[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] [ MDVSA-2011:024 ] krb5
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] [ MDVSA-2011:024 ] krb5
- From: security@xxxxxxxxxxxx
- Date: Wed, 09 Feb 2011 17:15:01 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:024
http://www.mandriva.com/security/
_______________________________________________________________________
Package : krb5
Date : January 9, 2011
Affected: 2009.0, 2010.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities were discovered and corrected in krb5:
The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable
to denial of service attacks from unauthenticated remote attackers
(CVE-2011-0281, CVE-2011-0282).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0282
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
a19b45095a4c3a3325a23a98c9b62123
2009.0/i586/ftp-client-krb5-1.6.3-6.7mdv2009.0.i586.rpm
62ee1d7005c6fecc20f43d50773a8ab0
2009.0/i586/ftp-server-krb5-1.6.3-6.7mdv2009.0.i586.rpm
4a670066b022ca0d1e780e535b5dad34 2009.0/i586/krb5-1.6.3-6.7mdv2009.0.i586.rpm
27479079f1205258ebf1a95cde9c72c4
2009.0/i586/krb5-server-1.6.3-6.7mdv2009.0.i586.rpm
2b8bc1f146ae12947eb0d66571e71b6c
2009.0/i586/krb5-workstation-1.6.3-6.7mdv2009.0.i586.rpm
19fdf51bf9e901e42f59ca9e6e98f467
2009.0/i586/libkrb53-1.6.3-6.7mdv2009.0.i586.rpm
d605d6a2482a43395f7099900bff82f2
2009.0/i586/libkrb53-devel-1.6.3-6.7mdv2009.0.i586.rpm
462f1389fe4095a4c4f0f6207672f2f3
2009.0/i586/telnet-client-krb5-1.6.3-6.7mdv2009.0.i586.rpm
296db9f5769dde078cb94e6e0d82095a
2009.0/i586/telnet-server-krb5-1.6.3-6.7mdv2009.0.i586.rpm
2bad38c6316246a6dc19064862355946 2009.0/SRPMS/krb5-1.6.3-6.7mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
874d1f1e9d08f0fd037dafb02f27e25a
2009.0/x86_64/ftp-client-krb5-1.6.3-6.7mdv2009.0.x86_64.rpm
809e11d3f613310a554cc410b265340a
2009.0/x86_64/ftp-server-krb5-1.6.3-6.7mdv2009.0.x86_64.rpm
1cba00d3b76c822327e475f65b8eb297
2009.0/x86_64/krb5-1.6.3-6.7mdv2009.0.x86_64.rpm
2cec696b37dca1c6838f22e6d15be960
2009.0/x86_64/krb5-server-1.6.3-6.7mdv2009.0.x86_64.rpm
2e5224b06920992dd089155524f59a84
2009.0/x86_64/krb5-workstation-1.6.3-6.7mdv2009.0.x86_64.rpm
cc71b41dd2694b64ae0bd0a29f5901ae
2009.0/x86_64/lib64krb53-1.6.3-6.7mdv2009.0.x86_64.rpm
570353d6ce78ce9df326002439caec90
2009.0/x86_64/lib64krb53-devel-1.6.3-6.7mdv2009.0.x86_64.rpm
fac2a3ec4699ea5468edd525581c176c
2009.0/x86_64/telnet-client-krb5-1.6.3-6.7mdv2009.0.x86_64.rpm
c6101ff519432a473fe54813dee91920
2009.0/x86_64/telnet-server-krb5-1.6.3-6.7mdv2009.0.x86_64.rpm
2bad38c6316246a6dc19064862355946 2009.0/SRPMS/krb5-1.6.3-6.7mdv2009.0.src.rpm
Mandriva Linux 2010.0:
d5b2da171f65a6b7ac3e60e01e4d1712
2010.0/i586/ftp-client-krb5-1.6.3-10.5mdv2010.0.i586.rpm
27ae96d163768f10187a40eca4f754d2
2010.0/i586/ftp-server-krb5-1.6.3-10.5mdv2010.0.i586.rpm
498c4f101072718c07c2b7639d9d814d 2010.0/i586/krb5-1.6.3-10.5mdv2010.0.i586.rpm
afdbc93b50cb27f0cede08efc9e3bc61
2010.0/i586/krb5-server-1.6.3-10.5mdv2010.0.i586.rpm
6f8b0b82cb75fdf87f25eb123a65fdcf
2010.0/i586/krb5-workstation-1.6.3-10.5mdv2010.0.i586.rpm
4273fddffc5937d7b026051eb7078a6d
2010.0/i586/libkrb53-1.6.3-10.5mdv2010.0.i586.rpm
65b924acbef7b5c7d1c5cfee4b050f89
2010.0/i586/libkrb53-devel-1.6.3-10.5mdv2010.0.i586.rpm
1c2d6cbdcffb7a34fb8ad3771d5ca037
2010.0/i586/telnet-client-krb5-1.6.3-10.5mdv2010.0.i586.rpm
3b562494dcadb73e4b92ce1f3e028c82
2010.0/i586/telnet-server-krb5-1.6.3-10.5mdv2010.0.i586.rpm
ba422d1791aa61edbd91c90e544e216b 2010.0/SRPMS/krb5-1.6.3-10.5mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
893e5137d26a641a661495f8faa9d0f5
2010.0/x86_64/ftp-client-krb5-1.6.3-10.5mdv2010.0.x86_64.rpm
086f6d9a7614e866c813da5d3d92fde7
2010.0/x86_64/ftp-server-krb5-1.6.3-10.5mdv2010.0.x86_64.rpm
3402310b1f1717057f09ee11985d4aa6
2010.0/x86_64/krb5-1.6.3-10.5mdv2010.0.x86_64.rpm
e0ec3c4ef7ac973fa938152aaaf53a29
2010.0/x86_64/krb5-server-1.6.3-10.5mdv2010.0.x86_64.rpm
499e66ced99df6f4bc037abccb80e025
2010.0/x86_64/krb5-workstation-1.6.3-10.5mdv2010.0.x86_64.rpm
125db3395bdf7efeaccf1316e6ed82d3
2010.0/x86_64/lib64krb53-1.6.3-10.5mdv2010.0.x86_64.rpm
e76d507737e1f700a1525465e0521ddd
2010.0/x86_64/lib64krb53-devel-1.6.3-10.5mdv2010.0.x86_64.rpm
445d12b6d5a017d1d7be171c405177e6
2010.0/x86_64/telnet-client-krb5-1.6.3-10.5mdv2010.0.x86_64.rpm
4f70e288a102af2b67738fad436715fc
2010.0/x86_64/telnet-server-krb5-1.6.3-10.5mdv2010.0.x86_64.rpm
ba422d1791aa61edbd91c90e544e216b 2010.0/SRPMS/krb5-1.6.3-10.5mdv2010.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNUo9BmqjQ0CJFipgRAmMoAKDFB46juPm6JexkKwC8TD5inxiIrQCfRra9
+o6dlSIfW5r4AX2DNw/cjdA=
=R4xv
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/