Scientific Linux: CVE-2011-0281 Important Krb5 Security Update

Date: Wed, 9 Feb 2011 15:26:14 -0600
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Important: krb5 on SL5.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Important: krb5 security update
Issue date:	2011-02-08
CVE Names:	CVE-2011-0281 CVE-2011-0282

A NULL pointer dereference flaw was found in the way the MIT Kerberos
KDC processed principal names that were not null terminated, when the
KDC was configured to use an LDAP back end. A remote attacker could use
this flaw to crash the KDC via a specially-crafted request. (CVE-2011-0282)

A denial of service flaw was found in the way the MIT Kerberos KDC
processed certain principal names when the KDC was configured to use an
LDAP back end. A remote attacker could use this flaw to cause the KDC to
hang via a specially-crafted request. (CVE-2011-0281)

After installing the updated packages, the krb5kdc daemon will be
restarted automatically.

SL 5.x

 SRPMS:
krb5-1.6.1-55.el5_6.1.src.rpm
 i386:
krb5-devel-1.6.1-55.el5_6.1.i386.rpm
krb5-libs-1.6.1-55.el5_6.1.i386.rpm
krb5-server-1.6.1-55.el5_6.1.i386.rpm
krb5-server-ldap-1.6.1-55.el5_6.1.i386.rpm
krb5-workstation-1.6.1-55.el5_6.1.i386.rpm
 x86_64:
krb5-devel-1.6.1-55.el5_6.1.i386.rpm
krb5-devel-1.6.1-55.el5_6.1.x86_64.rpm
krb5-libs-1.6.1-55.el5_6.1.i386.rpm
krb5-libs-1.6.1-55.el5_6.1.x86_64.rpm
krb5-server-1.6.1-55.el5_6.1.x86_64.rpm
krb5-server-ldap-1.6.1-55.el5_6.1.x86_64.rpm
krb5-workstation-1.6.1-55.el5_6.1.x86_64.rpm

-Connie Sieh
-Troy Dawson