MGASA-2012-0196
| Date: | August 3rd, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated krb5 packages fix security vulnerability:
The MIT krb5 KDC (Key Distribution Center) daemon can free an
uninitialized pointer while processing an unusual AS-REQ, corrupting
the process heap and possibly causing the daemon to abnormally
terminate. An attacker could use this vulnerability to execute
malicious code, but exploiting frees of uninitialized pointers to
execute code is believed to be difficult. It is possible that a
legitimate client that is misconfigured in an unusual way could
trigger this vulnerability (CVE-2012-1015).
Updated Packages:
Mageia 1:
krb5-1.8.3-5.4.mga1
krb5-pkinit-openssl-1.8.3-5.4.mga1
krb5-server-1.8.3-5.4.mga1
krb5-server-ldap-1.8.3-5.4.mga1
krb5-workstation-1.8.3-5.4.mga1
lib(64)krb53-1.8.3-5.4.mga1
lib(64)krb53-devel-1.8.3-5.4.mga1
Mageia 2:
krb5-1.9.2-2.3.mga2
krb5-pkinit-openssl-1.9.2-2.3.mga2
krb5-server-1.9.2-2.3.mga2
krb5-server-ldap-1.9.2-2.3.mga2
krb5-workstation-1.9.2-2.3.mga2
libk(64)rb53-1.9.2-2.3.mga2
libk(64)rb53-devel-1.9.2-2.3.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1015
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2012-001.txt
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:111
https://bugs.mageia.org/show_bug.cgi?id=6929
