To: [email protected]Subject: [ MDVSA-2009:082 ] krb5
Date: Mon, 30 Mar 2009 17:11:01 +0200
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1LoJ8f-00018b-Hl@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:082
http://www.mandriva.com/security/
_______________________________________________________________________
Package : krb5
Date : March 30, 2009
Affected: 2008.0, 2008.1, 2009.0
_______________________________________________________________________
Problem Description:
The spnego_gss_accept_sec_context function in
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.6.3,
when SPNEGO is used, allows remote attackers to cause a denial of
service (NULL pointer dereference and application crash) via invalid
ContextFlags data in the reqFlags field in a negTokenInit token
(CVE-2009-0845).
This update provides the fix for that security issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0845
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
5ce18c7f810209979b0d670c989fcdc2 2008.0/i586/ftp-client-krb5-1.6.2-7.2mdv2008.0.i586.rpm
6d58576196a55749c3bdd7157a2ba7e9 2008.0/i586/ftp-server-krb5-1.6.2-7.2mdv2008.0.i586.rpm
9b14295be74bcd2e8ca158703fe574af 2008.0/i586/krb5-1.6.2-7.2mdv2008.0.i586.rpm
c6b9a9720d60df5fccb5811e7be1350a 2008.0/i586/krb5-server-1.6.2-7.2mdv2008.0.i586.rpm
f0ab1b71b472dee0c7c7d9af32f9fe6e 2008.0/i586/krb5-workstation-1.6.2-7.2mdv2008.0.i586.rpm
aec6870df99ff689b0e34e94878bd62e 2008.0/i586/libkrb53-1.6.2-7.2mdv2008.0.i586.rpm
5d3cc34a120ab4e0d5e796ef2cc85e02 2008.0/i586/libkrb53-devel-1.6.2-7.2mdv2008.0.i586.rpm
7efb86a61cd8ce6f16f1df14b05fb76f 2008.0/i586/telnet-client-krb5-1.6.2-7.2mdv2008.0.i586.rpm
5798de6ed5b7e418cc66e863c9d1c25d 2008.0/i586/telnet-server-krb5-1.6.2-7.2mdv2008.0.i586.rpm
4499bdc87bba4214f3a3e50675ad6ce1 2008.0/SRPMS/krb5-1.6.2-7.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
c258b4f264fa004e755c90c4ec03ecd5 2008.0/x86_64/ftp-client-krb5-1.6.2-7.2mdv2008.0.x86_64.rpm
6b2582771b5d8c46041b85451b8f70f4 2008.0/x86_64/ftp-server-krb5-1.6.2-7.2mdv2008.0.x86_64.rpm
0728d70f5053343781ee4d216e6080fa 2008.0/x86_64/krb5-1.6.2-7.2mdv2008.0.x86_64.rpm
08e7f28f6fd18c9cbe613d0785239390 2008.0/x86_64/krb5-server-1.6.2-7.2mdv2008.0.x86_64.rpm
f03416152ba0487939fdbc23b60ee054 2008.0/x86_64/krb5-workstation-1.6.2-7.2mdv2008.0.x86_64.rpm
fd5d56e93430c0a15ba87dd7950eed28 2008.0/x86_64/lib64krb53-1.6.2-7.2mdv2008.0.x86_64.rpm
3d34e20016be66d98601fa03652ab523 2008.0/x86_64/lib64krb53-devel-1.6.2-7.2mdv2008.0.x86_64.rpm
cc07613f6e26f48701d8089a0f15056f 2008.0/x86_64/telnet-client-krb5-1.6.2-7.2mdv2008.0.x86_64.rpm
fa8776c1c3a70b301434937f5ba60c9d 2008.0/x86_64/telnet-server-krb5-1.6.2-7.2mdv2008.0.x86_64.rpm
4499bdc87bba4214f3a3e50675ad6ce1 2008.0/SRPMS/krb5-1.6.2-7.2mdv2008.0.src.rpm
Mandriva Linux 2008.1:
592aefb75780bf23b1b44f0a40b54da1 2008.1/i586/ftp-client-krb5-1.6.3-6.1mdv2008.1.i586.rpm
b21e7612f59bec538c68eacb4688d384 2008.1/i586/ftp-server-krb5-1.6.3-6.1mdv2008.1.i586.rpm
7abf7a73566130cbfc0bd4d25eb4596e 2008.1/i586/krb5-1.6.3-6.1mdv2008.1.i586.rpm
78a7dfeb9dc53cfa7e3bbee6250696d2 2008.1/i586/krb5-server-1.6.3-6.1mdv2008.1.i586.rpm
5471b67366a10ab5de61acfe68d683b1 2008.1/i586/krb5-workstation-1.6.3-6.1mdv2008.1.i586.rpm
9004c8d03615552f687f6f31292fa57e 2008.1/i586/libkrb53-1.6.3-6.1mdv2008.1.i586.rpm
0c0fd6e1aeb4839503d7dda0a167de83 2008.1/i586/libkrb53-devel-1.6.3-6.1mdv2008.1.i586.rpm
1770b94a6e97336541cd72daa2196b01 2008.1/i586/telnet-client-krb5-1.6.3-6.1mdv2008.1.i586.rpm
a8949f3aefe925ed5411198a7c7ec211 2008.1/i586/telnet-server-krb5-1.6.3-6.1mdv2008.1.i586.rpm
5d8ec12aeac32033ad66f977ea61f878 2008.1/SRPMS/krb5-1.6.3-6.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
229800b13b28dbd13b032e37032d9342 2008.1/x86_64/ftp-client-krb5-1.6.3-6.1mdv2008.1.x86_64.rpm
3aa80e2ce37b3d5892041314a37247f1 2008.1/x86_64/ftp-server-krb5-1.6.3-6.1mdv2008.1.x86_64.rpm
d582b216c833e422b10a884c8b6e82a4 2008.1/x86_64/krb5-1.6.3-6.1mdv2008.1.x86_64.rpm
a479750fc340e67888ce78b1774f26e1 2008.1/x86_64/krb5-server-1.6.3-6.1mdv2008.1.x86_64.rpm
a457722a46fad670369250761c2747ad 2008.1/x86_64/krb5-workstation-1.6.3-6.1mdv2008.1.x86_64.rpm
ce56dff13552bf9937577de0fa492f05 2008.1/x86_64/lib64krb53-1.6.3-6.1mdv2008.1.x86_64.rpm
e804e47ddad22d93bc3d5e792097f77c 2008.1/x86_64/lib64krb53-devel-1.6.3-6.1mdv2008.1.x86_64.rpm
618aba8252aed6b011c7e25836242a1b 2008.1/x86_64/telnet-client-krb5-1.6.3-6.1mdv2008.1.x86_64.rpm
acb8f57d05dff96485af9763684dead5 2008.1/x86_64/telnet-server-krb5-1.6.3-6.1mdv2008.1.x86_64.rpm
5d8ec12aeac32033ad66f977ea61f878 2008.1/SRPMS/krb5-1.6.3-6.1mdv2008.1.src.rpm
Mandriva Linux 2009.0:
d2cd9967a894064c2ff33e4c6970b296 2009.0/i586/ftp-client-krb5-1.6.3-6.1mdv2009.0.i586.rpm
b476eddeae5bb76df6b5091a2efa6bc8 2009.0/i586/ftp-server-krb5-1.6.3-6.1mdv2009.0.i586.rpm
1c3cfae7f5472af3c74f11ed62024496 2009.0/i586/krb5-1.6.3-6.1mdv2009.0.i586.rpm
cbbd5704c0bbc54d022d477185b70380 2009.0/i586/krb5-server-1.6.3-6.1mdv2009.0.i586.rpm
19bf11bf9967c1cdd62634cba5b11554 2009.0/i586/krb5-workstation-1.6.3-6.1mdv2009.0.i586.rpm
e55d4e80433f89c4b6a4f44102ab1393 2009.0/i586/libkrb53-1.6.3-6.1mdv2009.0.i586.rpm
6c4aa5674b0a4e0994161a41259d6329 2009.0/i586/libkrb53-devel-1.6.3-6.1mdv2009.0.i586.rpm
a12749b4bd1404fad9133e8be4a03092 2009.0/i586/telnet-client-krb5-1.6.3-6.1mdv2009.0.i586.rpm
ee48a33cc0415e1f7b8baa62c309a5a0 2009.0/i586/telnet-server-krb5-1.6.3-6.1mdv2009.0.i586.rpm
6b3cb2c6eba23f22c4fa5d641e1d732a 2009.0/SRPMS/krb5-1.6.3-6.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
91674ae49f677de9a3668387298e55c8 2009.0/x86_64/ftp-client-krb5-1.6.3-6.1mdv2009.0.x86_64.rpm
340778bb02e00f90e76a8607d70da274 2009.0/x86_64/ftp-server-krb5-1.6.3-6.1mdv2009.0.x86_64.rpm
06e071f10e53fa4dc98584e83e99f250 2009.0/x86_64/krb5-1.6.3-6.1mdv2009.0.x86_64.rpm
e1d71c1315d5c57372bb532849e99238 2009.0/x86_64/krb5-server-1.6.3-6.1mdv2009.0.x86_64.rpm
2c020178838c11639584e0cb78265d96 2009.0/x86_64/krb5-workstation-1.6.3-6.1mdv2009.0.x86_64.rpm
f1ff13e8ff000a60a57702c4030eb782 2009.0/x86_64/lib64krb53-1.6.3-6.1mdv2009.0.x86_64.rpm
bbd9d17d5c02468ce5e3dfe475a2daf0 2009.0/x86_64/lib64krb53-devel-1.6.3-6.1mdv2009.0.x86_64.rpm
71b14ba1165e4e792e7eaef511c83c14 2009.0/x86_64/telnet-client-krb5-1.6.3-6.1mdv2009.0.x86_64.rpm
17b7bd824ec891d873c5b80a36a6110e 2009.0/x86_64/telnet-server-krb5-1.6.3-6.1mdv2009.0.x86_64.rpm
6b3cb2c6eba23f22c4fa5d641e1d732a 2009.0/SRPMS/krb5-1.6.3-6.1mdv2009.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJ0LQpmqjQ0CJFipgRAk6vAKCQHY5us00M/4OiYtqtOlvsMF8jdwCgomXO
+I/aQe7vTBMt+TwYLkWTFOQ=
=OvhD
-----END PGP SIGNATURE-----