Pardus alert 2011-48 (mit-kerberos)

From:
    	       Meltem Parmaksız <meltem@pardus.org.tr> 
To:
    	       pardus-security@pardus.org.tr 
Subject:
    	       [Pardus-security] [PLSA 2011-48] Mit-Kerberos: Multiple
	Vulnerabilities 
Date:
    	       Mon, 28 Feb 2011 13:15:48 +0200
Message-ID:
    	       <201102281315.48728.meltem@pardus.org.tr>

------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-48            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-02-28
  Severity: 3
      Type: Remote
------------------------------------------------------------------------

Summary
=======

Multiple vulnerabilities have been fixed in mit-kerberos, which can  be 
exploited by malicious people to cause a denial of service. 

Description
===========

CVE-2011-0281 : 

The unparse implementation in the Key Distribution Center (KDC) in  MIT 
Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is  used, 
allows remote attackers to cause a denial of service  (file  descriptor 
exhaustion and daemon 

hang) via a principal name that triggers  use  of  a  backslash  escape 
sequence, as demonstrated by a \n sequence. 

CVE-2011-0282 : 

The Key Distribution Center (KDC) in MIT Kerberos 5  (aka  krb5)  1.6.x 
through 1.9, when an LDAP backend is used, allows remote  attackers  to 
cause a denial of service (NULL pointer dereference or buffer over-read,
and daemon crash) via a 

crafted principal name. 

Affected packages:

  Pardus 2009:
    mit-kerberos, all before 1.6.3-19-10
  Pardus 2011:
    mit-kerberos, all before 1.7.1-23-p11

Resolution
==========

There are update(s) for mit-kerberos. You can update them  via  Package 
Manager or with a single command from console: 

  Pardus 2009:
    pisi up mit-kerberos

  Pardus 2011:
    pisi up mit-kerberos

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=16875
  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0281
  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0282
  * http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-00...

------------------------------------------------------------------------
_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security

From:		Meltem Parmaksız <meltem@pardus.org.tr>
To:		pardus-security@pardus.org.tr
Subject:		[Pardus-security] [PLSA 2011-48] Mit-Kerberos: Multiple Vulnerabilities
Date:		Mon, 28 Feb 2011 13:15:48 +0200
Message-ID:		<201102281315.48728.meltem@pardus.org.tr>