-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:024 http://www.mandriva.com/security/ _______________________________________________________________________ Package : krb5 Date : January 9, 2011 Affected: 2009.0, 2010.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities were discovered and corrected in krb5: The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable to denial of service attacks from unauthenticated remote attackers (CVE-2011-0281, CVE-2011-0282). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0281 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0282 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: a19b45095a4c3a3325a23a98c9b62123 2009.0/i586/ftp-client-krb5-1.6.3-6.7mdv2009.0.i586.rpm 62ee1d7005c6fecc20f43d50773a8ab0 2009.0/i586/ftp-server-krb5-1.6.3-6.7mdv2009.0.i586.rpm 4a670066b022ca0d1e780e535b5dad34 2009.0/i586/krb5-1.6.3-6.7mdv2009.0.i586.rpm 27479079f1205258ebf1a95cde9c72c4 2009.0/i586/krb5-server-1.6.3-6.7mdv2009.0.i586.rpm 2b8bc1f146ae12947eb0d66571e71b6c 2009.0/i586/krb5-workstation-1.6.3-6.7mdv2009.0.i586.rpm 19fdf51bf9e901e42f59ca9e6e98f467 2009.0/i586/libkrb53-1.6.3-6.7mdv2009.0.i586.rpm d605d6a2482a43395f7099900bff82f2 2009.0/i586/libkrb53-devel-1.6.3-6.7mdv2009.0.i586.rpm 462f1389fe4095a4c4f0f6207672f2f3 2009.0/i586/telnet-client-krb5-1.6.3-6.7mdv2009.0.i586.rpm 296db9f5769dde078cb94e6e0d82095a 2009.0/i586/telnet-server-krb5-1.6.3-6.7mdv2009.0.i586.rpm 2bad38c6316246a6dc19064862355946 2009.0/SRPMS/krb5-1.6.3-6.7mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 874d1f1e9d08f0fd037dafb02f27e25a 2009.0/x86_64/ftp-client-krb5-1.6.3-6.7mdv2009.0.x86_64.rpm 809e11d3f613310a554cc410b265340a 2009.0/x86_64/ftp-server-krb5-1.6.3-6.7mdv2009.0.x86_64.rpm 1cba00d3b76c822327e475f65b8eb297 2009.0/x86_64/krb5-1.6.3-6.7mdv2009.0.x86_64.rpm 2cec696b37dca1c6838f22e6d15be960 2009.0/x86_64/krb5-server-1.6.3-6.7mdv2009.0.x86_64.rpm 2e5224b06920992dd089155524f59a84 2009.0/x86_64/krb5-workstation-1.6.3-6.7mdv2009.0.x86_64.rpm cc71b41dd2694b64ae0bd0a29f5901ae 2009.0/x86_64/lib64krb53-1.6.3-6.7mdv2009.0.x86_64.rpm 570353d6ce78ce9df326002439caec90 2009.0/x86_64/lib64krb53-devel-1.6.3-6.7mdv2009.0.x86_64.rpm fac2a3ec4699ea5468edd525581c176c 2009.0/x86_64/telnet-client-krb5-1.6.3-6.7mdv2009.0.x86_64.rpm c6101ff519432a473fe54813dee91920 2009.0/x86_64/telnet-server-krb5-1.6.3-6.7mdv2009.0.x86_64.rpm 2bad38c6316246a6dc19064862355946 2009.0/SRPMS/krb5-1.6.3-6.7mdv2009.0.src.rpm Mandriva Linux 2010.0: d5b2da171f65a6b7ac3e60e01e4d1712 2010.0/i586/ftp-client-krb5-1.6.3-10.5mdv2010.0.i586.rpm 27ae96d163768f10187a40eca4f754d2 2010.0/i586/ftp-server-krb5-1.6.3-10.5mdv2010.0.i586.rpm 498c4f101072718c07c2b7639d9d814d 2010.0/i586/krb5-1.6.3-10.5mdv2010.0.i586.rpm afdbc93b50cb27f0cede08efc9e3bc61 2010.0/i586/krb5-server-1.6.3-10.5mdv2010.0.i586.rpm 6f8b0b82cb75fdf87f25eb123a65fdcf 2010.0/i586/krb5-workstation-1.6.3-10.5mdv2010.0.i586.rpm 4273fddffc5937d7b026051eb7078a6d 2010.0/i586/libkrb53-1.6.3-10.5mdv2010.0.i586.rpm 65b924acbef7b5c7d1c5cfee4b050f89 2010.0/i586/libkrb53-devel-1.6.3-10.5mdv2010.0.i586.rpm 1c2d6cbdcffb7a34fb8ad3771d5ca037 2010.0/i586/telnet-client-krb5-1.6.3-10.5mdv2010.0.i586.rpm 3b562494dcadb73e4b92ce1f3e028c82 2010.0/i586/telnet-server-krb5-1.6.3-10.5mdv2010.0.i586.rpm ba422d1791aa61edbd91c90e544e216b 2010.0/SRPMS/krb5-1.6.3-10.5mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 893e5137d26a641a661495f8faa9d0f5 2010.0/x86_64/ftp-client-krb5-1.6.3-10.5mdv2010.0.x86_64.rpm 086f6d9a7614e866c813da5d3d92fde7 2010.0/x86_64/ftp-server-krb5-1.6.3-10.5mdv2010.0.x86_64.rpm 3402310b1f1717057f09ee11985d4aa6 2010.0/x86_64/krb5-1.6.3-10.5mdv2010.0.x86_64.rpm e0ec3c4ef7ac973fa938152aaaf53a29 2010.0/x86_64/krb5-server-1.6.3-10.5mdv2010.0.x86_64.rpm 499e66ced99df6f4bc037abccb80e025 2010.0/x86_64/krb5-workstation-1.6.3-10.5mdv2010.0.x86_64.rpm 125db3395bdf7efeaccf1316e6ed82d3 2010.0/x86_64/lib64krb53-1.6.3-10.5mdv2010.0.x86_64.rpm e76d507737e1f700a1525465e0521ddd 2010.0/x86_64/lib64krb53-devel-1.6.3-10.5mdv2010.0.x86_64.rpm 445d12b6d5a017d1d7be171c405177e6 2010.0/x86_64/telnet-client-krb5-1.6.3-10.5mdv2010.0.x86_64.rpm 4f70e288a102af2b67738fad436715fc 2010.0/x86_64/telnet-server-krb5-1.6.3-10.5mdv2010.0.x86_64.rpm ba422d1791aa61edbd91c90e544e216b 2010.0/SRPMS/krb5-1.6.3-10.5mdv2010.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNUo9BmqjQ0CJFipgRAmMoAKDFB46juPm6JexkKwC8TD5inxiIrQCfRra9 +o6dlSIfW5r4AX2DNw/cjdA= =R4xv -----END PGP SIGNATURE-----