-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:025 http://www.mandriva.com/security/ _______________________________________________________________________ Package : krb5 Date : January 9, 2011 Affected: 2010.1, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities were discovered and corrected in krb5: The MIT krb5 KDC database propagation daemon (kpropd) is vulnerable to a denial-of-service attack triggered by invalid network input. If a kpropd worker process receives invalid input that causes it to exit with an abnormal status, it can cause the termination of the listening process that spawned it, preventing the slave KDC it was running on From receiving database updates from the master KDC (CVE-2010-4022). The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable to denial of service attacks from unauthenticated remote attackers (CVE-2011-0281, CVE-2011-0282). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4022 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0281 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0282 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-001.txt http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 4257cc617b96c71c95256eab33442bc2 2010.1/i586/krb5-1.8.1-5.3mdv2010.2.i586.rpm 025655b729ac32712c54f801849e93c2 2010.1/i586/krb5-pkinit-openssl-1.8.1-5.3mdv2010.2.i586.rpm b690a8719f533a29ae7f92397b8c89fd 2010.1/i586/krb5-server-1.8.1-5.3mdv2010.2.i586.rpm 60cf99234bd79802947425404eb4493b 2010.1/i586/krb5-server-ldap-1.8.1-5.3mdv2010.2.i586.rpm adab88a879966d2a0daf4d17bfd288fc 2010.1/i586/krb5-workstation-1.8.1-5.3mdv2010.2.i586.rpm a481d252c831d40de9d7ccf00403105e 2010.1/i586/libkrb53-1.8.1-5.3mdv2010.2.i586.rpm b031d51a205194decf50c5187e0d0e50 2010.1/i586/libkrb53-devel-1.8.1-5.3mdv2010.2.i586.rpm a2e5bcabf3633d6f32c214b03f1252eb 2010.1/SRPMS/krb5-1.8.1-5.3mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 586ecee11e45dc3266f172a58169a945 2010.1/x86_64/krb5-1.8.1-5.3mdv2010.2.x86_64.rpm d9418b6bfe4aff10c9de32d08a4cd4fc 2010.1/x86_64/krb5-pkinit-openssl-1.8.1-5.3mdv2010.2.x86_64.rpm 31a9d6629d25eea120fbd11853e25e0c 2010.1/x86_64/krb5-server-1.8.1-5.3mdv2010.2.x86_64.rpm 7fd34307e298b4f47970d3c77851ecdb 2010.1/x86_64/krb5-server-ldap-1.8.1-5.3mdv2010.2.x86_64.rpm 42552d1978fc6e66c3d7138da59b103d 2010.1/x86_64/krb5-workstation-1.8.1-5.3mdv2010.2.x86_64.rpm 362506d043aa087dcb743a0a3aa4f687 2010.1/x86_64/lib64krb53-1.8.1-5.3mdv2010.2.x86_64.rpm f5f376d22fe98cdb7ec542c9a917873a 2010.1/x86_64/lib64krb53-devel-1.8.1-5.3mdv2010.2.x86_64.rpm a2e5bcabf3633d6f32c214b03f1252eb 2010.1/SRPMS/krb5-1.8.1-5.3mdv2010.2.src.rpm Mandriva Enterprise Server 5: 9195a6f446623619ecca9433108b8ce2 mes5/i586/krb5-1.8.1-0.4mdvmes5.1.i586.rpm d0de4724705b78ebaccdc0f1e332bdc0 mes5/i586/krb5-pkinit-openssl-1.8.1-0.4mdvmes5.1.i586.rpm c573a00957ba2f5c9f813bf66d2639b6 mes5/i586/krb5-server-1.8.1-0.4mdvmes5.1.i586.rpm d8e5bb51f39680e0e034864f3c7ab389 mes5/i586/krb5-server-ldap-1.8.1-0.4mdvmes5.1.i586.rpm a6d37c289467daf9ec6be7386fd08804 mes5/i586/krb5-workstation-1.8.1-0.4mdvmes5.1.i586.rpm 5fe3268dc275b2255503b45b9dad1710 mes5/i586/libkrb53-1.8.1-0.4mdvmes5.1.i586.rpm 9fa6291f9bcf123e151743681c197e20 mes5/i586/libkrb53-devel-1.8.1-0.4mdvmes5.1.i586.rpm f3636ce525a3743da670335fad739b4d mes5/SRPMS/krb5-1.8.1-0.4mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: e8f92b4b8d9e80929bc40df9398e7407 mes5/x86_64/krb5-1.8.1-0.4mdvmes5.1.x86_64.rpm c7c9cc07256630ad3580ac8af6fd1731 mes5/x86_64/krb5-pkinit-openssl-1.8.1-0.4mdvmes5.1.x86_64.rpm da836bd502a81c68e486a59e0dc59576 mes5/x86_64/krb5-server-1.8.1-0.4mdvmes5.1.x86_64.rpm 1b4f41d239d1e17b460711961a4be093 mes5/x86_64/krb5-server-ldap-1.8.1-0.4mdvmes5.1.x86_64.rpm 0f63908285e6aba326b1af6b40456385 mes5/x86_64/krb5-workstation-1.8.1-0.4mdvmes5.1.x86_64.rpm a8d6ded793ecdfd542557a2ce625f212 mes5/x86_64/lib64krb53-1.8.1-0.4mdvmes5.1.x86_64.rpm 3ad9fe51b83ba903dd347aae73bd8e09 mes5/x86_64/lib64krb53-devel-1.8.1-0.4mdvmes5.1.x86_64.rpm f3636ce525a3743da670335fad739b4d mes5/SRPMS/krb5-1.8.1-0.4mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNUp/qmqjQ0CJFipgRAg0nAJwO+ObUmGm8k1KR4skSGzTYl8SYCACeIiio Qpo7J6nxtEPLAtCuOk53zwk= =TsGk -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/