Mageia alert MGASA-2013-0087 (krb5)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2013-0087: krb5-1.9.2-2.4.mga2 (2/core) 
Date:
    	     
 
Sat, 9 Mar 2013 01:49:45 +0100
Message-ID:
    	     
 
<20130309004945.GA28660@valstar.mageia.org>

MGASA-2013-0087
Date:	March 9rd, 2013
Affected releases:	2
Media:	Core

Description:
Updated krb5 packages fix security vulnerability:

It was reported that the KDC plugin for PKINIT could dereference a NULL
pointer when a malformed packet caused processing to terminate early,
which led to a crash of the KDC process. An attacker would require a valid
PKINIT certificate or have observed a successful PKINIT authentication to
execute a successful attack. In addition, an unauthenticated attacker could
execute the attack of anonymouse PKINIT was enabled (CVE-2013-1415).

Updated Packages:
i586:
krb5-1.9.2-2.4.mga2.i586 
libkrb53-devel-1.9.2-2.4.mga2.i586 
libkrb53-1.9.2-2.4.mga2.i586
krb5-workstation-1.9.2-2.4.mga2.i586
krb5-server-ldap-1.9.2-2.4.mga2.i586
krb5-server-1.9.2-2.4.mga2.i586


x86_64:
lib64krb53-1.9.2-2.4.mga2.x86_64
krb5-server-1.9.2-2.4.mga2.x86_64
krb5-workstation-1.9.2-2.4.mga2.x86_64
krb5-1.9.2-2.4.mga2.x86_64
lib64krb53-devel-1.9.2-2.4.mga2.x86_64
krb5-pkinit-openssl-1.9.2-2.4.mga2.x86_64
krb5-server-ldap-1.9.2-2.4.mga2.x86_64

SRPMS:
krb5-1.9.2-2.4.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1415
http://web.mit.edu/kerberos/krb5-1.11/
https://bugzilla.redhat.com/show_bug.cgi?id=914749
https://bugs.mageia.org/show_bug.cgi?id=9226
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...