U radu programskog paketa krb5 utvrđeni su i ispravljeni nedostaci koje potencijalni napadači mogu iskoristiti za DoS (eng. Denial of Service, DoS) napad.
Paket:
krb5 1.x
Operacijski sustavi:
CentOS
Problem:
neodgovarajuća provjera ulaznih podataka, pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
Izvorni ID preporuke:
2012:1131
Izvor:
CentOS
Problem:
Nedostaci su vezani uz neodgovarajuću obradu AS-REQ zahtjeva te uz grešku u komponenti kadmind.
Posljedica:
Propuste zlonamjerni napadači mogu iskoristiti za napad uskraćivanjem usluga (DoS).
Rješenje:
Preporuča se nadogradnja paketa na zadnju inačicu.
CentOS Errata and Security Advisory 2012:1131 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1131.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
91e2684e2ba585f1a75160c01aef49192408f9861d8827e6a6dec24518a93c52
krb5-devel-1.9-33.el6_3.2.i686.rpm
3a5b5a17cd82f7f7c1e1d295ff2d2551450e17844ddcd78247654ea614125636
krb5-libs-1.9-33.el6_3.2.i686.rpm
2db0d3e82635f440db55b267999a0dada65338d7e5380b99ddaa8457232c798a
krb5-pkinit-openssl-1.9-33.el6_3.2.i686.rpm
1a5fdc266ca7ec4bd8bce0926af02af2f299ac1682bdfdb89c2e469e151f783b
krb5-server-1.9-33.el6_3.2.i686.rpm
3ef367b3ead3efd98ecf325e4519022c3b2aa633f377a3c8ae43636d85316909
krb5-server-ldap-1.9-33.el6_3.2.i686.rpm
249aeaae6a4480f47f3cbd64398f97a969636aa25d7347cb5111a079d56e22ea
krb5-workstation-1.9-33.el6_3.2.i686.rpm
x86_64:
91e2684e2ba585f1a75160c01aef49192408f9861d8827e6a6dec24518a93c52
krb5-devel-1.9-33.el6_3.2.i686.rpm
be31d0353dc31f060172e49090d5d7c33edcdf8c4686d82e101b31927d5cac82
krb5-devel-1.9-33.el6_3.2.x86_64.rpm
3a5b5a17cd82f7f7c1e1d295ff2d2551450e17844ddcd78247654ea614125636
krb5-libs-1.9-33.el6_3.2.i686.rpm
62693af68105abd6078bd915a32ec5212e88d78fc96c0282da11dd62b75cf739
krb5-libs-1.9-33.el6_3.2.x86_64.rpm
f9c5d3ee9c691158cc0217d173750b204d219c309d7a199ac917cc83c59d18cb
krb5-pkinit-openssl-1.9-33.el6_3.2.x86_64.rpm
814a8d2cc9271d7f29c75a8fb1aac04b051706fdebc03118388c39668a5c9941
krb5-server-1.9-33.el6_3.2.x86_64.rpm
3ef367b3ead3efd98ecf325e4519022c3b2aa633f377a3c8ae43636d85316909
krb5-server-ldap-1.9-33.el6_3.2.i686.rpm
ce59f30bd0dcde6242609960cad4f1e62e3c1bccd8dd8268952dfb3b2dbe3b95
krb5-server-ldap-1.9-33.el6_3.2.x86_64.rpm
bdaf9f5d1b6cb46770230e94214becc09d21503e39575ee27a10cf6efb14b0e6
krb5-workstation-1.9-33.el6_3.2.x86_64.rpm
Source:
76c145b259a08fd426a097d579efb63c2f47256712fc0bc5e06e3114cef04b48
krb5-1.9-33.el6_3.2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce
Posljednje sigurnosne preporuke