Otklonjeni su višestruki sigurnosni nedostaci otkriveni u radu programskog paketa krb5. Spomenute ranjivosti udaljeni napadač može iskoristiti za DoS napad ili eventualno pokretanje proizvoljnog programskog koda.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-8784
2012-06-02 23:24:45
--------------------------------------------------------------------------------

Name        : krb5
Product     : Fedora 17
Version     : 1.10
Release     : 7.fc17
URL         : http://web.mit.edu/kerberos/www/
Summary     : The Kerberos network authentication system
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of sending passwords over the network in unencrypted form.

--------------------------------------------------------------------------------
Update Information:

This update incorporates the upstream fix to correct a possible NULL pointer
dereference in kadmind (CVE-2012-1013).
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun  1 2012 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.10-7
- pull up the patch to correct a possible NULL pointer dereference in
  kadmind (CVE-2012-1013, #827598)
* Mon May  7 2012 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- skip the setfscreatecon() if fopen() is passed "rb" as the open mode (part
  of #819115)
* Tue Mar 20 2012 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.10-6
- change back dns_lookup_kdc to the default setting (Stef Walter, #805318)
- comment out example.com examples in default krb5.conf (Stef Walter, #805320)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #827517 - CVE-2012-1013 krb5: kadmind denial of service
        https://bugzilla.redhat.com/show_bug.cgi?id=827517
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update krb5' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-8803
2012-06-02 23:25:54
--------------------------------------------------------------------------------

Name        : krb5
Product     : Fedora 16
Version     : 1.9.3
Release     : 2.fc16
URL         : http://web.mit.edu/kerberos/www/
Summary     : The Kerberos network authentication system
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.

--------------------------------------------------------------------------------
Update Information:

This update incorporates the upstream fix to correct a possible NULL pointer
dereference in kadmind (CVE-2012-1013).
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun  1 2012 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.3-2
- pull up the patch to correct a possible NULL pointer dereference in
  kadmind (CVE-2012-1013, #827598)
* Mon May  7 2012 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- skip the setfscreatecon() if fopen() is passed "rb" as the open mode (part
  of #819115)
* Thu Mar  8 2012 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.3-1
- update to 1.9.3
  - drop patch for CVE-2011-1530, incorporated upstream
  - drop patch for #756139, incorporated into 1.9 as RT#7007
- when removing -workstation, remove our files from the info index while
  the file is still there, in %preun, rather than %postun, and use the
  compressed file's name (#801035)
* Mon Jan 30 2012 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.2-6
- add patch to accept keytab entries with vno==0 as matches when we're
  searching for an entry with a specific name/kvno (#230382/#782211,RT#3349)
* Tue Dec 13 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.2-5
- backport patch for RT#7046: tag a ccache containing credentials obtained via
  S4U2Proxy with the principal name of the proxying principal (part of #761317)
  so that the default principal name can be set to that of the client for which
  it is proxying, which results in the ccache looking more normal to consumers
  of the ccache that don't care that there's proxying going on
- pull in patch for RT#7047: allow tickets obtained via S4U2Proxy to be cached
  (more of #761317)
- backport patch for RT#7048: allow PAC verification to only bother trying to
  verify the signature with keys that it's given (still more of #761317)
* Tue Dec  6 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.2-4
- apply upstream patch to fix a null pointer dereference when processing
  TGS requests (CVE-2011-1530, #753748)
* Wed Nov 30 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.2-3
- correct a bug in the fix for #754001 so that the file creation context is
  consistently reset
* Tue Nov 22 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.2-2
- pull patch from trunk so that when computing an HMAC, we don't assume that
  the HMAC output size is the same as the input key length (RT#6994, #756139)
* Tue Nov 15 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.2-1
- update to 1.9.2, incorporating the recent security update and some of the
  things we were previously backporting, among other fixes
* Tue Nov 15 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.1-19
- selinux: reset the creation context properly after expunging replay caches
  if they were previously set to the default value (#754001)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #827517 - CVE-2012-1013 krb5: kadmind denial of service
        https://bugzilla.redhat.com/show_bug.cgi?id=827517
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update krb5' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-8805
2012-06-02 23:26:01
--------------------------------------------------------------------------------

Name        : krb5
Product     : Fedora 15
Version     : 1.9.3
Release     : 2.fc15
URL         : http://web.mit.edu/kerberos/www/
Summary     : The Kerberos network authentication system
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.

--------------------------------------------------------------------------------
Update Information:

This update incorporates the upstream fix to correct a possible NULL pointer
dereference in kadmind (CVE-2012-1013).
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun  1 2012 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.3-2
- pull up the patch to correct a possible NULL pointer dereference in
  kadmind (CVE-2012-1013, #827598)
* Thu Mar  8 2012 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.3-1
- update to 1.9.3
  - drop patch for CVE-2011-1530, incorporated upstream
  - drop patch for #756139, incorporated into 1.9 as RT#7007
- when removing -workstation, remove our files from the info index while
  the file is still there, in %preun, rather than %postun, and use the
  compressed file's name (#801035)
* Mon Jan 30 2012 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.2-6
- add patch to accept keytab entries with vno==0 as matches when we're
  searching for an entry with a specific name/kvno (#230382/#782211,RT#3349)
* Mon Jan 30 2012 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.2-5
- backport patch for RT#7046: tag a ccache containing credentials obtained via
  S4U2Proxy with the principal name of the proxying principal (part of #761317)
  so that the default principal name can be set to that of the client for which
  it is proxying, which results in the ccache looking more normal to consumers
  of the ccache that don't care that there's proxying going on
- pull in patch for RT#7047: allow tickets obtained via S4U2Proxy to be cached
  (more of #761317)
- backport patch for RT#7048: allow PAC verification to only bother trying to
  verify the signature with keys that it's given (still more of #761317)
* Tue Dec  6 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.2-4
- apply upstream patch to fix a null pointer dereference when processing
  TGS requests (CVE-2011-1530, #753748)
* Wed Nov 30 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.2-3
- correct a bug in the fix for #754001 so that the file creation context is
  consistently reset
* Tue Nov 22 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.2-2
- pull patch from trunk so that when computing an HMAC, we don't assume that
  the HMAC output size is the same as the input key length (RT#6994, #756139)
* Tue Nov 15 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.2-1
- update to 1.9.2, incorporating the recent security update and some of the
  things we were previously backporting, among other fixes
* Tue Oct 18 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.1-14
- apply upstream patch to fix a null pointer dereference with the LDAP kdb
  backend (CVE-2011-1527, #744125), an assertion failure with multiple kdb
  backends (CVE-2011-1528), and a null pointer dereference with multiple kdb
  backends (CVE-2011-1529) (#737711)
* Wed Oct 12 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.1-13
- handle a harder-to-trigger assertion failure that starts cropping up when we
  exit the transmit loop on time (#739853)
* Tue Sep  6 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.1-12
- pull in upstream patch for RT#6952, confusion following referrals for
  cross-realm auth (#734341)
- pull in build-time deps for the tests
* Thu Sep  1 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.1-11
- switch to the upstream patch for #727829
* Wed Aug 31 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.1-10
- handle an assertion failure that starts cropping up when the patch for
  using poll (#701446) meets servers that aren't running KDCs or against
  which the connection fails for other reasons (#727829, #734172)
* Mon Aug  8 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.1-9
- override the default build rules to not delete temporary y.tab.c files,
  so that they can be packaged, allowing debuginfo files which point to them
  do so usefully (#729044)
* Fri Jul 22 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.1-8
- build shared libraries with partial RELRO support (#723995)
- filter out potentially multiple instances of -Wl,-z,relro from krb5-config
  output, now that it's in the buildroot's default LDFLAGS
- pull in a patch to fix losing track of the replay cache FD, from SVN by
  way of Kevin Coffman
* Wed Jul 20 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.1-7
- kadmind.init: drop the attempt to detect no-database-present errors (#723723)
* Tue Jul 19 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.1-6
- backport fixes to teach libkrb5 to use descriptors higher than FD_SETSIZE
  to talk to a KDC by using poll() if it's detected at compile-time (#701446,
  RT#6905)
* Thu Jun 23 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.1-5
- pull a fix from SVN to try to avoid triggering a PTR lookup in getaddrinfo()
  during krb5_sname_to_principal(), and to let getaddrinfo() decide whether or
  not to ask for an IPv6 address based on the set of configured interfaces
  (#717378, RT#6922)
- pull a fix from SVN to use AI_ADDRCONFIG more often (RT#6923)
* Mon Jun 20 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.1-4
- apply upstream patch by way of Burt Holzman to fall back to a non-referral
  method in cases where we might be derailed by a KDC that rejects the
  canonicalize option (for example, those from the RHEL 2.1 or 3 era) (#715074)
* Tue Jun 14 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.1-3
- pull a fix from SVN to get libgssrpc clients (e.g. kadmin) authenticating
  using the old protocol over IPv4 again (RT#6920)
* Tue Jun 14 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- incorporate a fix to teach the file labeling bits about when replay caches
  are expunged (#576093)
* Thu May 26 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- switch to the upstream patch for #707145
* Wed May 25 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.1-2
- klist: don't trip over referral entries when invoked with -s (#707145,
  RT#6915)
* Fri May  6 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- fixup URL in a comment
- when built with NSS, require 3.12.10 rather than 3.12.9
* Thu May  5 2011 Nalin Dahyabhai <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.9.1-1
- update to 1.9.1:
  - drop no-longer-needed patches for CVE-2010-4022, CVE-2011-0281,
    CVE-2011-0282, CVE-2011-0283, CVE-2011-0284, CVE-2011-0285
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #827517 - CVE-2012-1013 krb5: kadmind denial of service
        https://bugzilla.redhat.com/show_bug.cgi?id=827517
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update krb5' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce