-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:098-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : krb5 Date : December 8, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in krb5: The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read (CVE-2009-0844). The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token (CVE-2009-0845). The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer (CVE-2009-0846). The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic (CVE-2009-0847). The updated packages have been patched to correct these issues. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0847 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 76c92a66601230990ff6281c42067749 2008.0/i586/ftp-client-krb5-1.6.2-7.3mdv2008.0.i586.rpm 218e4da0c92e594074dc3fbcd27cb3d7 2008.0/i586/ftp-server-krb5-1.6.2-7.3mdv2008.0.i586.rpm 1051b34f188f5a2606d9ab8a1f126670 2008.0/i586/krb5-1.6.2-7.3mdv2008.0.i586.rpm c221a8252b9fd218a813c6a0bff93d6f 2008.0/i586/krb5-server-1.6.2-7.3mdv2008.0.i586.rpm 7a247e309408dd0b71359f39caf1b7f6 2008.0/i586/krb5-workstation-1.6.2-7.3mdv2008.0.i586.rpm a97f9c43d1eefab82742884db15d5bbc 2008.0/i586/libkrb53-1.6.2-7.3mdv2008.0.i586.rpm 27dd46df53ff045324a034d0ca82d49c 2008.0/i586/libkrb53-devel-1.6.2-7.3mdv2008.0.i586.rpm 431452767e975eb64cc6cd247063d37c 2008.0/i586/telnet-client-krb5-1.6.2-7.3mdv2008.0.i586.rpm aaba3becaf596303a3c13971791c2754 2008.0/i586/telnet-server-krb5-1.6.2-7.3mdv2008.0.i586.rpm 53c1386ea4b5df817c291036c0b87c87 2008.0/SRPMS/krb5-1.6.2-7.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: e2f5fe97c5378b7289f82e91bdd6bddd 2008.0/x86_64/ftp-client-krb5-1.6.2-7.3mdv2008.0.x86_64.rpm a08df3ac4dca4acdf206319a3719fbdd 2008.0/x86_64/ftp-server-krb5-1.6.2-7.3mdv2008.0.x86_64.rpm 885d1a0531dfb0cf76caa7c4ff3fe18e 2008.0/x86_64/krb5-1.6.2-7.3mdv2008.0.x86_64.rpm 039ee08d160d7e69d08bada9094b97a3 2008.0/x86_64/krb5-server-1.6.2-7.3mdv2008.0.x86_64.rpm 9b38bbdf14e5497210fc089f557e95e1 2008.0/x86_64/krb5-workstation-1.6.2-7.3mdv2008.0.x86_64.rpm a0c7e0644a2003de2c0b9c9950732aa4 2008.0/x86_64/lib64krb53-1.6.2-7.3mdv2008.0.x86_64.rpm 5ba2c89f29763d83566c6fef282b739b 2008.0/x86_64/lib64krb53-devel-1.6.2-7.3mdv2008.0.x86_64.rpm ecda67b1be41c463bef90354ded0915f 2008.0/x86_64/telnet-client-krb5-1.6.2-7.3mdv2008.0.x86_64.rpm 500a7f81e1be11f4b5100f231035e819 2008.0/x86_64/telnet-server-krb5-1.6.2-7.3mdv2008.0.x86_64.rpm 53c1386ea4b5df817c291036c0b87c87 2008.0/SRPMS/krb5-1.6.2-7.3mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLHneQmqjQ0CJFipgRAiufAJ4+LNorMYEk9enGwlPtLnnzjMc8zACbBCW1 V+QcAY7lO0qyPBjOe2tWP10= =kA3r -----END PGP SIGNATURE-----