Wiki » Support/Advisories/MGASA-2013-0131

MGASA-2013-0131

Description:
Updated krb5 packages fix security vulnerability:

A NULL pointer dereference flaw was found in the way the MIT Kerberos
KDC processed certain TGS (Ticket-granting Server) requests. A remote,
authenticated attacker could use this flaw to crash the KDC via a
specially-crafted TGS request (CVE-2013-1416).

Updated Packages:
i586:
krb5-1.9.2-2.5.mga2.i586.rpm
krb5-pkinit-openssl-1.9.2-2.5.mga2.i586.rpm
krb5-server-1.9.2-2.5.mga2.i586.rpm
krb5-server-ldap-1.9.2-2.5.mga2.i586.rpm
krb5-workstation-1.9.2-2.5.mga2.i586.rpm
libkrb53-1.9.2-2.5.mga2.i586.rpm
libkrb53-devel-1.9.2-2.5.mga2.i586.rpm
krb5-debug-1.9.2-2.5.mga2.i586.rpm

x86_64:
krb5-1.9.2-2.5.mga2.x86_64.rpm
krb5-pkinit-openssl-1.9.2-2.5.mga2.x86_64.rpm
krb5-server-1.9.2-2.5.mga2.x86_64.rpm
krb5-server-ldap-1.9.2-2.5.mga2.x86_64.rpm
krb5-workstation-1.9.2-2.5.mga2.x86_64.rpm
lib64krb53-1.9.2-2.5.mga2.x86_64.rpm
lib64krb53-devel-1.9.2-2.5.mga2.x86_64.rpm
krb5-debug-1.9.2-2.5.mga2.x86_64.rpm

SRPMS:
krb5-1.9.2-2.5.mga2.src.rpm

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1416
https://rhn.redhat.com/errata/RHSA-2013-0748.html
https://bugs.mageia.org/show_bug.cgi?id=9778