Detalji

Otkriven je nedostatak u radu programskog paketa krb5 na operacijskom sustavu Fedora 15. Spomenuti paket implementira protokol Kerberos koji se koristi za autentikaciju korisnika na računalnoj mreži. Propust se odnosi na KDC (eng. Key Distribution Center) pozadinski proces. Navedeni proces podložan je na tzv. "double-free" ranjivosti, pri obradi inicijalnih autentikacijskih zahtjeva, ukoliko je omogućena PKINIT (eng. Public Key Cryptography for Initial Authentication) funkcionalnost. Ranjivost omogućava udaljenom napadaču pokretanje napada uskraćivanja usluga ili eventualno izvršavanje zlonamjernog programskog koda. Kao rješenje problema savjetuje se nadogradnja. 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-3547
2011-03-18 02:38:03
--------------------------------------------------------------------------------

Name        : krb5
Product     : Fedora 15
Version     : 1.9
Release     : 6.fc15
URL         : http://web.mit.edu/kerberos/www/
Summary     : The Kerberos network authentication system
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.

--------------------------------------------------------------------------------
Update Information:

This update incorporates upstream fixes for a double-free in the KDC which
could occur if the KDC needed to send back typed-data along with an error
(MITKRB5-SA-2011-003, CVE-2011-0284).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #674325 - CVE-2011-0284 krb5 (krb5kdc): Double-free flaw by
handling error messages upon receiving certain AS_REQ's (MITKRB5-SA-2011-003)
        https://bugzilla.redhat.com/show_bug.cgi?id=674325
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update krb5' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Idi na vrh