ELSA-2010-0258 - pam_krb5 security and bug fix update
| Type: | SECURITY |
| Severity: | LOW |
| Release Date: | 2010-04-05 |
Description
[2.2.14-15]
- update backport for selecting which key to use for validation so that it
prefers services with the local host name as the instance, from HEAD (more
of #450776)
[2.2.14-14]
- backport the 'multiple_ccaches' option from HEAD, requiring that it
be enabled to not immediately remove an old ccache when asked to create
a new one (#463417)
[2.2.14-13]
- add patch to add the 'chpw_prompt' option, to allow the older behavior
of attempting a password-change during authentication if libkrb5 detects
an expired password, based on patch from Olivier Fourdan (#509092)
[2.2.14-12]
- dont vary the password prompt depending on whether or not the user exists
or is known to the KDC (CVE-2009-1384, #505265)
- prefer using the 'host' service when verifying that a TGT isnt forged,
from HEAD (#450776)
[2.2.14-11]
- dont enforce minimum_uid when no_user_check is also used, from
HEAD (#490404)
- dont try to get password-changing creds with all of the flags set
that we would request for a TGT (#489015)
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
| Oracle Linux 5 (i386) | pam_krb5-2.2.14-15.src.rpm | 962c4a690453bb5a982e3944872e2b40 | - |
| pam_krb5-2.2.14-15.i386.rpm | 96f82f24c0301e24e3ae95c42718ead5 | - |
|
| Oracle Linux 5 (ia64) | pam_krb5-2.2.14-15.src.rpm | 962c4a690453bb5a982e3944872e2b40 | - |
| pam_krb5-2.2.14-15.i386.rpm | 96f82f24c0301e24e3ae95c42718ead5 | - |
| pam_krb5-2.2.14-15.ia64.rpm | ef264307c98312f3529f72f63efa9d0e | - |
|
| Oracle Linux 5 (x86_64) | pam_krb5-2.2.14-15.src.rpm | 962c4a690453bb5a982e3944872e2b40 | - |
| pam_krb5-2.2.14-15.i386.rpm | 96f82f24c0301e24e3ae95c42718ead5 | - |
| pam_krb5-2.2.14-15.x86_64.rpm | fa44c579749a50a0bcf08c1edaf3773d | - |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
