Mandriva Linux Security Advisory 2010-130 - Certain invalid GSS-API tokens can cause a GSS-API acceptor (server) to crash due to a null pointer dereference in the GSS-API library. The updated packages have been patched to correct this issue.
5a363510cc86fa88ee8aa14537b88ea5f742ae16d68959c2ce6346cb423c3ff1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:130
http://www.mandriva.com/security/
_______________________________________________________________________
Package : heimdal
Date : July 7, 2010
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in heimdal:
Certain invalid GSS-API tokens can cause a GSS-API acceptor (server)
to crash due to a null pointer dereference in the GSS-API library
(CVE-2010-1321).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321
http://www.h5l.org/advisories.html?show=2010-05-27
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
60a0d4d8d59a6c33bb87af9d38389be6 mes5/i586/heimdal-daemons-1.2-4.1mdvmes5.1.i586.rpm
5a8379a376307648185baf277672f4a4 mes5/i586/heimdal-devel-1.2-4.1mdvmes5.1.i586.rpm
fae25dec3b145c0e58a94738107665e7 mes5/i586/heimdal-devel-doc-1.2-4.1mdvmes5.1.i586.rpm
563dd64df1506f58579cfba456e09cda mes5/i586/heimdal-ftp-1.2-4.1mdvmes5.1.i586.rpm
a54d8a021cec8363ec367f2e4dd7ba21 mes5/i586/heimdal-ftpd-1.2-4.1mdvmes5.1.i586.rpm
14c33bd11fb09905dd6545bb61e56216 mes5/i586/heimdal-libs-1.2-4.1mdvmes5.1.i586.rpm
e2d953abed1ec85688baeffc010d681f mes5/i586/heimdal-login-1.2-4.1mdvmes5.1.i586.rpm
38fb75e498161ace328f2578869a3255 mes5/i586/heimdal-rsh-1.2-4.1mdvmes5.1.i586.rpm
733b1f016412145487f0d64efadc48d0 mes5/i586/heimdal-rshd-1.2-4.1mdvmes5.1.i586.rpm
d42fa5813e4a7b9aee0a01bf2405e320 mes5/i586/heimdal-server-1.2-4.1mdvmes5.1.i586.rpm
0cf6ddc1a82d3ccd2cc5759be485f7a5 mes5/i586/heimdal-telnet-1.2-4.1mdvmes5.1.i586.rpm
12084bf73e18d9f2a091430d3b9ab77d mes5/i586/heimdal-telnetd-1.2-4.1mdvmes5.1.i586.rpm
af5bb4f467aeb801bd22f6adfcc0f842 mes5/i586/heimdal-workstation-1.2-4.1mdvmes5.1.i586.rpm
d41ca60ee0f8980f1b0ff2e4c0eff949 mes5/SRPMS/heimdal-1.2-4.1mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
d8e96af9bcf694199d5411e4fb2ed08c mes5/x86_64/heimdal-daemons-1.2-4.1mdvmes5.1.x86_64.rpm
c7b700952bb8603f0444a580cf20ec62 mes5/x86_64/heimdal-devel-1.2-4.1mdvmes5.1.x86_64.rpm
aaf8beb12b4025a62717454be34db078 mes5/x86_64/heimdal-devel-doc-1.2-4.1mdvmes5.1.x86_64.rpm
7ad7f3d8a79f91fb8d1ed3d432ac9f45 mes5/x86_64/heimdal-ftp-1.2-4.1mdvmes5.1.x86_64.rpm
d6b84ff544941b876e6d55520390ee1a mes5/x86_64/heimdal-ftpd-1.2-4.1mdvmes5.1.x86_64.rpm
90d18fc592b62805523e173edf779f77 mes5/x86_64/heimdal-libs-1.2-4.1mdvmes5.1.x86_64.rpm
94327fc1bf983b766c71f466aceb8edc mes5/x86_64/heimdal-login-1.2-4.1mdvmes5.1.x86_64.rpm
30f310553eecc760770be72708ae5cfa mes5/x86_64/heimdal-rsh-1.2-4.1mdvmes5.1.x86_64.rpm
8740c265aaccb35fa0a003cb3fbfbfab mes5/x86_64/heimdal-rshd-1.2-4.1mdvmes5.1.x86_64.rpm
5f3c301ca663cfd0d16561d77437d7d6 mes5/x86_64/heimdal-server-1.2-4.1mdvmes5.1.x86_64.rpm
24d0fc45b274a0d27cba06bfa5c5a1af mes5/x86_64/heimdal-telnet-1.2-4.1mdvmes5.1.x86_64.rpm
b6605d1f09f73e49dee0bddb20316721 mes5/x86_64/heimdal-telnetd-1.2-4.1mdvmes5.1.x86_64.rpm
9dc269e3c28fbccd6485173aa1838245 mes5/x86_64/heimdal-workstation-1.2-4.1mdvmes5.1.x86_64.rpm
d41ca60ee0f8980f1b0ff2e4c0eff949 mes5/SRPMS/heimdal-1.2-4.1mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMNH9nmqjQ0CJFipgRAsE8AKDvy2f3Edmz6Pmkoj1xVMrGj32YYwCfbkMw
+E2oonudfbWDETgh5M0246s=
=X5wQ
-----END PGP SIGNATURE-----