MGASA-2013-0087
Date: | March 9rd, 2013 |
Affected releases: | 2 |
Media: | Core |
Description:
Updated krb5 packages fix security vulnerability:
It was reported that the KDC plugin for PKINIT could dereference a NULL
pointer when a malformed packet caused processing to terminate early, which
led to a crash of the KDC process. An attacker would require a valid PKINIT
certificate or have observed a successful PKINIT authentication to execute a
successful attack. In addition, an unauthenticated attacker could execute
the attack of anonymouse PKINIT was enabled (CVE-2013-1415).
Updated Packages:
i586:
krb5-1.9.2-2.4.mga2.i586
libkrb53-devel-1.9.2-2.4.mga2.i586
libkrb53-1.9.2-2.4.mga2.i586
krb5-workstation-1.9.2-2.4.mga2.i586
krb5-server-ldap-1.9.2-2.4.mga2.i586
krb5-server-1.9.2-2.4.mga2.i586
x86_64:
lib64krb53-1.9.2-2.4.mga2.x86_64
krb5-server-1.9.2-2.4.mga2.x86_64
krb5-workstation-1.9.2-2.4.mga2.x86_64
krb5-1.9.2-2.4.mga2.x86_64
lib64krb53-devel-1.9.2-2.4.mga2.x86_64
krb5-pkinit-openssl-1.9.2-2.4.mga2.x86_64
krb5-server-ldap-1.9.2-2.4.mga2.x86_64
SRPMS:
krb5-1.9.2-2.4.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1415
http://web.mit.edu/kerberos/krb5-1.11/
https://bugzilla.redhat.com/show_bug.cgi?id=914749
https://bugs.mageia.org/show_bug.cgi?id=9226