OVMSA-2016-0039

OVMSA-2016-0039 - krb5 security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2016-03-22

Description

[1.10.3-42z1]
- Fix CVE-2015-8629 and CVE-2015-8631
- Also fix a spec trigger issue that prevents building
- Resolves: #1306973

[1.10.3-42]
- fix for RH bug #1210704 ('Remove stray include in krb5's
localauth_plugin.h'). This unnecessary #include statement
was causing build failures on some systems by making libkrb5
sources depend on gssapi.h (and as result to libcom_err,
too).

[1.10.3-41]
- fix for CVE-2014-5353 (#1174543) 'Fix LDAP misused policy
name crash'

[1.10.3-40]
- fix for CVE-2014-5355 (#1193939) 'krb5: unauthenticated
denial of service in recvauth_common() and others'

[1.10.3-39]
- Backout patch #137 for krbdev #7996 ('Simplify and improve
ksu cred verification' - see 1.10.3-36) for now until we
figure out how to get this working.

[1.10.3-38]
- Backported krbdev #7868 ('Use preauth options when changing
password') from krb-1.13 to fix RH bug #1075656 ('krb5
client ignores FAST settings for changepw requests'):
If we try to change the password in
|rb5_get_init_creds_password()|, we must use all
application-specified gic options which affect
preauthentication when getting the kadmin/changepw ticket.
Create a helper function |make_chpw_options()| which copies
the application's options, unsets the options we don't want,
and sets options appropriate for a temporary ticket.

Related CVEs

CVE-2015-8629

CVE-2015-8631

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory
Oracle VM 3.3 (x86_64)	krb5-1.10.3-42z1.el6_7.src.rpm	510903b52b9d11a371a4c4317351d00d	-
	krb5-libs-1.10.3-42z1.el6_7.x86_64.rpm	55b3b0985bfd81f091646f28c64a097f	-
Oracle VM 3.4 (x86_64)	krb5-1.10.3-42z1.el6_7.src.rpm	510903b52b9d11a371a4c4317351d00d	-
	krb5-libs-1.10.3-42z1.el6_7.x86_64.rpm	55b3b0985bfd81f091646f28c64a097f	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team