-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:275 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : krb5 Date : November 21, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Updated krb5 package fixes security vulnerabily: If a KDC serves multiple realms, certain requests can cause setup_server_realm() to dereference a null pointer, crashing the KDC. This can be triggered by an unauthenticated user (CVE-2013-1418). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418 http://advisories.mageia.org/MGASA-2013-0335.html _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: c6e2a12f9334c9b0861f738e309ef21c mes5/i586/krb5-1.8.1-0.12mdvmes5.2.i586.rpm 099870aeac2424420be5a47718443e88 mes5/i586/krb5-pkinit-openssl-1.8.1-0.12mdvmes5.2.i586.rpm f683b619aed5b347c7d6b92070a86b77 mes5/i586/krb5-server-1.8.1-0.12mdvmes5.2.i586.rpm 369a1ac36bd88019c207aa1982f50753 mes5/i586/krb5-server-ldap-1.8.1-0.12mdvmes5.2.i586.rpm b303c5a842bc235c64cf1521e905bf4e mes5/i586/krb5-workstation-1.8.1-0.12mdvmes5.2.i586.rpm 24b5128661cb61497a8965abfc1b0e43 mes5/i586/libkrb53-1.8.1-0.12mdvmes5.2.i586.rpm f5dba26c5fdf746de303591346b8de63 mes5/i586/libkrb53-devel-1.8.1-0.12mdvmes5.2.i586.rpm 56849bc96afd72468707d055d286ce0a mes5/SRPMS/krb5-1.8.1-0.12mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: aaf04d799c2bb6e9bac4dc9f0c24ba99 mes5/x86_64/krb5-1.8.1-0.12mdvmes5.2.x86_64.rpm 29b3214d94a789911404d03a1e176403 mes5/x86_64/krb5-pkinit-openssl-1.8.1-0.12mdvmes5.2.x86_64.rpm 46ffafde92974ccc43501486b53028db mes5/x86_64/krb5-server-1.8.1-0.12mdvmes5.2.x86_64.rpm 1ad22a59ef287c424f6eaae5cc891365 mes5/x86_64/krb5-server-ldap-1.8.1-0.12mdvmes5.2.x86_64.rpm 63aa45265bc290f807cf14d4aa43843f mes5/x86_64/krb5-workstation-1.8.1-0.12mdvmes5.2.x86_64.rpm c884dcc1f33f1f802c2d8cee153cea85 mes5/x86_64/lib64krb53-1.8.1-0.12mdvmes5.2.x86_64.rpm ff88b48603330887ddf7d7c732600a7e mes5/x86_64/lib64krb53-devel-1.8.1-0.12mdvmes5.2.x86_64.rpm 56849bc96afd72468707d055d286ce0a mes5/SRPMS/krb5-1.8.1-0.12mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 76b585b948b99099d7f4176af973f0fd mbs1/x86_64/krb5-1.9.2-3.4.mbs1.x86_64.rpm 1081705b0e90cf301fe6a709d5f3661f mbs1/x86_64/krb5-pkinit-openssl-1.9.2-3.4.mbs1.x86_64.rpm dc28a054d134b3c74d5de881407e8391 mbs1/x86_64/krb5-server-1.9.2-3.4.mbs1.x86_64.rpm 006ede11ef91663f9f03a270110db97a mbs1/x86_64/krb5-server-ldap-1.9.2-3.4.mbs1.x86_64.rpm a86c414f752c1a663a304d8151116d02 mbs1/x86_64/krb5-workstation-1.9.2-3.4.mbs1.x86_64.rpm d1fac5ab68f0f8df723d9d83abcfef78 mbs1/x86_64/lib64krb53-1.9.2-3.4.mbs1.x86_64.rpm 1ec050aa3173941d0e4dbdb501085315 mbs1/x86_64/lib64krb53-devel-1.9.2-3.4.mbs1.x86_64.rpm fb6fa067fd8857905b0433d366470c15 mbs1/SRPMS/krb5-1.9.2-3.4.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSjdSRmqjQ0CJFipgRAvYCAKDOR+UvyukA+sBAuu1ZOHax2R2hhwCfWZbu zrWz2FmnSu0pcKLe+wofc0s= =fank -----END PGP SIGNATURE-----