<<< Date Index >>>     <<< Thread Index >>>

[ MDKSA-2007:077-1 ] - Updated krb5 packages fix vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                       MDKSA-2007:077-1
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : krb5
 Date    : April 10, 2007
 Affected: 2007.1
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability was found in the username handling of the MIT krb5
 telnet daemon.  A remote attacker that could access the telnet port
 of a target machine could login as root without requiring a password
 (CVE-2007-0956).
 
 Buffer overflows in the kadmin server daemon were discovered that could
 be exploited by a remote attacker able to access the KDC.  Successful
 exploitation could allow for the execution of arbitrary code with
 the privileges of the KDC or kadmin server processes (CVE-2007-0957).
 
 Finally, a double-free flaw was discovered in the GSSAPI library used
 by the kadmin server daemon, which could lead to a denial of service
 condition or the execution of arbitrary code with the privileges of
 the KDC or kadmin server processes (CVE-2007-1216).
 
 Updated packages have been patched to address this issue.

 Update:

 Packages for Mandriva Linux 2007.1 are now available.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216
 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-001-telnetd.txt
 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt
 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-003.txt
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.1:
 5eae0ebe3be9e580c1c19ee041c9d72f  
2007.1/i586/ftp-client-krb5-1.5.2-6.1mdv2007.1.i586.rpm
 83dd6a9c403f9ea3bc32a40a64c98fbf  
2007.1/i586/ftp-server-krb5-1.5.2-6.1mdv2007.1.i586.rpm
 7fc832a70c77923aeec52cd309ee9c6f  
2007.1/i586/krb5-server-1.5.2-6.1mdv2007.1.i586.rpm
 e54a01775aa24a1d9a08090b62b59a6c  
2007.1/i586/krb5-workstation-1.5.2-6.1mdv2007.1.i586.rpm
 cfeabf699713ff757eb646ab681a6acc  
2007.1/i586/libkrb53-1.5.2-6.1mdv2007.1.i586.rpm
 c3bf54b449ec81b27a7ca5a41dff9a7a  
2007.1/i586/libkrb53-devel-1.5.2-6.1mdv2007.1.i586.rpm
 801cd83b96ebcd8f3ca425543f1f63a5  
2007.1/i586/telnet-client-krb5-1.5.2-6.1mdv2007.1.i586.rpm
 0568ed507d58f76302071b197d9523cc  
2007.1/i586/telnet-server-krb5-1.5.2-6.1mdv2007.1.i586.rpm 
 5e774ba6ce43122995ac39c43164d092  2007.1/SRPMS/krb5-1.5.2-6.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 392287e6ad669fd9321a9de1c85796d8  
2007.1/x86_64/ftp-client-krb5-1.5.2-6.1mdv2007.1.x86_64.rpm
 68349333c7611dee78c814ea4fc2d9f2  
2007.1/x86_64/ftp-server-krb5-1.5.2-6.1mdv2007.1.x86_64.rpm
 a651024d2b42bc67033287e6795db6b5  
2007.1/x86_64/krb5-server-1.5.2-6.1mdv2007.1.x86_64.rpm
 28cd0236420330bb839b8e39ef2949c2  
2007.1/x86_64/krb5-workstation-1.5.2-6.1mdv2007.1.x86_64.rpm
 690eb27a9d90ab5319f70ea8f7326be4  
2007.1/x86_64/lib64krb53-1.5.2-6.1mdv2007.1.x86_64.rpm
 058d267b757c9ba63200e26f258100c3  
2007.1/x86_64/lib64krb53-devel-1.5.2-6.1mdv2007.1.x86_64.rpm
 d1bed5a3c84f0cc3e96d4760faa33477  
2007.1/x86_64/telnet-client-krb5-1.5.2-6.1mdv2007.1.x86_64.rpm
 ee1b6269c10f066d8fbd6ee2d0c2c818  
2007.1/x86_64/telnet-server-krb5-1.5.2-6.1mdv2007.1.x86_64.rpm 
 5e774ba6ce43122995ac39c43164d092  2007.1/SRPMS/krb5-1.5.2-6.1mdv2007.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGG7qamqjQ0CJFipgRAjfTAJ9K1VRtkQ2skYjvi7naSjK9eutG7QCePO6q
2lqHNQT39QthWcVG2K4h5cY=
=0Xpg
-----END PGP SIGNATURE-----