb5-pkinit-openssl-1.9.2-2.4.mga2.x86_64
krb5-server-ldap-1.9.2-2.4.mga2.x86_64

SRPMS:
krb5-1.9.2-2.4.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1415
http://web.mit.edu/kerberos/krb5-1.11/
https://bugzilla.redhat.com/show_bug.cgi?id=914749
https://bugs.mageia.org/show_bug.cgi?id=9226
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...
(Log in to post comments)