OVMSA-2016-0039 - krb5 security update
Type: | SECURITY |
Severity: | MODERATE |
Release Date: | 2016-03-22 |
Description
[1.10.3-42z1]
- Fix CVE-2015-8629 and CVE-2015-8631
- Also fix a spec trigger issue that prevents building
- Resolves: #1306973
[1.10.3-42]
- fix for RH bug #1210704 ('Remove stray include in krb5's
localauth_plugin.h'). This unnecessary #include statement
was causing build failures on some systems by making libkrb5
sources depend on gssapi.h (and as result to libcom_err,
too).
[1.10.3-41]
- fix for CVE-2014-5353 (#1174543) 'Fix LDAP misused policy
name crash'
[1.10.3-40]
- fix for CVE-2014-5355 (#1193939) 'krb5: unauthenticated
denial of service in recvauth_common() and others'
[1.10.3-39]
- Backout patch #137 for krbdev #7996 ('Simplify and improve
ksu cred verification' - see 1.10.3-36) for now until we
figure out how to get this working.
[1.10.3-38]
- Backported krbdev #7868 ('Use preauth options when changing
password') from krb-1.13 to fix RH bug #1075656 ('krb5
client ignores FAST settings for changepw requests'):
If we try to change the password in
|rb5_get_init_creds_password()|, we must use all
application-specified gic options which affect
preauthentication when getting the kadmin/changepw ticket.
Create a helper function |make_chpw_options()| which copies
the application's options, unsets the options we don't want,
and sets options appropriate for a temporary ticket.
Related CVEs
Updated Packages
Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
Oracle VM 3.3 (x86_64) | krb5-1.10.3-42z1.el6_7.src.rpm | 510903b52b9d11a371a4c4317351d00d | - |
| krb5-libs-1.10.3-42z1.el6_7.x86_64.rpm | 55b3b0985bfd81f091646f28c64a097f | - |
|
Oracle VM 3.4 (x86_64) | krb5-1.10.3-42z1.el6_7.src.rpm | 510903b52b9d11a371a4c4317351d00d | - |
| krb5-libs-1.10.3-42z1.el6_7.x86_64.rpm | 55b3b0985bfd81f091646f28c64a097f | - |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team