-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:098 http://www.mandriva.com/security/ _______________________________________________________________________ Package : krb5 Date : April 27, 2009 Affected: 2008.1, 2009.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in krb5: The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read (CVE-2009-0844). The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer (CVE-2009-0846). The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic (CVE-2009-0847). The updated packages have been patched to correct these issues. Update: krb5 packages for Mandriva Linux Corporate Server 3 and 4 are not affected by CVE-2009-0844 and CVE-2009-0845 _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0847 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 8fd37c3b7905d709149e949341a1cef5 2008.1/i586/ftp-client-krb5-1.6.3-6.2mdv2008.1.i586.rpm 5bfecf2eea4e760cabb8fabb99c2319e 2008.1/i586/ftp-server-krb5-1.6.3-6.2mdv2008.1.i586.rpm 2d93da6ed6fa398a4757f054036d5631 2008.1/i586/krb5-1.6.3-6.2mdv2008.1.i586.rpm 32bab4463f4e90f86b5793dc39c44100 2008.1/i586/krb5-server-1.6.3-6.2mdv2008.1.i586.rpm a1530d87332a48cf90e3e52489cebc8a 2008.1/i586/krb5-workstation-1.6.3-6.2mdv2008.1.i586.rpm 7df9ee6615eda87dc94fdc9bf6425b2e 2008.1/i586/libkrb53-1.6.3-6.2mdv2008.1.i586.rpm cf9e0fd5e84e427970aa625b30feb2b4 2008.1/i586/libkrb53-devel-1.6.3-6.2mdv2008.1.i586.rpm 677e51076cec19f129ef56f1cdab8f03 2008.1/i586/telnet-client-krb5-1.6.3-6.2mdv2008.1.i586.rpm 619cb1d107395184eb8affbd0901b189 2008.1/i586/telnet-server-krb5-1.6.3-6.2mdv2008.1.i586.rpm 177a17eaba5c495a99e5db26251dba08 2008.1/SRPMS/krb5-1.6.3-6.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 1679393718e45595011f6b3c55058403 2008.1/x86_64/ftp-client-krb5-1.6.3-6.2mdv2008.1.x86_64.rpm ab83a1b935d84dfb3ed167567286ef44 2008.1/x86_64/ftp-server-krb5-1.6.3-6.2mdv2008.1.x86_64.rpm 5d8c9714a0662f703ce64e2d3ffec248 2008.1/x86_64/krb5-1.6.3-6.2mdv2008.1.x86_64.rpm 564fcc2fa623f51ec0d49db3933002c6 2008.1/x86_64/krb5-server-1.6.3-6.2mdv2008.1.x86_64.rpm 1a6900fa4b8945bac082a655282730ce 2008.1/x86_64/krb5-workstation-1.6.3-6.2mdv2008.1.x86_64.rpm 786d21d01c4605cca4dcc49a644f46cb 2008.1/x86_64/lib64krb53-1.6.3-6.2mdv2008.1.x86_64.rpm efc04ec60d2765f6d988011ab3407472 2008.1/x86_64/lib64krb53-devel-1.6.3-6.2mdv2008.1.x86_64.rpm 0b2818f503dd4aa22688c868b51f1228 2008.1/x86_64/telnet-client-krb5-1.6.3-6.2mdv2008.1.x86_64.rpm 112d154ca517a31fd2a4fa467d5d4e3c 2008.1/x86_64/telnet-server-krb5-1.6.3-6.2mdv2008.1.x86_64.rpm 177a17eaba5c495a99e5db26251dba08 2008.1/SRPMS/krb5-1.6.3-6.2mdv2008.1.src.rpm Mandriva Linux 2009.0: c2cda7b765baa64dbb0f1a7b976a1591 2009.0/i586/ftp-client-krb5-1.6.3-6.2mdv2009.0.i586.rpm 1dda8aa526a297dbc9038f280fa6883c 2009.0/i586/ftp-server-krb5-1.6.3-6.2mdv2009.0.i586.rpm c8ad63842e6e8be0b4a5b5d21e458391 2009.0/i586/krb5-1.6.3-6.2mdv2009.0.i586.rpm bee377a64972f0fcb0b2d31e1d286385 2009.0/i586/krb5-server-1.6.3-6.2mdv2009.0.i586.rpm a83c03666c857e0c88a863dbf15ae526 2009.0/i586/krb5-workstation-1.6.3-6.2mdv2009.0.i586.rpm 17a89f6840ec8f2a60941fec75fba00b 2009.0/i586/libkrb53-1.6.3-6.2mdv2009.0.i586.rpm 4977c8d2353b28501d671b66b44e4133 2009.0/i586/libkrb53-devel-1.6.3-6.2mdv2009.0.i586.rpm cdeef84c6cde6ddf8912718a88e66bf4 2009.0/i586/telnet-client-krb5-1.6.3-6.2mdv2009.0.i586.rpm 1e4906e2d74331a38e29b6b04a0ea8ba 2009.0/i586/telnet-server-krb5-1.6.3-6.2mdv2009.0.i586.rpm 4ad1f1a599a545334c80d9759def48ed 2009.0/SRPMS/krb5-1.6.3-6.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: fdc1779a9c4c7bc31880435fa8afbbb5 2009.0/x86_64/ftp-client-krb5-1.6.3-6.2mdv2009.0.x86_64.rpm ccbde6246adfa07175b5cf2da9809d81 2009.0/x86_64/ftp-server-krb5-1.6.3-6.2mdv2009.0.x86_64.rpm 17662205327ac45a9fcc6ab270a8ef4f 2009.0/x86_64/krb5-1.6.3-6.2mdv2009.0.x86_64.rpm b19fb986950c065345a28e9b8a444ab4 2009.0/x86_64/krb5-server-1.6.3-6.2mdv2009.0.x86_64.rpm a2bba1358dfdfc458782357d805a566b 2009.0/x86_64/krb5-workstation-1.6.3-6.2mdv2009.0.x86_64.rpm 72a6f9be1607868e5d7c10ec8a7d2295 2009.0/x86_64/lib64krb53-1.6.3-6.2mdv2009.0.x86_64.rpm 7956f8bca30bbd637422189606b41e3a 2009.0/x86_64/lib64krb53-devel-1.6.3-6.2mdv2009.0.x86_64.rpm 34b741d881ef3b12905a9d624f4fc901 2009.0/x86_64/telnet-client-krb5-1.6.3-6.2mdv2009.0.x86_64.rpm 59d905047019f89cdd0a04e3bfe0ab14 2009.0/x86_64/telnet-server-krb5-1.6.3-6.2mdv2009.0.x86_64.rpm 4ad1f1a599a545334c80d9759def48ed 2009.0/SRPMS/krb5-1.6.3-6.2mdv2009.0.src.rpm Corporate 3.0: 304218624241e5ce340f6c20534edaac corporate/3.0/i586/ftp-client-krb5-1.3-6.11.C30mdk.i586.rpm 4b2ced385b76878b5eeca08d68cf8741 corporate/3.0/i586/ftp-server-krb5-1.3-6.11.C30mdk.i586.rpm e652820a091fcb438ae0cc973e579dfa corporate/3.0/i586/krb5-server-1.3-6.11.C30mdk.i586.rpm c8136e55b22095692d3de5266e742ec1 corporate/3.0/i586/krb5-workstation-1.3-6.11.C30mdk.i586.rpm 75ef8ea188a73d9c0da28987ba42aa8d corporate/3.0/i586/libkrb51-1.3-6.11.C30mdk.i586.rpm 023862f9970d739299d9653b31d164c2 corporate/3.0/i586/libkrb51-devel-1.3-6.11.C30mdk.i586.rpm c30c68b3c4726e37e010ca816cefe2a7 corporate/3.0/i586/telnet-client-krb5-1.3-6.11.C30mdk.i586.rpm ffd71b666478d27ccc1fc06ad5175a8b corporate/3.0/i586/telnet-server-krb5-1.3-6.11.C30mdk.i586.rpm 4458f2259fef080bbece26f0235f1418 corporate/3.0/SRPMS/krb5-1.3-6.11.C30mdk.src.rpm Corporate 3.0/X86_64: d981c4f2a7925adb6feff0c252f00626 corporate/3.0/x86_64/ftp-client-krb5-1.3-6.11.C30mdk.x86_64.rpm f59125ae3c7d1efa7151c5c8a86a1476 corporate/3.0/x86_64/ftp-server-krb5-1.3-6.11.C30mdk.x86_64.rpm b17ece09b31395a413ae5eeeb5bd32a6 corporate/3.0/x86_64/krb5-server-1.3-6.11.C30mdk.x86_64.rpm fc0b7f2fb95220c1607a72f5c25a45c3 corporate/3.0/x86_64/krb5-workstation-1.3-6.11.C30mdk.x86_64.rpm 156b5df78ec1239559e8720299f679e7 corporate/3.0/x86_64/lib64krb51-1.3-6.11.C30mdk.x86_64.rpm 4635489e850e52abca2df6db7d4a5ebc corporate/3.0/x86_64/lib64krb51-devel-1.3-6.11.C30mdk.x86_64.rpm 49806cab645a6a1d596f5b5a1cedd96c corporate/3.0/x86_64/telnet-client-krb5-1.3-6.11.C30mdk.x86_64.rpm 38fdcdf20d4ef0243fb6dbfe6a7780d5 corporate/3.0/x86_64/telnet-server-krb5-1.3-6.11.C30mdk.x86_64.rpm 4458f2259fef080bbece26f0235f1418 corporate/3.0/SRPMS/krb5-1.3-6.11.C30mdk.src.rpm Corporate 4.0: ab3ccbb8ce757efec2db8132432ae11f corporate/4.0/i586/ftp-client-krb5-1.4.3-5.7.20060mlcs4.i586.rpm 275e178b54b246c15ed10dc723e1920d corporate/4.0/i586/ftp-server-krb5-1.4.3-5.7.20060mlcs4.i586.rpm 7d3baabbf55efbebdef4357d46d350de corporate/4.0/i586/krb5-server-1.4.3-5.7.20060mlcs4.i586.rpm 0ae5311265df889ac567e0100a518eb6 corporate/4.0/i586/krb5-workstation-1.4.3-5.7.20060mlcs4.i586.rpm 70c681507015a10de964bf024abc9654 corporate/4.0/i586/libkrb53-1.4.3-5.7.20060mlcs4.i586.rpm c3d01b1057490701edf645168ec0f0eb corporate/4.0/i586/libkrb53-devel-1.4.3-5.7.20060mlcs4.i586.rpm e8e983e847571dfed35669719abf39be corporate/4.0/i586/telnet-client-krb5-1.4.3-5.7.20060mlcs4.i586.rpm acc59a77acfd6ed95e29bdd1e99f3795 corporate/4.0/i586/telnet-server-krb5-1.4.3-5.7.20060mlcs4.i586.rpm a4c146bd8c32f15d0997a72b7a90e944 corporate/4.0/SRPMS/krb5-1.4.3-5.7.20060mlcs4.src.rpm Corporate 4.0/X86_64: 62bbdd34df62287729d1b14ec2ab4d73 corporate/4.0/x86_64/ftp-client-krb5-1.4.3-5.7.20060mlcs4.x86_64.rpm 1e948554c70318ce09d4b6392e7b931d corporate/4.0/x86_64/ftp-server-krb5-1.4.3-5.7.20060mlcs4.x86_64.rpm bceebd8909400563345b2d282c3b4baf corporate/4.0/x86_64/krb5-server-1.4.3-5.7.20060mlcs4.x86_64.rpm 579beed3249c720a8421a7706d718783 corporate/4.0/x86_64/krb5-workstation-1.4.3-5.7.20060mlcs4.x86_64.rpm 417e35f8f3954181367dca4ee82b5580 corporate/4.0/x86_64/lib64krb53-1.4.3-5.7.20060mlcs4.x86_64.rpm 74fdeb37faf6cba35cc0b071166d08cb corporate/4.0/x86_64/lib64krb53-devel-1.4.3-5.7.20060mlcs4.x86_64.rpm 9e0a1ba777a7229ab71ffdb58bea6a88 corporate/4.0/x86_64/telnet-client-krb5-1.4.3-5.7.20060mlcs4.x86_64.rpm e6c8b6748465b44bed26cc9913f0bc34 corporate/4.0/x86_64/telnet-server-krb5-1.4.3-5.7.20060mlcs4.x86_64.rpm a4c146bd8c32f15d0997a72b7a90e944 corporate/4.0/SRPMS/krb5-1.4.3-5.7.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJ9a0ZmqjQ0CJFipgRAmKGAJ9/gvDEmpyKrpEICEb2TZ/A8JGjTwCgmGxz A8MpLcIJtfquCFfmrU5PlZQ= =6HOC -----END PGP SIGNATURE-----