-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:006 http://www.mandriva.com/security/ _______________________________________________________________________ Package : krb5 Date : January 14, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in krb5: Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid (CVE-2009-4212). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4212 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 3f9877323a8682d46fc8964afe682b2a 2008.0/i586/ftp-client-krb5-1.6.2-7.4mdv2008.0.i586.rpm 4a96d33bb0c2ebcc871dec7987271c31 2008.0/i586/ftp-server-krb5-1.6.2-7.4mdv2008.0.i586.rpm 02f7b03f7b43d9f257ce87d470cc67dc 2008.0/i586/krb5-1.6.2-7.4mdv2008.0.i586.rpm 33652872e25744551c5b926d172e3856 2008.0/i586/krb5-server-1.6.2-7.4mdv2008.0.i586.rpm 8f5632e2f27e303c29d158af200f0f13 2008.0/i586/krb5-workstation-1.6.2-7.4mdv2008.0.i586.rpm 18e849c5ea0e3a887d004bf73d07e79c 2008.0/i586/libkrb53-1.6.2-7.4mdv2008.0.i586.rpm b8fc5b5f329ff5c554d454798a105e14 2008.0/i586/libkrb53-devel-1.6.2-7.4mdv2008.0.i586.rpm 95379b91c3c320b039ce77846edfff08 2008.0/i586/telnet-client-krb5-1.6.2-7.4mdv2008.0.i586.rpm b3b487d3d7a4f90b48b7d2ab3865989f 2008.0/i586/telnet-server-krb5-1.6.2-7.4mdv2008.0.i586.rpm 2036d31ad25108ec82fc1863986dfb7e 2008.0/SRPMS/krb5-1.6.2-7.4mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 301d16b552a89c7bdf8756738a9bc7be 2008.0/x86_64/ftp-client-krb5-1.6.2-7.4mdv2008.0.x86_64.rpm 7c15e38d490ee573c86a879f855c1541 2008.0/x86_64/ftp-server-krb5-1.6.2-7.4mdv2008.0.x86_64.rpm 1aab2b07a17ad1c5d44d8f23694f69ea 2008.0/x86_64/krb5-1.6.2-7.4mdv2008.0.x86_64.rpm cc72244d669ea970cfa6c16d88b5f415 2008.0/x86_64/krb5-server-1.6.2-7.4mdv2008.0.x86_64.rpm f9a67df29f85dc9dbe5fc6c9686e7d04 2008.0/x86_64/krb5-workstation-1.6.2-7.4mdv2008.0.x86_64.rpm e90cfe766adb7ee3cfd15a7cc2840926 2008.0/x86_64/lib64krb53-1.6.2-7.4mdv2008.0.x86_64.rpm f341ee50fb9a7f739d509bcdcea1066c 2008.0/x86_64/lib64krb53-devel-1.6.2-7.4mdv2008.0.x86_64.rpm 910d25bf1af5e907cc58391ee57ebf33 2008.0/x86_64/telnet-client-krb5-1.6.2-7.4mdv2008.0.x86_64.rpm ab63da7669b7cf4b314a1401783a3c76 2008.0/x86_64/telnet-server-krb5-1.6.2-7.4mdv2008.0.x86_64.rpm 2036d31ad25108ec82fc1863986dfb7e 2008.0/SRPMS/krb5-1.6.2-7.4mdv2008.0.src.rpm Mandriva Linux 2009.0: a4b1364b79ec610e5ce69a6e424b0a7c 2009.0/i586/ftp-client-krb5-1.6.3-6.3mdv2009.0.i586.rpm fee93c3212018c016888f03f11212a96 2009.0/i586/ftp-server-krb5-1.6.3-6.3mdv2009.0.i586.rpm 20f34652bb8f7c47686a93003ad9c5ae 2009.0/i586/krb5-1.6.3-6.3mdv2009.0.i586.rpm 7597f35b3fba535cff3bd8902dc33d07 2009.0/i586/krb5-server-1.6.3-6.3mdv2009.0.i586.rpm 6da86dceb4c78bee8db7b51807fec668 2009.0/i586/krb5-workstation-1.6.3-6.3mdv2009.0.i586.rpm fb201a257271cbdcc4593738b9113e25 2009.0/i586/libkrb53-1.6.3-6.3mdv2009.0.i586.rpm 5942d94ad05d357c1a31dd9790368c60 2009.0/i586/libkrb53-devel-1.6.3-6.3mdv2009.0.i586.rpm 2c7635939ff41721ea0c6cba421815c1 2009.0/i586/telnet-client-krb5-1.6.3-6.3mdv2009.0.i586.rpm 1ca5ef8f0a48b9fc1e8c36a8dd362075 2009.0/i586/telnet-server-krb5-1.6.3-6.3mdv2009.0.i586.rpm e7fd2cc66b4e98da26c3f91af3cbc525 2009.0/SRPMS/krb5-1.6.3-6.3mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 6275f96cc4343d9ba150bfb69a48c7b8 2009.0/x86_64/ftp-client-krb5-1.6.3-6.3mdv2009.0.x86_64.rpm 42fbda00420d8f44d75a4c9fab3ad9d5 2009.0/x86_64/ftp-server-krb5-1.6.3-6.3mdv2009.0.x86_64.rpm 936801a3bdee5c5b9e607bb7cd3d62c5 2009.0/x86_64/krb5-1.6.3-6.3mdv2009.0.x86_64.rpm b56dbdd4152d22ee2acba1742ce74004 2009.0/x86_64/krb5-server-1.6.3-6.3mdv2009.0.x86_64.rpm 8ae88653dc5691c0c7a1f332e5a33642 2009.0/x86_64/krb5-workstation-1.6.3-6.3mdv2009.0.x86_64.rpm 99d8806257038016407df425343c56de 2009.0/x86_64/lib64krb53-1.6.3-6.3mdv2009.0.x86_64.rpm 774240afcd37643f1679c4b9a9ce3962 2009.0/x86_64/lib64krb53-devel-1.6.3-6.3mdv2009.0.x86_64.rpm ee345eaba4e7fa8a72a2a913afeb9e9c 2009.0/x86_64/telnet-client-krb5-1.6.3-6.3mdv2009.0.x86_64.rpm 7347799b83f403d542a4508a21fa3183 2009.0/x86_64/telnet-server-krb5-1.6.3-6.3mdv2009.0.x86_64.rpm e7fd2cc66b4e98da26c3f91af3cbc525 2009.0/SRPMS/krb5-1.6.3-6.3mdv2009.0.src.rpm Mandriva Linux 2009.1: bd940c4dbe3bbbf108b594cd9244371d 2009.1/i586/ftp-client-krb5-1.6.3-9.1mdv2009.1.i586.rpm 41a83f30682b4561faa3dc7870b1231c 2009.1/i586/ftp-server-krb5-1.6.3-9.1mdv2009.1.i586.rpm 5b29f9816936b6e7afa9b63820b95808 2009.1/i586/krb5-1.6.3-9.1mdv2009.1.i586.rpm 8aafae4efbb0e8d1857cf96e2997688d 2009.1/i586/krb5-server-1.6.3-9.1mdv2009.1.i586.rpm 630032e65b25747cafa372e574ba1586 2009.1/i586/krb5-workstation-1.6.3-9.1mdv2009.1.i586.rpm b31943f4cafc6ef9ffecc1608c99905e 2009.1/i586/libkrb53-1.6.3-9.1mdv2009.1.i586.rpm 75fc0bd8c2b539960b01f174e72f54e4 2009.1/i586/libkrb53-devel-1.6.3-9.1mdv2009.1.i586.rpm 12be918c75c4f7cb5f4784f60b2ec158 2009.1/i586/telnet-client-krb5-1.6.3-9.1mdv2009.1.i586.rpm 01ec226f86423f5c6cf8b30d4c29db87 2009.1/i586/telnet-server-krb5-1.6.3-9.1mdv2009.1.i586.rpm 02b9bf1009a7e3008ed7cae62b675f55 2009.1/SRPMS/krb5-1.6.3-9.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: cef0e37c65bfb093867178fca02ab907 2009.1/x86_64/ftp-client-krb5-1.6.3-9.1mdv2009.1.x86_64.rpm a7ac92a92d0b8c32650270c16b0283d9 2009.1/x86_64/ftp-server-krb5-1.6.3-9.1mdv2009.1.x86_64.rpm c9f6ff66414fc599a6cab64a97467024 2009.1/x86_64/krb5-1.6.3-9.1mdv2009.1.x86_64.rpm 538d4e0927a67a94b71b2dff60ba7316 2009.1/x86_64/krb5-server-1.6.3-9.1mdv2009.1.x86_64.rpm 0ba16572e547c68e1cf2f92e5dcfe15b 2009.1/x86_64/krb5-workstation-1.6.3-9.1mdv2009.1.x86_64.rpm 3e663e156b9ae82e0fadf8b6f46690c7 2009.1/x86_64/lib64krb53-1.6.3-9.1mdv2009.1.x86_64.rpm 2e680d93f015df4d90bce51c88cda06b 2009.1/x86_64/lib64krb53-devel-1.6.3-9.1mdv2009.1.x86_64.rpm 2cbec209ac41a9ac6abdbd68cb41026f 2009.1/x86_64/telnet-client-krb5-1.6.3-9.1mdv2009.1.x86_64.rpm 774a2db3e4d5cac26a6ebccf38515263 2009.1/x86_64/telnet-server-krb5-1.6.3-9.1mdv2009.1.x86_64.rpm 02b9bf1009a7e3008ed7cae62b675f55 2009.1/SRPMS/krb5-1.6.3-9.1mdv2009.1.src.rpm Mandriva Linux 2010.0: 9564e64639655042be33cfb07adc5b0b 2010.0/i586/ftp-client-krb5-1.6.3-10.1mdv2010.0.i586.rpm a865166a92ce13223b4190c7fb565a33 2010.0/i586/ftp-server-krb5-1.6.3-10.1mdv2010.0.i586.rpm 688a8ecbdd3bb15d58dc8295644bb156 2010.0/i586/krb5-1.6.3-10.1mdv2010.0.i586.rpm 97b7799f4c8d6c94a48bb9b3f26011c0 2010.0/i586/krb5-server-1.6.3-10.1mdv2010.0.i586.rpm 4bfc674dc65684e19ec8227aed05a197 2010.0/i586/krb5-workstation-1.6.3-10.1mdv2010.0.i586.rpm 9091b1c647849b00eb5c21b2fa94c2e4 2010.0/i586/libkrb53-1.6.3-10.1mdv2010.0.i586.rpm f4f3e295f6df824bed200dcf279ca783 2010.0/i586/libkrb53-devel-1.6.3-10.1mdv2010.0.i586.rpm ff64a92f06e6f195858df9bf9c8ed553 2010.0/i586/telnet-client-krb5-1.6.3-10.1mdv2010.0.i586.rpm 3b69b319ddf80606333f4ba9f2eaab1e 2010.0/i586/telnet-server-krb5-1.6.3-10.1mdv2010.0.i586.rpm eed078830ca8c373a67a36659f4156f7 2010.0/SRPMS/krb5-1.6.3-10.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: a8ca79e8c3545f27cccec7263938fa58 2010.0/x86_64/ftp-client-krb5-1.6.3-10.1mdv2010.0.x86_64.rpm 61ea43e5c1231ced9d4dbe512797d95c 2010.0/x86_64/ftp-server-krb5-1.6.3-10.1mdv2010.0.x86_64.rpm 55dfc203493c90de20dac60b68e459c6 2010.0/x86_64/krb5-1.6.3-10.1mdv2010.0.x86_64.rpm 6a5c2e2650a76a04d14cf2192dc538b4 2010.0/x86_64/krb5-server-1.6.3-10.1mdv2010.0.x86_64.rpm be19d730d33044d4590173e3e9ba2133 2010.0/x86_64/krb5-workstation-1.6.3-10.1mdv2010.0.x86_64.rpm a8d3b964ad62ff26949ecd00db886bff 2010.0/x86_64/lib64krb53-1.6.3-10.1mdv2010.0.x86_64.rpm f459014d92766147b96cbd9d66080d9d 2010.0/x86_64/lib64krb53-devel-1.6.3-10.1mdv2010.0.x86_64.rpm 7a74b79812a6698fe525c72dd98d921e 2010.0/x86_64/telnet-client-krb5-1.6.3-10.1mdv2010.0.x86_64.rpm 577e8189b4f47b9842ec8efdbd6c8807 2010.0/x86_64/telnet-server-krb5-1.6.3-10.1mdv2010.0.x86_64.rpm eed078830ca8c373a67a36659f4156f7 2010.0/SRPMS/krb5-1.6.3-10.1mdv2010.0.src.rpm Corporate 4.0: 11d1e94b3a744f25b1f213f503a8b55b corporate/4.0/i586/ftp-client-krb5-1.4.3-5.8.20060mlcs4.i586.rpm 1e982756728c4ec0f6a22706e56fdc55 corporate/4.0/i586/ftp-server-krb5-1.4.3-5.8.20060mlcs4.i586.rpm 519ea60566ff8d244ef91bc7a8e6b04e corporate/4.0/i586/krb5-server-1.4.3-5.8.20060mlcs4.i586.rpm 3fbc6a845ad8e98d6386970e21ed4cc7 corporate/4.0/i586/krb5-workstation-1.4.3-5.8.20060mlcs4.i586.rpm 20f8ec3a710b7b79c9eefdc81f482ce1 corporate/4.0/i586/libkrb53-1.4.3-5.8.20060mlcs4.i586.rpm ad8100f3ae7d7b9aa509b3170b0ac06f corporate/4.0/i586/libkrb53-devel-1.4.3-5.8.20060mlcs4.i586.rpm 02fcbbb73c1215b5ce8f91a56090df6c corporate/4.0/i586/telnet-client-krb5-1.4.3-5.8.20060mlcs4.i586.rpm d0dfe23c09df8bca5868a3dd3d81089d corporate/4.0/i586/telnet-server-krb5-1.4.3-5.8.20060mlcs4.i586.rpm c9dd7050a59cb960bc59d01e483c03f8 corporate/4.0/SRPMS/krb5-1.4.3-5.8.20060mlcs4.src.rpm Corporate 4.0/X86_64: 9905fff64fe507df407d33b2c46c557e corporate/4.0/x86_64/ftp-client-krb5-1.4.3-5.8.20060mlcs4.x86_64.rpm 16811f6f81fc25320addad1407adbae6 corporate/4.0/x86_64/ftp-server-krb5-1.4.3-5.8.20060mlcs4.x86_64.rpm 7e3843649e333d06f44953ba4d4c94bd corporate/4.0/x86_64/krb5-server-1.4.3-5.8.20060mlcs4.x86_64.rpm db6163aa45a273d11317520cdb0f18d9 corporate/4.0/x86_64/krb5-workstation-1.4.3-5.8.20060mlcs4.x86_64.rpm 85c0e587bc48849e54d1e4127b66558e corporate/4.0/x86_64/lib64krb53-1.4.3-5.8.20060mlcs4.x86_64.rpm 6716a25c13927ca9f6e0911247a6b876 corporate/4.0/x86_64/lib64krb53-devel-1.4.3-5.8.20060mlcs4.x86_64.rpm 99fa0b4fc421b693f54bf879bbe3c047 corporate/4.0/x86_64/telnet-client-krb5-1.4.3-5.8.20060mlcs4.x86_64.rpm f9cbce455397f88045252285e3a64bd8 corporate/4.0/x86_64/telnet-server-krb5-1.4.3-5.8.20060mlcs4.x86_64.rpm c9dd7050a59cb960bc59d01e483c03f8 corporate/4.0/SRPMS/krb5-1.4.3-5.8.20060mlcs4.src.rpm Mandriva Enterprise Server 5: d50077d7d3b27f062ae467e549cd7b9f mes5/i586/ftp-client-krb5-1.6.3-6.3mdvmes5.i586.rpm bf657fb82c0a36c8529ef04f0011c400 mes5/i586/ftp-server-krb5-1.6.3-6.3mdvmes5.i586.rpm 6a4ff9bd908826bb24f1f6d9137689e4 mes5/i586/krb5-1.6.3-6.3mdvmes5.i586.rpm 3027f3803ce6c7e2717f66b77d302bce mes5/i586/krb5-server-1.6.3-6.3mdvmes5.i586.rpm d201545cdd247981dec705d241338bbf mes5/i586/krb5-workstation-1.6.3-6.3mdvmes5.i586.rpm ade134ee20c6b125a70f2c5abf7e62fb mes5/i586/libkrb53-1.6.3-6.3mdvmes5.i586.rpm 19984a6230fcf62b212428a9b803b7b0 mes5/i586/libkrb53-devel-1.6.3-6.3mdvmes5.i586.rpm 190a03e8f7adb0d0f8a379686cb2ebd8 mes5/i586/telnet-client-krb5-1.6.3-6.3mdvmes5.i586.rpm e32d3dbd5f13fc6d72eb8556a3c9e6e8 mes5/i586/telnet-server-krb5-1.6.3-6.3mdvmes5.i586.rpm 0a2e367569882611418e9598385060e0 mes5/SRPMS/krb5-1.6.3-6.3mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 5ea302ca4e8396db1c1f2042be2c94dc mes5/x86_64/ftp-client-krb5-1.6.3-6.3mdvmes5.x86_64.rpm 6a3a878b4f60c3f9120380d2fcadf2af mes5/x86_64/ftp-server-krb5-1.6.3-6.3mdvmes5.x86_64.rpm 90c75c976fa6a17262fed6d79caccd9d mes5/x86_64/krb5-1.6.3-6.3mdvmes5.x86_64.rpm 0313f491dc95f84ecc45364517e5ba67 mes5/x86_64/krb5-server-1.6.3-6.3mdvmes5.x86_64.rpm 067614ffabfd4022f80a7d8f597040da mes5/x86_64/krb5-workstation-1.6.3-6.3mdvmes5.x86_64.rpm 8c78c5dda0926034d5ece745b54f00ba mes5/x86_64/lib64krb53-1.6.3-6.3mdvmes5.x86_64.rpm c0c2c1ab821ea82c6d3172545f2d5964 mes5/x86_64/lib64krb53-devel-1.6.3-6.3mdvmes5.x86_64.rpm d03ed0167fd730966550a154dcd25dea mes5/x86_64/telnet-client-krb5-1.6.3-6.3mdvmes5.x86_64.rpm d6c921c559d457fdb223b29b652946c6 mes5/x86_64/telnet-server-krb5-1.6.3-6.3mdvmes5.x86_64.rpm 0a2e367569882611418e9598385060e0 mes5/SRPMS/krb5-1.6.3-6.3mdvmes5.src.rpm Multi Network Firewall 2.0: 8188672e283e7da25f3eb40e74e9076f mnf/2.0/i586/ftp-client-krb5-1.3-6.12.M20mdk.i586.rpm fee1405f8ffd2dc543c0940622489f42 mnf/2.0/i586/ftp-server-krb5-1.3-6.12.M20mdk.i586.rpm a03f612767fbd3086da601342dae6976 mnf/2.0/i586/krb5-server-1.3-6.12.M20mdk.i586.rpm e8dede7893cea03f48ca05a916435908 mnf/2.0/i586/krb5-workstation-1.3-6.12.M20mdk.i586.rpm 9c67f6a724c630e005fa089543db4e01 mnf/2.0/i586/libkrb51-1.3-6.12.M20mdk.i586.rpm dced641a293b9f03eeb6a71562a9eea9 mnf/2.0/i586/libkrb51-devel-1.3-6.12.M20mdk.i586.rpm 37ba8ce1cef8294236737f8b5c7b9452 mnf/2.0/i586/telnet-client-krb5-1.3-6.12.M20mdk.i586.rpm a21c4de771c3bed1ed0ac5ee2adcc4c7 mnf/2.0/i586/telnet-server-krb5-1.3-6.12.M20mdk.i586.rpm ae1202ff24cc4705c50fcf19ebbead3e mnf/2.0/SRPMS/krb5-1.3-6.12.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLTlEsmqjQ0CJFipgRAnCcAJ0b0JhMdewhYqHwbTvOjCC6nZsZ3wCdHcmw Ac0nN6ORevU6+zoGxZNiXL4= =dKt1 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/