ELSA-2014-1245

ULN >
Oracle Linux Errata repository >
ELSA-2014-1245

ELSA-2014-1245 - krb5 security and bug fix update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2014-09-17

Description

[1.6.1-78.el5]
- gssapi: pull in upstream fix for a possible NULL dereference in spnego
(CVE-2014-4344, #1121509)

[1.6.1-77.el5]
- fix what appears to be a cosmetic error in the patch for self-tests
for CVE-2014-4341

[1.6.1-76.el5]
- run the backported self-tests, such as they are, for CVE-2014-4341

[1.6.1-75.el5]
- pull in backported fix for denial of service by injection of malformed
GSSAPI tokens (CVE-2014-4341, #1121509)

[1.6.1-74.el5]
- add patch based on one from Filip Krska to not call poll() with a negative
timeout when the caller's intent is for us to just stop calling it (#1089732)

[1.6.1-73.el5]
- incorporate backported upstream patch for remote crash of KDCs which serve
multiple realms simultaneously (RT#7756, CVE-2013-1418/CVE-2013-6800,

[1.6.1-72.el5]
- add part-backported fix to avoid possible use-after-free when encrypting
delegated creds (Jatin Nansi, #1004632)

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 5 (i386)	krb5-1.6.1-78.el5.src.rpm	900820d08e8a4ba83b9fd4aae80f3299	ELSA-2014-1255
	krb5-devel-1.6.1-78.el5.i386.rpm	a2a7f7af2f6df9b5aa386435587f0b4c	ELSA-2014-1255
	krb5-libs-1.6.1-78.el5.i386.rpm	134b9d106cc39f3d929f41ffd5a1fab3	ELSA-2014-1255
	krb5-server-1.6.1-78.el5.i386.rpm	0f339e483ac0a05d1a6c28bfea791167	ELSA-2014-1255
	krb5-server-ldap-1.6.1-78.el5.i386.rpm	5281b66300cc5b6f3b4740eba62f2f47	ELSA-2014-1255
	krb5-workstation-1.6.1-78.el5.i386.rpm	25fe76fc152020c043613041a9644448	ELSA-2014-1255

Oracle Linux 5 (ia64)	krb5-1.6.1-78.el5.src.rpm	900820d08e8a4ba83b9fd4aae80f3299	ELSA-2014-1255
	krb5-devel-1.6.1-78.el5.ia64.rpm	dcff7eb95d2ed096472e6165186b16ac	ELSA-2014-1255
	krb5-libs-1.6.1-78.el5.i386.rpm	134b9d106cc39f3d929f41ffd5a1fab3	ELSA-2014-1255
	krb5-libs-1.6.1-78.el5.ia64.rpm	3fede9815473b907b128ab88a2775d3e	ELSA-2014-1255
	krb5-server-1.6.1-78.el5.ia64.rpm	3d3f3e76fdcc5342a90eee4762b9b711	ELSA-2014-1255
	krb5-server-ldap-1.6.1-78.el5.ia64.rpm	8290b6d37d70b098994fe43f21aed630	ELSA-2014-1255
	krb5-workstation-1.6.1-78.el5.ia64.rpm	13083cd3f213ee9a23486d864ec4273e	ELSA-2014-1255

Oracle Linux 5 (x86_64)	krb5-1.6.1-78.el5.src.rpm	900820d08e8a4ba83b9fd4aae80f3299	ELSA-2014-1255
	krb5-devel-1.6.1-78.el5.i386.rpm	a2a7f7af2f6df9b5aa386435587f0b4c	ELSA-2014-1255
	krb5-devel-1.6.1-78.el5.x86_64.rpm	1411877d78b0a1f949020c2c3cb9c36c	ELSA-2014-1255
	krb5-libs-1.6.1-78.el5.i386.rpm	134b9d106cc39f3d929f41ffd5a1fab3	ELSA-2014-1255
	krb5-libs-1.6.1-78.el5.x86_64.rpm	798b2f203219b3c3f42cf6e170d7d762	ELSA-2014-1255
	krb5-server-1.6.1-78.el5.x86_64.rpm	a23efd2c6af6b1bae7a2d9a2dd6deb60	ELSA-2014-1255
	krb5-server-ldap-1.6.1-78.el5.x86_64.rpm	9203bebf57afafe4d41e886a7adbacdb	ELSA-2014-1255
	krb5-workstation-1.6.1-78.el5.x86_64.rpm	ab81c3324ef8443695a61d479876949d	ELSA-2014-1255

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691