Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

Scientific Linux: CVE-2013-1416 moderate: krb5 KDC crash risk

Scientific Large Esm H446
Moderate: krb5 security update
Date: Tue, 16 Apr 2013 09:42:19 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 6x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
esc-1.1.0-25.el6_4.1.i686.rpm

x86_64:
esc-1.1.0-25.el6_4.1.x86_64.rpm
Date: Tue, 16 Apr 2013 20:29:23 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: krb5 on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: krb5 security update
Issue Date: 2013-04-16
CVE Numbers: CVE-2013-1416
--

A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC
processed certain TGS (Ticket-granting Server) requests. A remote,
authenticated attacker could use this flaw to crash the KDC via a
specially-crafted TGS request. (CVE-2013-1416)

After installing the updated packages, the krb5kdc daemon will be
restarted automatically.
--

SL6
 x86_64
 krb5-debuginfo-1.10.3-10.el6_4.2.i686.rpm
 krb5-debuginfo-1.10.3-10.el6_4.2.x86_64.rpm
 krb5-libs-1.10.3-10.el6_4.2.i686.rpm
 krb5-libs-1.10.3-10.el6_4.2.x86_64.rpm
 krb5-pkinit-openssl-1.10.3-10.el6_4.2.x86_64.rpm
 krb5-workstation-1.10.3-10.el6_4.2.x86_64.rpm
 krb5-devel-1.10.3-10.el6_4.2.i686.rpm
 krb5-devel-1.10.3-10.el6_4.2.x86_64.rpm
 krb5-server-1.10.3-10.el6_4.2.x86_64.rpm
 krb5-server-ldap-1.10.3-10.el6_4.2.i686.rpm
 krb5-server-ldap-1.10.3-10.el6_4.2.x86_64.rpm
 i386
 krb5-debuginfo-1.10.3-10.el6_4.2.i686.rpm
 krb5-libs-1.10.3-10.el6_4.2.i686.rpm
 krb5-pkinit-openssl-1.10.3-10.el6_4.2.i686.rpm
 krb5-workstation-1.10.3-10.el6_4.2.i686.rpm
 krb5-devel-1.10.3-10.el6_4.2.i686.rpm
 krb5-server-1.10.3-10.el6_4.2.i686.rpm
 krb5-server-ldap-1.10.3-10.el6_4.2.i686.rpm

- Scientific Linux Development Team