Ranjivost paketa krb5

Ispravljena je sigurnosna ranjivost otkrivena u radu paketa krb5 koja može uzrokovati uskraćivanje usluge (eng. Denial of Service).

Paket:	krb 5.x
Operacijski sustavi:	Mandriva Linux 2010.1, Mandriva Linux 2011, Mandriva Linux Enterprise Server 5.0
Problem:	pogreška u programskoj komponenti
Iskorištavanje:	lokalno/udaljeno
Posljedica:	uskraćivanje usluga (DoS)
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2012-1013
Izvorni ID preporuke:	MDVSA-2012:102
Izvor:	Mandriva

Problem:
Ranjivost se javlja zbog dereferenciranja pokazivača unutar komponente "kadmind".
Posljedica:
Zlonamjerni korisnik s većim privilegijama bi mogao iskoristiti propust za izvršavanje DoS napada.
Rješenje:
Svim se korisnicima, u svrhu zaštite, savjetuje instalacija najnovijih nadogradnji.

Izvorni tekst preporuke

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:102
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : krb5
 Date    : July 6, 2012
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in krb5:
 
 Fix a kadmind denial of service issue (null pointer dereference),
 which could only be triggered by an administrator with the create
 privilege (CVE-2012-1013).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1013
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 1175a2115b82a645413fcabe5cb71f70  2010.1/i586/krb5-1.8.1-5.7mdv2010.2.i586.rpm
 e5ac2389b258577b59514a7a16063227 
2010.1/i586/krb5-pkinit-openssl-1.8.1-5.7mdv2010.2.i586.rpm
 8ee366b386f58a5f29ad28890e3b3413 
2010.1/i586/krb5-server-1.8.1-5.7mdv2010.2.i586.rpm
 a6b3a278f170057a70e046023f18c155 
2010.1/i586/krb5-server-ldap-1.8.1-5.7mdv2010.2.i586.rpm
 5aa836c1da611a4cd8f095bdd5b28717 
2010.1/i586/krb5-workstation-1.8.1-5.7mdv2010.2.i586.rpm
 11dc88b663661efa1132797f9c05761d 
2010.1/i586/libkrb53-1.8.1-5.7mdv2010.2.i586.rpm
 0dcb87015e7bd3e96800aadcab29bba5 
2010.1/i586/libkrb53-devel-1.8.1-5.7mdv2010.2.i586.rpm 
 052b607d6ea19fd3d66b84a75c04f7e6  2010.1/SRPMS/krb5-1.8.1-5.7mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 68805dbdfdde01d47d8fc27ab895144e 
2010.1/x86_64/krb5-1.8.1-5.7mdv2010.2.x86_64.rpm
 989661661a97f251545f5ee808a314c6 
2010.1/x86_64/krb5-pkinit-openssl-1.8.1-5.7mdv2010.2.x86_64.rpm
 6aa59d2c09d12e1a720bc474a0eeeaaf 
2010.1/x86_64/krb5-server-1.8.1-5.7mdv2010.2.x86_64.rpm
 c3337bb7d19cb6aa706c44902eb0d2ec 
2010.1/x86_64/krb5-server-ldap-1.8.1-5.7mdv2010.2.x86_64.rpm
 84f2946439c82482844f6e0893ce19f1 
2010.1/x86_64/krb5-workstation-1.8.1-5.7mdv2010.2.x86_64.rpm
 60299d66703a7112f11a2663fc09edcf 
2010.1/x86_64/lib64krb53-1.8.1-5.7mdv2010.2.x86_64.rpm
 6bea584af11149070818f884f5d312b6 
2010.1/x86_64/lib64krb53-devel-1.8.1-5.7mdv2010.2.x86_64.rpm 
 052b607d6ea19fd3d66b84a75c04f7e6  2010.1/SRPMS/krb5-1.8.1-5.7mdv2010.2.src.rpm

 Mandriva Linux 2011:
 a8d4bd01471bba983f8a0110d3710716  2011/i586/krb5-1.9.1-1.3-mdv2011.0.i586.rpm
 efb2ea866b62de3ae05d1f3b7ec215da 
2011/i586/krb5-pkinit-openssl-1.9.1-1.3-mdv2011.0.i586.rpm
 2403bc6016e27189a5b1279b9fa36a91 
2011/i586/krb5-server-1.9.1-1.3-mdv2011.0.i586.rpm
 ad5d818c9346d69db175291a1c089056 
2011/i586/krb5-server-ldap-1.9.1-1.3-mdv2011.0.i586.rpm
 226bc0f073d3a6cbf8045c49f0afbe14 
2011/i586/krb5-workstation-1.9.1-1.3-mdv2011.0.i586.rpm
 acf3849720c9cc90246fb5c171b2af67 
2011/i586/libkrb53-1.9.1-1.3-mdv2011.0.i586.rpm
 b5592a358e88d5330dffcd2784f113db 
2011/i586/libkrb53-devel-1.9.1-1.3-mdv2011.0.i586.rpm 
 8444bf31b0ddf8ad23768d79bf69a2a8  2011/SRPMS/krb5-1.9.1-1.3.src.rpm

 Mandriva Linux 2011/X86_64:
 8e2cb70c3064945a5bb01e946b93720a 
2011/x86_64/krb5-1.9.1-1.3-mdv2011.0.x86_64.rpm
 8df8bb54172a0070ad770a2bf97d1c74 
2011/x86_64/krb5-pkinit-openssl-1.9.1-1.3-mdv2011.0.x86_64.rpm
 c4ad3af421de33b7d330d340d0556f91 
2011/x86_64/krb5-server-1.9.1-1.3-mdv2011.0.x86_64.rpm
 545fc63143f4e45639908a39f49c1f40 
2011/x86_64/krb5-server-ldap-1.9.1-1.3-mdv2011.0.x86_64.rpm
 531353da8c826397adab7a902d577ed2 
2011/x86_64/krb5-workstation-1.9.1-1.3-mdv2011.0.x86_64.rpm
 f64777b5ff24e62a3faae65161fc7102 
2011/x86_64/lib64krb53-1.9.1-1.3-mdv2011.0.x86_64.rpm
 f5f700c716fd7c62c4a7cc44ca5aca13 
2011/x86_64/lib64krb53-devel-1.9.1-1.3-mdv2011.0.x86_64.rpm 
 8444bf31b0ddf8ad23768d79bf69a2a8  2011/SRPMS/krb5-1.9.1-1.3.src.rpm

 Mandriva Enterprise Server 5:
 98fa3187ade33c8dcc63604c6ebc02ce  mes5/i586/krb5-1.8.1-0.8mdvmes5.2.i586.rpm
 b509b9b7b2138a6e9b058bb991e1d6e2 
mes5/i586/krb5-pkinit-openssl-1.8.1-0.8mdvmes5.2.i586.rpm
 3ba432fe4f3c1ae79146d44241002551 
mes5/i586/krb5-server-1.8.1-0.8mdvmes5.2.i586.rpm
 330e1002801b9d21d1b8d3bae8ba860c 
mes5/i586/krb5-server-ldap-1.8.1-0.8mdvmes5.2.i586.rpm
 fec59596107996bffaede76be60621de 
mes5/i586/krb5-workstation-1.8.1-0.8mdvmes5.2.i586.rpm
 5ae5bdbee59e6367406648ca3bd2933a 
mes5/i586/libkrb53-1.8.1-0.8mdvmes5.2.i586.rpm
 9b2904fc426a312f7a1e9c9afc58a26c 
mes5/i586/libkrb53-devel-1.8.1-0.8mdvmes5.2.i586.rpm 
 f57f14346425b502ee0a10fc2faaa3c6  mes5/SRPMS/krb5-1.8.1-0.8mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 bcb24a17293d01d0c393a1c95074d2c8 
mes5/x86_64/krb5-1.8.1-0.8mdvmes5.2.x86_64.rpm
 3ddf8eed66107c373a412faf5715e824 
mes5/x86_64/krb5-pkinit-openssl-1.8.1-0.8mdvmes5.2.x86_64.rpm
 8b43725a277670421b3b1b0bba3e8dac 
mes5/x86_64/krb5-server-1.8.1-0.8mdvmes5.2.x86_64.rpm
 4ef2f93d362b930f5f7970ef64578b1c 
mes5/x86_64/krb5-server-ldap-1.8.1-0.8mdvmes5.2.x86_64.rpm
 f4aaa95f71a326a650113a425bd3fe80 
mes5/x86_64/krb5-workstation-1.8.1-0.8mdvmes5.2.x86_64.rpm
 2e055df16c60cfdd456ec0dd80dc3246 
mes5/x86_64/lib64krb53-1.8.1-0.8mdvmes5.2.x86_64.rpm
 3dad4c1c066a22eae7931bb40cf59833 
mes5/x86_64/lib64krb53-devel-1.8.1-0.8mdvmes5.2.x86_64.rpm 
 f57f14346425b502ee0a10fc2faaa3c6  mes5/SRPMS/krb5-1.8.1-0.8mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFP9sD7mqjQ0CJFipgRAls6AJ9atdFYwXSfo6wpuo//Jrx9qfAFvQCgnn9w
n1HVs0rIYS+NV6s3DemhTfM=
=S/BX
-----END PGP SIGNATURE-----

Ranjivost paketa krb5

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Ranjivost paketa krb5

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti