-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:166 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : krb5 Date : May 21, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been discovered and corrected in krb5: The kpasswd service provided by kadmind was vulnerable to a UDP ping-pong attack (CVE-2002-2443). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2443 https://bugzilla.redhat.com/show_bug.cgi?id=962531 _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 762c01ff4ce813cd3c5acce794c29aa3 mes5/i586/krb5-1.8.1-0.11mdvmes5.2.i586.rpm 415beef49e20f8b89c84b0270afbf1d6 mes5/i586/krb5-pkinit-openssl-1.8.1-0.11mdvmes5.2.i586.rpm a6bd6778ab49710b1a50633555b0dc27 mes5/i586/krb5-server-1.8.1-0.11mdvmes5.2.i586.rpm 497cfca620c25dd7ce523a61afdccc5e mes5/i586/krb5-server-ldap-1.8.1-0.11mdvmes5.2.i586.rpm 2fe4670b52795e8c74f53e7eee826c2c mes5/i586/krb5-workstation-1.8.1-0.11mdvmes5.2.i586.rpm 22926f634ea6ba5f816c14a2e30cc38a mes5/i586/libkrb53-1.8.1-0.11mdvmes5.2.i586.rpm 477f8f61cd9c8e577cd6797e850978ce mes5/i586/libkrb53-devel-1.8.1-0.11mdvmes5.2.i586.rpm 77c66246600b71f6471f75054e886cd4 mes5/SRPMS/krb5-1.8.1-0.11mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 1cab52ff4c719378b97ec3acbc7d911f mes5/x86_64/krb5-1.8.1-0.11mdvmes5.2.x86_64.rpm b5d51d32e5eaa96ab973e5ce151a5254 mes5/x86_64/krb5-pkinit-openssl-1.8.1-0.11mdvmes5.2.x86_64.rpm 6218fc79250aaec5c7ca19b193fdb8dc mes5/x86_64/krb5-server-1.8.1-0.11mdvmes5.2.x86_64.rpm 88de99aa8cde8adaee672c265292a355 mes5/x86_64/krb5-server-ldap-1.8.1-0.11mdvmes5.2.x86_64.rpm 39791a90573b4de08efdaf0193bbc5dc mes5/x86_64/krb5-workstation-1.8.1-0.11mdvmes5.2.x86_64.rpm 846b75578bb5559cfcf7aa2ce9e43156 mes5/x86_64/lib64krb53-1.8.1-0.11mdvmes5.2.x86_64.rpm 7351a8d2be13df25ab9c2534489a2da0 mes5/x86_64/lib64krb53-devel-1.8.1-0.11mdvmes5.2.x86_64.rpm 77c66246600b71f6471f75054e886cd4 mes5/SRPMS/krb5-1.8.1-0.11mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 3150d604a21be2373d223457da156734 mbs1/x86_64/krb5-1.9.2-3.3.mbs1.x86_64.rpm 52729f0759e686cfdf5f9c99efc28862 mbs1/x86_64/krb5-pkinit-openssl-1.9.2-3.3.mbs1.x86_64.rpm 4b997282ad6dd76eb7a10f07809bef71 mbs1/x86_64/krb5-server-1.9.2-3.3.mbs1.x86_64.rpm b10b3c0211e071ab93e818db684098f9 mbs1/x86_64/krb5-server-ldap-1.9.2-3.3.mbs1.x86_64.rpm 417d23306554b1d7d290e8d3fed1a2d8 mbs1/x86_64/krb5-workstation-1.9.2-3.3.mbs1.x86_64.rpm a17c8e2438c0415c9ea478bcc0715101 mbs1/x86_64/lib64krb53-1.9.2-3.3.mbs1.x86_64.rpm 2d05c4ac4b44be10ea1e3d4337689512 mbs1/x86_64/lib64krb53-devel-1.9.2-3.3.mbs1.x86_64.rpm 95305e2323d63546e970538b7d692447 mbs1/SRPMS/krb5-1.9.2-3.3.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRm3ZlmqjQ0CJFipgRAmRWAJ42vFSB5f9jXtt3hRarBQpqxARd/ACfa9qv esFWMrXe/0P1/wv2ag87c6w= =Lg3K -----END PGP SIGNATURE-----