BugTraq
[ MDVSA-2010:100 ] krb5 May 19 2010 03:28PM
security mandriva com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:100
http://www.mandriva.com/security/
_______________________________________________________________________

Package : krb5
Date : May 19, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in krb5:

Certain invalid GSS-API tokens can cause a GSS-API acceptor (server)
to crash due to a null pointer dereference in the GSS-API library
(CVE-2010-1321).

Packages for 2008.0 and 2009.0 are provided due to the Extended
Maintenance Program for those products.

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
2520c8f32483e397282d8efc9f7a9575 2008.0/i586/ftp-client-krb5-1.6.2-7.6mdv2008.0.i586.rpm
22b32fc5f9baca5e11e6732bc1fa915b 2008.0/i586/ftp-server-krb5-1.6.2-7.6mdv2008.0.i586.rpm
d393113b6af975d0b39fe9a4d65cf7e8 2008.0/i586/krb5-1.6.2-7.6mdv2008.0.i586.rpm
e33072b8a3b6224f5aecf7011218cd1f 2008.0/i586/krb5-server-1.6.2-7.6mdv2008.0.i586.rpm
0c9f8c605686f6520bf2478ae25bb105 2008.0/i586/krb5-workstation-1.6.2-7.6mdv2008.0.i586.rpm
4792b7d9585bb91f4143848160831459 2008.0/i586/libkrb53-1.6.2-7.6mdv2008.0.i586.rpm
6108a96de40deaad64893aaec2e9169b 2008.0/i586/libkrb53-devel-1.6.2-7.6mdv2008.0.i586.rpm
6647c6d8323324f4f89c8e15f5abc184 2008.0/i586/telnet-client-krb5-1.6.2-7.6mdv2008.0.i586.rpm
e3f73dd8b66154eef8df85f068f45a32 2008.0/i586/telnet-server-krb5-1.6.2-7.6mdv2008.0.i586.rpm
462548c305077345e9cca8cea9b2e07c 2008.0/SRPMS/krb5-1.6.2-7.6mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
4169daff665cacc305b2e4460ae34b8b 2008.0/x86_64/ftp-client-krb5-1.6.2-7.6mdv2008.0.x86_64.rpm
5ffc8e8939414ec5fc44408ae5a3263e 2008.0/x86_64/ftp-server-krb5-1.6.2-7.6mdv2008.0.x86_64.rpm
70ef16ef90a1e8d1c061f68126b99695 2008.0/x86_64/krb5-1.6.2-7.6mdv2008.0.x86_64.rpm
51a7698ce79eee2017ba11e8fa710a5a 2008.0/x86_64/krb5-server-1.6.2-7.6mdv2008.0.x86_64.rpm
a8e4fc325e3d603895651e6f8b6faacb 2008.0/x86_64/krb5-workstation-1.6.2-7.6mdv2008.0.x86_64.rpm
807b5d4e6f97715f54ccf7de0234277c 2008.0/x86_64/lib64krb53-1.6.2-7.6mdv2008.0.x86_64.rpm
1574a131535b6f7daed77b9d75335d5f 2008.0/x86_64/lib64krb53-devel-1.6.2-7.6mdv2008.0.x86_64.rpm
aedf0e161faaa2c697d9f389e1c6ccdd 2008.0/x86_64/telnet-client-krb5-1.6.2-7.6mdv2008.0.x86_64.rpm
33921c3b9d483ee531637b85bdf2f9f7 2008.0/x86_64/telnet-server-krb5-1.6.2-7.6mdv2008.0.x86_64.rpm
462548c305077345e9cca8cea9b2e07c 2008.0/SRPMS/krb5-1.6.2-7.6mdv2008.0.src.rpm

Mandriva Linux 2009.0:
8348b4c0e2fcaeadf561d89a9bc30eff 2009.0/i586/ftp-client-krb5-1.6.3-6.5mdv2009.0.i586.rpm
ec446d86c4d0ca38e6627d20a3b5b062 2009.0/i586/ftp-server-krb5-1.6.3-6.5mdv2009.0.i586.rpm
bbf43873ea9b64c7d39e7ed3a3fe3af9 2009.0/i586/krb5-1.6.3-6.5mdv2009.0.i586.rpm
bf03084dce6b6663eb8cace3d8f575ed 2009.0/i586/krb5-server-1.6.3-6.5mdv2009.0.i586.rpm
c97d923cf9676702f61fa9abe7cc6d6e 2009.0/i586/krb5-workstation-1.6.3-6.5mdv2009.0.i586.rpm
23879f2dc505a4b5e1cdd47c615dfbdc 2009.0/i586/libkrb53-1.6.3-6.5mdv2009.0.i586.rpm
8d54be1d19731ee34c6151e354261ace 2009.0/i586/libkrb53-devel-1.6.3-6.5mdv2009.0.i586.rpm
a14c815a5ee87e3d93dc9df1775e0d28 2009.0/i586/telnet-client-krb5-1.6.3-6.5mdv2009.0.i586.rpm
868455eb75ec804f5355b0be763e9857 2009.0/i586/telnet-server-krb5-1.6.3-6.5mdv2009.0.i586.rpm
548a22a46ab58c305f1a2f3ccbe45605 2009.0/SRPMS/krb5-1.6.3-6.5mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
ffb2cc7d487b28f298d83f41cb5042cd 2009.0/x86_64/ftp-client-krb5-1.6.3-6.5mdv2009.0.x86_64.rpm
d003a3957d8a93f81ec3e8c408d41aed 2009.0/x86_64/ftp-server-krb5-1.6.3-6.5mdv2009.0.x86_64.rpm
1cfc7fb186531bc674485b831f65e99e 2009.0/x86_64/krb5-1.6.3-6.5mdv2009.0.x86_64.rpm
2ba9ee4fa6fee4dbb356cc8d2e2e1caa 2009.0/x86_64/krb5-server-1.6.3-6.5mdv2009.0.x86_64.rpm
55b750acf97f15ebcc005c587635d658 2009.0/x86_64/krb5-workstation-1.6.3-6.5mdv2009.0.x86_64.rpm
76d3c4a434f9551be3623eabd051105e 2009.0/x86_64/lib64krb53-1.6.3-6.5mdv2009.0.x86_64.rpm
ea7072c168ef6b8726bb9d6956aa8d10 2009.0/x86_64/lib64krb53-devel-1.6.3-6.5mdv2009.0.x86_64.rpm
c470271cb9895c4733561b6084c46399 2009.0/x86_64/telnet-client-krb5-1.6.3-6.5mdv2009.0.x86_64.rpm
2e8a9f79a7a8821bd313e74f915e5dfa 2009.0/x86_64/telnet-server-krb5-1.6.3-6.5mdv2009.0.x86_64.rpm
548a22a46ab58c305f1a2f3ccbe45605 2009.0/SRPMS/krb5-1.6.3-6.5mdv2009.0.src.rpm

Mandriva Linux 2009.1:
0461fef49b6e6990c6351421c7b49400 2009.1/i586/ftp-client-krb5-1.6.3-9.3mdv2009.1.i586.rpm
2079c269a882a5d217c93f0a7d0a3f2e 2009.1/i586/ftp-server-krb5-1.6.3-9.3mdv2009.1.i586.rpm
26d7cce15de17218237f99a98a156d3e 2009.1/i586/krb5-1.6.3-9.3mdv2009.1.i586.rpm
5809edeb53147ad4ac807637d5ce77ca 2009.1/i586/krb5-server-1.6.3-9.3mdv2009.1.i586.rpm
0ebf738e81cd9539f9806e561a002f6b 2009.1/i586/krb5-workstation-1.6.3-9.3mdv2009.1.i586.rpm
dae6d71e81fee5f6f4908d10e1e33ad7 2009.1/i586/libkrb53-1.6.3-9.3mdv2009.1.i586.rpm
238c953aff7ff92287f4cc9b99ceafd7 2009.1/i586/libkrb53-devel-1.6.3-9.3mdv2009.1.i586.rpm
74f7d4c3b8312a8a8cebbd0afb08276b 2009.1/i586/telnet-client-krb5-1.6.3-9.3mdv2009.1.i586.rpm
550b2308d05d74a4e001e59093582c36 2009.1/i586/telnet-server-krb5-1.6.3-9.3mdv2009.1.i586.rpm
a831559162fce01ef507fc1feb73e9a3 2009.1/SRPMS/krb5-1.6.3-9.3mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
f9aaff955bfe4b09cd719b53ef578154 2009.1/x86_64/ftp-client-krb5-1.6.3-9.3mdv2009.1.x86_64.rpm
8e9a4eaa2d4472912de043b703f787fa 2009.1/x86_64/ftp-server-krb5-1.6.3-9.3mdv2009.1.x86_64.rpm
b819737bd6ecb850192af853056c336d 2009.1/x86_64/krb5-1.6.3-9.3mdv2009.1.x86_64.rpm
fa2ff36617c3bd6354fd9abb57a72fb0 2009.1/x86_64/krb5-server-1.6.3-9.3mdv2009.1.x86_64.rpm
132df6e2791be5e227020c3cacbad37c 2009.1/x86_64/krb5-workstation-1.6.3-9.3mdv2009.1.x86_64.rpm
7896f2aad05f97b3810609f741d740d6 2009.1/x86_64/lib64krb53-1.6.3-9.3mdv2009.1.x86_64.rpm
420acd75c5f1fb967e4e44fbcac421a9 2009.1/x86_64/lib64krb53-devel-1.6.3-9.3mdv2009.1.x86_64.rpm
d5bbeb4daa9ed044dadb66fbd6041ead 2009.1/x86_64/telnet-client-krb5-1.6.3-9.3mdv2009.1.x86_64.rpm
9e4c89357ffa2cb57f13016463162103 2009.1/x86_64/telnet-server-krb5-1.6.3-9.3mdv2009.1.x86_64.rpm
a831559162fce01ef507fc1feb73e9a3 2009.1/SRPMS/krb5-1.6.3-9.3mdv2009.1.src.rpm

Mandriva Linux 2010.0:
4f33d6e1a070ddc10a1193a575d2c62a 2010.0/i586/ftp-client-krb5-1.6.3-10.3mdv2010.0.i586.rpm
291f4429160419c3db509469a7886125 2010.0/i586/ftp-server-krb5-1.6.3-10.3mdv2010.0.i586.rpm
37931a40e27fefa202d794880f352b84 2010.0/i586/krb5-1.6.3-10.3mdv2010.0.i586.rpm
04897cc980635327d46e7318a0342f90 2010.0/i586/krb5-server-1.6.3-10.3mdv2010.0.i586.rpm
ab418fa061a440f6ac044edf15101df6 2010.0/i586/krb5-workstation-1.6.3-10.3mdv2010.0.i586.rpm
674a6102c46b7126eb5c73d7872c3cc3 2010.0/i586/libkrb53-1.6.3-10.3mdv2010.0.i586.rpm
210e2ac26cdd2d28349245677218a01b 2010.0/i586/libkrb53-devel-1.6.3-10.3mdv2010.0.i586.rpm
b400e04778bb788dc33970b01b4c137e 2010.0/i586/telnet-client-krb5-1.6.3-10.3mdv2010.0.i586.rpm
da8114785174c01dceeab63359822b68 2010.0/i586/telnet-server-krb5-1.6.3-10.3mdv2010.0.i586.rpm
9c68770f7cf1e801cfd2a3bb48fa3bf9 2010.0/SRPMS/krb5-1.6.3-10.3mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
607227ab277d30a67b0f04e00fac6beb 2010.0/x86_64/ftp-client-krb5-1.6.3-10.3mdv2010.0.x86_64.rpm
4894ebd2a03755a100dd4b28e6dc75e9 2010.0/x86_64/ftp-server-krb5-1.6.3-10.3mdv2010.0.x86_64.rpm
33051fb650eb78d70311f0fd0da690bd 2010.0/x86_64/krb5-1.6.3-10.3mdv2010.0.x86_64.rpm
b5e1a5dbdfcbb509713edce5531e5ec3 2010.0/x86_64/krb5-server-1.6.3-10.3mdv2010.0.x86_64.rpm
e21919b8244a99334c41ce17afed4e07 2010.0/x86_64/krb5-workstation-1.6.3-10.3mdv2010.0.x86_64.rpm
367f9dffd8fd57422de1e6a5163d4ba1 2010.0/x86_64/lib64krb53-1.6.3-10.3mdv2010.0.x86_64.rpm
898754305b0ac980809a35c69b40976a 2010.0/x86_64/lib64krb53-devel-1.6.3-10.3mdv2010.0.x86_64.rpm
02b52ef9de658a117e103b97f41277f3 2010.0/x86_64/telnet-client-krb5-1.6.3-10.3mdv2010.0.x86_64.rpm
deb44c8ba11b4d53a88f25c5fcb79001 2010.0/x86_64/telnet-server-krb5-1.6.3-10.3mdv2010.0.x86_64.rpm
9c68770f7cf1e801cfd2a3bb48fa3bf9 2010.0/SRPMS/krb5-1.6.3-10.3mdv2010.0.src.rpm

Corporate 4.0:
439079e5d3ebb2297761880598e8d8bb corporate/4.0/i586/ftp-client-krb5-1.4.3-5.9.20060mlcs4.i586.rpm
365c4b8b5a82875a5c8bd129b399734a corporate/4.0/i586/ftp-server-krb5-1.4.3-5.9.20060mlcs4.i586.rpm
dc1f6e63f3aaa284212e8aa7ddb6f6b0 corporate/4.0/i586/krb5-server-1.4.3-5.9.20060mlcs4.i586.rpm
9586f6e33e57a4c3f1c347b86f9c70c4 corporate/4.0/i586/krb5-workstation-1.4.3-5.9.20060mlcs4.i586.rpm
b49c574d86c42a0085a54b236aced5b6 corporate/4.0/i586/libkrb53-1.4.3-5.9.20060mlcs4.i586.rpm
ae348bc8ff358a87f44aa026b2484713 corporate/4.0/i586/libkrb53-devel-1.4.3-5.9.20060mlcs4.i586.rpm
4aac082d59cc3489b374b00ebded127a corporate/4.0/i586/telnet-client-krb5-1.4.3-5.9.20060mlcs4.i586.rpm
af304d77c7495a826fdac206d7496b12 corporate/4.0/i586/telnet-server-krb5-1.4.3-5.9.20060mlcs4.i586.rpm
8fe0d91a46de9233e71234b6032dc214 corporate/4.0/SRPMS/krb5-1.4.3-5.9.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
9fc7ce52541dfacaeee5fc0455865ae5 corporate/4.0/x86_64/ftp-client-krb5-1.4.3-5.9.20060mlcs4.x86_64.rpm
3a12cba54fb121a23cab340379e77fd5 corporate/4.0/x86_64/ftp-server-krb5-1.4.3-5.9.20060mlcs4.x86_64.rpm
5dc163e2745b11ecef99569c77ff06f5 corporate/4.0/x86_64/krb5-server-1.4.3-5.9.20060mlcs4.x86_64.rpm
8a037d6178e0bdb9bceca59bc8b8d851 corporate/4.0/x86_64/krb5-workstation-1.4.3-5.9.20060mlcs4.x86_64.rpm
20f86152565bafc44b052ea4e2facedf corporate/4.0/x86_64/lib64krb53-1.4.3-5.9.20060mlcs4.x86_64.rpm
74730d4716f994493f2488b5a906d31b corporate/4.0/x86_64/lib64krb53-devel-1.4.3-5.9.20060mlcs4.x86_64.rpm
b8fe0bb902f9bf5edbdcf84301b0ecc7 corporate/4.0/x86_64/telnet-client-krb5-1.4.3-5.9.20060mlcs4.x86_64.rpm
dc82c7658d75c7bb3f5f929f426d32d7 corporate/4.0/x86_64/telnet-server-krb5-1.4.3-5.9.20060mlcs4.x86_64.rpm
8fe0d91a46de9233e71234b6032dc214 corporate/4.0/SRPMS/krb5-1.4.3-5.9.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
450f4f0744f09403449067e4d723b4f8 mes5/i586/ftp-client-krb5-1.6.3-6.5mdvmes5.1.i586.rpm
961588fc63027b180aaadf5e3142ba30 mes5/i586/ftp-server-krb5-1.6.3-6.5mdvmes5.1.i586.rpm
d9703f6bfdcbb1145fa426b43cc66933 mes5/i586/krb5-1.6.3-6.5mdvmes5.1.i586.rpm
ddd5d23707c5962eae2c8b5b64cb9941 mes5/i586/krb5-server-1.6.3-6.5mdvmes5.1.i586.rpm
8c1f6fca8be6b41a9dc117e2b92602f5 mes5/i586/krb5-workstation-1.6.3-6.5mdvmes5.1.i586.rpm
d0e4e1e49866342c5d3b1872e7839004 mes5/i586/libkrb53-1.6.3-6.5mdvmes5.1.i586.rpm
a470b862aab815bd5b15f9805bb1c9c4 mes5/i586/libkrb53-devel-1.6.3-6.5mdvmes5.1.i586.rpm
395f721ca339c7788fb7c6cf4bb24992 mes5/i586/telnet-client-krb5-1.6.3-6.5mdvmes5.1.i586.rpm
b788c681f33d6453577a62ec96ac77fa mes5/i586/telnet-server-krb5-1.6.3-6.5mdvmes5.1.i586.rpm
d53598acef53207817d160e0e0d7f3c0 mes5/SRPMS/krb5-1.6.3-6.5mdvmes5.1.src.rpm

Mandriva Enterprise Server 5/X86_64:
086ec6ed1c4fbc4889a0d44dfb6f1343 mes5/x86_64/ftp-client-krb5-1.6.3-6.5mdvmes5.1.x86_64.rpm
8db64a3244be34c8d22c4768d974b615 mes5/x86_64/ftp-server-krb5-1.6.3-6.5mdvmes5.1.x86_64.rpm
7fb5a7cd740c8a92bc6f689ec359b032 mes5/x86_64/krb5-1.6.3-6.5mdvmes5.1.x86_64.rpm
88b4670b643991dab5fd43744f0e273f mes5/x86_64/krb5-server-1.6.3-6.5mdvmes5.1.x86_64.rpm
5d7ef6681adefcb41097b1dd3b69c3a7 mes5/x86_64/krb5-workstation-1.6.3-6.5mdvmes5.1.x86_64.rpm
1e579a1776641d9c17fcecfbeb0848ad mes5/x86_64/lib64krb53-1.6.3-6.5mdvmes5.1.x86_64.rpm
fcd9991a3e00e8dda9a042d1a9bf6d45 mes5/x86_64/lib64krb53-devel-1.6.3-6.5mdvmes5.1.x86_64.rpm
49c49b4fc7cd1a61cdbcbe9e9a68e5d5 mes5/x86_64/telnet-client-krb5-1.6.3-6.5mdvmes5.1.x86_64.rpm
110ef8e1fee86869ab57cdc703923efa mes5/x86_64/telnet-server-krb5-1.6.3-6.5mdvmes5.1.x86_64.rpm
d53598acef53207817d160e0e0d7f3c0 mes5/SRPMS/krb5-1.6.3-6.5mdvmes5.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFL89HamqjQ0CJFipgRAl7cAKCBY7ftHoN15da08Q5S0k+FSj4hGQCglEu1
jAu7N43nMyjWj0m/AchwC3o=
=li8R
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus