ELSA-2014-1245

ELSA-2014-1245 - krb5 security and bug fix update

Type:SECURITY
Severity:MODERATE
Release Date:2014-09-17

Description


[1.6.1-78.el5]
- gssapi: pull in upstream fix for a possible NULL dereference in spnego
(CVE-2014-4344, #1121509)

[1.6.1-77.el5]
- fix what appears to be a cosmetic error in the patch for self-tests
for CVE-2014-4341

[1.6.1-76.el5]
- run the backported self-tests, such as they are, for CVE-2014-4341

[1.6.1-75.el5]
- pull in backported fix for denial of service by injection of malformed
GSSAPI tokens (CVE-2014-4341, #1121509)

[1.6.1-74.el5]
- add patch based on one from Filip Krska to not call poll() with a negative
timeout when the caller's intent is for us to just stop calling it (#1089732)

[1.6.1-73.el5]
- incorporate backported upstream patch for remote crash of KDCs which serve
multiple realms simultaneously (RT#7756, CVE-2013-1418/CVE-2013-6800,

[1.6.1-72.el5]
- add part-backported fix to avoid possible use-after-free when encrypting
delegated creds (Jatin Nansi, #1004632)


Related CVEs


CVE-2013-1418
CVE-2013-6800
CVE-2014-4341
CVE-2014-4344

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 5 (i386) krb5-1.6.1-78.el5.src.rpm900820d08e8a4ba83b9fd4aae80f3299ELSA-2014-1255
krb5-devel-1.6.1-78.el5.i386.rpma2a7f7af2f6df9b5aa386435587f0b4cELSA-2014-1255
krb5-libs-1.6.1-78.el5.i386.rpm134b9d106cc39f3d929f41ffd5a1fab3ELSA-2014-1255
krb5-server-1.6.1-78.el5.i386.rpm0f339e483ac0a05d1a6c28bfea791167ELSA-2014-1255
krb5-server-ldap-1.6.1-78.el5.i386.rpm5281b66300cc5b6f3b4740eba62f2f47ELSA-2014-1255
krb5-workstation-1.6.1-78.el5.i386.rpm25fe76fc152020c043613041a9644448ELSA-2014-1255
Oracle Linux 5 (ia64) krb5-1.6.1-78.el5.src.rpm900820d08e8a4ba83b9fd4aae80f3299ELSA-2014-1255
krb5-devel-1.6.1-78.el5.ia64.rpmdcff7eb95d2ed096472e6165186b16acELSA-2014-1255
krb5-libs-1.6.1-78.el5.i386.rpm134b9d106cc39f3d929f41ffd5a1fab3ELSA-2014-1255
krb5-libs-1.6.1-78.el5.ia64.rpm3fede9815473b907b128ab88a2775d3eELSA-2014-1255
krb5-server-1.6.1-78.el5.ia64.rpm3d3f3e76fdcc5342a90eee4762b9b711ELSA-2014-1255
krb5-server-ldap-1.6.1-78.el5.ia64.rpm8290b6d37d70b098994fe43f21aed630ELSA-2014-1255
krb5-workstation-1.6.1-78.el5.ia64.rpm13083cd3f213ee9a23486d864ec4273eELSA-2014-1255
Oracle Linux 5 (x86_64) krb5-1.6.1-78.el5.src.rpm900820d08e8a4ba83b9fd4aae80f3299ELSA-2014-1255
krb5-devel-1.6.1-78.el5.i386.rpma2a7f7af2f6df9b5aa386435587f0b4cELSA-2014-1255
krb5-devel-1.6.1-78.el5.x86_64.rpm1411877d78b0a1f949020c2c3cb9c36cELSA-2014-1255
krb5-libs-1.6.1-78.el5.i386.rpm134b9d106cc39f3d929f41ffd5a1fab3ELSA-2014-1255
krb5-libs-1.6.1-78.el5.x86_64.rpm798b2f203219b3c3f42cf6e170d7d762ELSA-2014-1255
krb5-server-1.6.1-78.el5.x86_64.rpma23efd2c6af6b1bae7a2d9a2dd6deb60ELSA-2014-1255
krb5-server-ldap-1.6.1-78.el5.x86_64.rpm9203bebf57afafe4d41e886a7adbacdbELSA-2014-1255
krb5-workstation-1.6.1-78.el5.x86_64.rpmab81c3324ef8443695a61d479876949dELSA-2014-1255



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete