-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:082 http://www.mandriva.com/security/ _______________________________________________________________________ Package : krb5 Date : March 30, 2009 Affected: 2008.0, 2008.1, 2009.0 _______________________________________________________________________ Problem Description: The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token (CVE-2009-0845). This update provides the fix for that security issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0845 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 5ce18c7f810209979b0d670c989fcdc2 2008.0/i586/ftp-client-krb5-1.6.2-7.2mdv2008.0.i586.rpm 6d58576196a55749c3bdd7157a2ba7e9 2008.0/i586/ftp-server-krb5-1.6.2-7.2mdv2008.0.i586.rpm 9b14295be74bcd2e8ca158703fe574af 2008.0/i586/krb5-1.6.2-7.2mdv2008.0.i586.rpm c6b9a9720d60df5fccb5811e7be1350a 2008.0/i586/krb5-server-1.6.2-7.2mdv2008.0.i586.rpm f0ab1b71b472dee0c7c7d9af32f9fe6e 2008.0/i586/krb5-workstation-1.6.2-7.2mdv2008.0.i586.rpm aec6870df99ff689b0e34e94878bd62e 2008.0/i586/libkrb53-1.6.2-7.2mdv2008.0.i586.rpm 5d3cc34a120ab4e0d5e796ef2cc85e02 2008.0/i586/libkrb53-devel-1.6.2-7.2mdv2008.0.i586.rpm 7efb86a61cd8ce6f16f1df14b05fb76f 2008.0/i586/telnet-client-krb5-1.6.2-7.2mdv2008.0.i586.rpm 5798de6ed5b7e418cc66e863c9d1c25d 2008.0/i586/telnet-server-krb5-1.6.2-7.2mdv2008.0.i586.rpm 4499bdc87bba4214f3a3e50675ad6ce1 2008.0/SRPMS/krb5-1.6.2-7.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: c258b4f264fa004e755c90c4ec03ecd5 2008.0/x86_64/ftp-client-krb5-1.6.2-7.2mdv2008.0.x86_64.rpm 6b2582771b5d8c46041b85451b8f70f4 2008.0/x86_64/ftp-server-krb5-1.6.2-7.2mdv2008.0.x86_64.rpm 0728d70f5053343781ee4d216e6080fa 2008.0/x86_64/krb5-1.6.2-7.2mdv2008.0.x86_64.rpm 08e7f28f6fd18c9cbe613d0785239390 2008.0/x86_64/krb5-server-1.6.2-7.2mdv2008.0.x86_64.rpm f03416152ba0487939fdbc23b60ee054 2008.0/x86_64/krb5-workstation-1.6.2-7.2mdv2008.0.x86_64.rpm fd5d56e93430c0a15ba87dd7950eed28 2008.0/x86_64/lib64krb53-1.6.2-7.2mdv2008.0.x86_64.rpm 3d34e20016be66d98601fa03652ab523 2008.0/x86_64/lib64krb53-devel-1.6.2-7.2mdv2008.0.x86_64.rpm cc07613f6e26f48701d8089a0f15056f 2008.0/x86_64/telnet-client-krb5-1.6.2-7.2mdv2008.0.x86_64.rpm fa8776c1c3a70b301434937f5ba60c9d 2008.0/x86_64/telnet-server-krb5-1.6.2-7.2mdv2008.0.x86_64.rpm 4499bdc87bba4214f3a3e50675ad6ce1 2008.0/SRPMS/krb5-1.6.2-7.2mdv2008.0.src.rpm Mandriva Linux 2008.1: 592aefb75780bf23b1b44f0a40b54da1 2008.1/i586/ftp-client-krb5-1.6.3-6.1mdv2008.1.i586.rpm b21e7612f59bec538c68eacb4688d384 2008.1/i586/ftp-server-krb5-1.6.3-6.1mdv2008.1.i586.rpm 7abf7a73566130cbfc0bd4d25eb4596e 2008.1/i586/krb5-1.6.3-6.1mdv2008.1.i586.rpm 78a7dfeb9dc53cfa7e3bbee6250696d2 2008.1/i586/krb5-server-1.6.3-6.1mdv2008.1.i586.rpm 5471b67366a10ab5de61acfe68d683b1 2008.1/i586/krb5-workstation-1.6.3-6.1mdv2008.1.i586.rpm 9004c8d03615552f687f6f31292fa57e 2008.1/i586/libkrb53-1.6.3-6.1mdv2008.1.i586.rpm 0c0fd6e1aeb4839503d7dda0a167de83 2008.1/i586/libkrb53-devel-1.6.3-6.1mdv2008.1.i586.rpm 1770b94a6e97336541cd72daa2196b01 2008.1/i586/telnet-client-krb5-1.6.3-6.1mdv2008.1.i586.rpm a8949f3aefe925ed5411198a7c7ec211 2008.1/i586/telnet-server-krb5-1.6.3-6.1mdv2008.1.i586.rpm 5d8ec12aeac32033ad66f977ea61f878 2008.1/SRPMS/krb5-1.6.3-6.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 229800b13b28dbd13b032e37032d9342 2008.1/x86_64/ftp-client-krb5-1.6.3-6.1mdv2008.1.x86_64.rpm 3aa80e2ce37b3d5892041314a37247f1 2008.1/x86_64/ftp-server-krb5-1.6.3-6.1mdv2008.1.x86_64.rpm d582b216c833e422b10a884c8b6e82a4 2008.1/x86_64/krb5-1.6.3-6.1mdv2008.1.x86_64.rpm a479750fc340e67888ce78b1774f26e1 2008.1/x86_64/krb5-server-1.6.3-6.1mdv2008.1.x86_64.rpm a457722a46fad670369250761c2747ad 2008.1/x86_64/krb5-workstation-1.6.3-6.1mdv2008.1.x86_64.rpm ce56dff13552bf9937577de0fa492f05 2008.1/x86_64/lib64krb53-1.6.3-6.1mdv2008.1.x86_64.rpm e804e47ddad22d93bc3d5e792097f77c 2008.1/x86_64/lib64krb53-devel-1.6.3-6.1mdv2008.1.x86_64.rpm 618aba8252aed6b011c7e25836242a1b 2008.1/x86_64/telnet-client-krb5-1.6.3-6.1mdv2008.1.x86_64.rpm acb8f57d05dff96485af9763684dead5 2008.1/x86_64/telnet-server-krb5-1.6.3-6.1mdv2008.1.x86_64.rpm 5d8ec12aeac32033ad66f977ea61f878 2008.1/SRPMS/krb5-1.6.3-6.1mdv2008.1.src.rpm Mandriva Linux 2009.0: d2cd9967a894064c2ff33e4c6970b296 2009.0/i586/ftp-client-krb5-1.6.3-6.1mdv2009.0.i586.rpm b476eddeae5bb76df6b5091a2efa6bc8 2009.0/i586/ftp-server-krb5-1.6.3-6.1mdv2009.0.i586.rpm 1c3cfae7f5472af3c74f11ed62024496 2009.0/i586/krb5-1.6.3-6.1mdv2009.0.i586.rpm cbbd5704c0bbc54d022d477185b70380 2009.0/i586/krb5-server-1.6.3-6.1mdv2009.0.i586.rpm 19bf11bf9967c1cdd62634cba5b11554 2009.0/i586/krb5-workstation-1.6.3-6.1mdv2009.0.i586.rpm e55d4e80433f89c4b6a4f44102ab1393 2009.0/i586/libkrb53-1.6.3-6.1mdv2009.0.i586.rpm 6c4aa5674b0a4e0994161a41259d6329 2009.0/i586/libkrb53-devel-1.6.3-6.1mdv2009.0.i586.rpm a12749b4bd1404fad9133e8be4a03092 2009.0/i586/telnet-client-krb5-1.6.3-6.1mdv2009.0.i586.rpm ee48a33cc0415e1f7b8baa62c309a5a0 2009.0/i586/telnet-server-krb5-1.6.3-6.1mdv2009.0.i586.rpm 6b3cb2c6eba23f22c4fa5d641e1d732a 2009.0/SRPMS/krb5-1.6.3-6.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 91674ae49f677de9a3668387298e55c8 2009.0/x86_64/ftp-client-krb5-1.6.3-6.1mdv2009.0.x86_64.rpm 340778bb02e00f90e76a8607d70da274 2009.0/x86_64/ftp-server-krb5-1.6.3-6.1mdv2009.0.x86_64.rpm 06e071f10e53fa4dc98584e83e99f250 2009.0/x86_64/krb5-1.6.3-6.1mdv2009.0.x86_64.rpm e1d71c1315d5c57372bb532849e99238 2009.0/x86_64/krb5-server-1.6.3-6.1mdv2009.0.x86_64.rpm 2c020178838c11639584e0cb78265d96 2009.0/x86_64/krb5-workstation-1.6.3-6.1mdv2009.0.x86_64.rpm f1ff13e8ff000a60a57702c4030eb782 2009.0/x86_64/lib64krb53-1.6.3-6.1mdv2009.0.x86_64.rpm bbd9d17d5c02468ce5e3dfe475a2daf0 2009.0/x86_64/lib64krb53-devel-1.6.3-6.1mdv2009.0.x86_64.rpm 71b14ba1165e4e792e7eaef511c83c14 2009.0/x86_64/telnet-client-krb5-1.6.3-6.1mdv2009.0.x86_64.rpm 17b7bd824ec891d873c5b80a36a6110e 2009.0/x86_64/telnet-server-krb5-1.6.3-6.1mdv2009.0.x86_64.rpm 6b3cb2c6eba23f22c4fa5d641e1d732a 2009.0/SRPMS/krb5-1.6.3-6.1mdv2009.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJ0LQpmqjQ0CJFipgRAk6vAKCQHY5us00M/4OiYtqtOlvsMF8jdwCgomXO +I/aQe7vTBMt+TwYLkWTFOQ= =OvhD -----END PGP SIGNATURE-----