Date: Wed, 13 Jan 2010 10:01:49 -0600
Reply-To: Troy Dawson
Sender: Security Errata for Scientific Linux
From: Troy Dawson
Subject: Security ERRATA Critical: krb5 on SL3.x, SL4.x, SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
Synopsis: Critical: krb5 security update
Issue date: 2010-01-12
CVE Names: CVE-2009-4212
CVE-2009-4212 krb: KDC integer overflows in AES and RC4 decryption
routines (MITKRB5-SA-2009-004)
Multiple integer underflow flaws, leading to heap-based corruption, were
found in the way the MIT Kerberos Key Distribution Center (KDC)
decrypted ciphertexts encrypted with the Advanced Encryption Standard
(AES) and ARCFOUR (RC4) encryption algorithms. If a remote KDC client
were able to provide a specially-crafted AES- or RC4-encrypted
ciphertext or texts, it could potentially lead to either a denial of
service of the central KDC (KDC crash or abort upon processing the
crafted ciphertext), or arbitrary code execution with the privileges of
the KDC (i.e., root privileges). (CVE-2009-4212)
All running services using the MIT Kerberos libraries must be restarted
for the update to take effect.
SL 3.0.x
SRPMS:
krb5-1.2.7-71.src.rpm
i386:
krb5-devel-1.2.7-71.i386.rpm
krb5-libs-1.2.7-71.i386.rpm
krb5-server-1.2.7-71.i386.rpm
krb5-workstation-1.2.7-71.i386.rpm
x86_64:
krb5-devel-1.2.7-71.x86_64.rpm
krb5-libs-1.2.7-71.i386.rpm
krb5-libs-1.2.7-71.x86_64.rpm
krb5-server-1.2.7-71.x86_64.rpm
krb5-workstation-1.2.7-71.x86_64.rpm
SL 4.x
SRPMS:
krb5-1.3.4-62.el4_8.1.src.rpm
i386:
krb5-devel-1.3.4-62.el4_8.1.i386.rpm
krb5-libs-1.3.4-62.el4_8.1.i386.rpm
krb5-server-1.3.4-62.el4_8.1.i386.rpm
krb5-workstation-1.3.4-62.el4_8.1.i386.rpm
x86_64:
krb5-devel-1.3.4-62.el4_8.1.x86_64.rpm
krb5-libs-1.3.4-62.el4_8.1.i386.rpm
krb5-libs-1.3.4-62.el4_8.1.x86_64.rpm
krb5-server-1.3.4-62.el4_8.1.x86_64.rpm
krb5-workstation-1.3.4-62.el4_8.1.x86_64.rpm
SL 5.x
SRPMS:
krb5-1.6.1-36.el5_4.1.src.rpm
i386:
krb5-devel-1.6.1-36.el5_4.1.i386.rpm
krb5-libs-1.6.1-36.el5_4.1.i386.rpm
krb5-server-1.6.1-36.el5_4.1.i386.rpm
krb5-workstation-1.6.1-36.el5_4.1.i386.rpm
x86_64:
krb5-devel-1.6.1-36.el5_4.1.i386.rpm
krb5-devel-1.6.1-36.el5_4.1.x86_64.rpm
krb5-libs-1.6.1-36.el5_4.1.i386.rpm
krb5-libs-1.6.1-36.el5_4.1.x86_64.rpm
krb5-server-1.6.1-36.el5_4.1.x86_64.rpm
krb5-workstation-1.6.1-36.el5_4.1.x86_64.rpm
-Connie Sieh
-Troy Dawson