ELSA-2013-0656

ELSA-2013-0656 - krb5 security update

Type:SECURITY
Severity:MODERATE
Release Date:2013-03-18

Description


[1.10.3-10.1]
- incorporate upstream patch to fix a NULL pointer dereference when the client
supplies an otherwise-normal-looking PKINIT request (CVE-2013-1415, #917909)
- add patch to avoid dereferencing a NULL pointer in the KDC when handling a
draft9 PKINIT request (#917909, CVE-2012-1016)


Related CVEs


CVE-2012-1016
CVE-2013-1415

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 6 (i386) krb5-1.10.3-10.el6_4.1.src.rpmb65c518e0af3dd3c78ddd02a61a84f12ELSA-2016-0493
krb5-devel-1.10.3-10.el6_4.1.i686.rpm842467afcd01aeca922fa36c77a0cbfdELSA-2016-0493
krb5-libs-1.10.3-10.el6_4.1.i686.rpm130a12bec1b459938c40104cf7ec1b8eELSA-2016-0493
krb5-pkinit-openssl-1.10.3-10.el6_4.1.i686.rpm789b9494455b1e737f974a8b652ffd0dELSA-2016-0493
krb5-server-1.10.3-10.el6_4.1.i686.rpm1014713d760dbe27ec544a55bf489dc1ELSA-2016-0493
krb5-server-ldap-1.10.3-10.el6_4.1.i686.rpm97a03565016b5302b968c8f71191ba41ELSA-2016-0493
krb5-workstation-1.10.3-10.el6_4.1.i686.rpm48079bb8cb168603ea40b63d2f766093ELSA-2016-0493
Oracle Linux 6 (x86_64) krb5-1.10.3-10.el6_4.1.src.rpmb65c518e0af3dd3c78ddd02a61a84f12ELSA-2016-0493
krb5-devel-1.10.3-10.el6_4.1.i686.rpm842467afcd01aeca922fa36c77a0cbfdELSA-2016-0493
krb5-devel-1.10.3-10.el6_4.1.x86_64.rpm3984ffa796f1e97b54117f1a5a44d162ELSA-2016-0493
krb5-libs-1.10.3-10.el6_4.1.i686.rpm130a12bec1b459938c40104cf7ec1b8eELSA-2016-0493
krb5-libs-1.10.3-10.el6_4.1.x86_64.rpmd3dc8a67591cfa8edac2338655ebdcecELSA-2016-0493
krb5-pkinit-openssl-1.10.3-10.el6_4.1.x86_64.rpmee331cd4fc1d8816203838137dd3f339ELSA-2016-0493
krb5-server-1.10.3-10.el6_4.1.x86_64.rpm11973f9322bb04762c155a799d051b91ELSA-2016-0493
krb5-server-ldap-1.10.3-10.el6_4.1.i686.rpm97a03565016b5302b968c8f71191ba41ELSA-2016-0493
krb5-server-ldap-1.10.3-10.el6_4.1.x86_64.rpm008255c3f96192af50cd668843bd7823ELSA-2016-0493
krb5-workstation-1.10.3-10.el6_4.1.x86_64.rpm573ea3418eff08cfddaaf273dfb9e457ELSA-2016-0493



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete