Detalji

Ispravljena je ranjivost programskog alata Krb5, namijenjenog operacijskom sustavu Fedora 15. Navedeni paket implementira protokol Kerberos koji se koristi za autentikaciju korisnika na računalnoj mreži. Propust se odnosi na rad funkcije "process_chpw_request" u datoteci "schpw.c" pozadinskog procesa kadmind. Spomenuta funkcija oslobađa nevažeći pokazivač te time udaljenom napadaču omogućuje pokretanje napada uskraćivanja usluge i/ili izvršavanje proizvoljnog programskog koda slanjem posebno oblikovanog zahtjeva. Savjetuje se nadogradnja na najnoviju inačicu.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-5333
2011-04-14 00:32:04
--------------------------------------------------------------------------------

Name        : krb5
Product     : Fedora 15
Version     : 1.9
Release     : 7.fc15
URL         : http://web.mit.edu/kerberos/www/
Summary     : The Kerberos network authentication system
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.

--------------------------------------------------------------------------------
Update Information:

This update incorporates the upstream patches to fix an attempt to free an
invalid pointer in kadmind (MITKRB5-SA-2011-004).

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #696343 - CVE-2011-0285 krb5: kadmind invalid pointer free()
(MITKRB5-SA-004) [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=696343
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update krb5' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Idi na vrh