|
 |
| Problem Description |
A flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4
protocol packets. An unauthenticated remote attacker could use this
flaw to crash the krb5kdc daemon, disclose portions of its memory,
or possibly %execute arbitrary code using malformed or truncated
Kerberos v4 protocol requests (CVE-2008-0062, CVE-2008-0063).
This issue only affects krb5kdc when it has Kerberos v4 protocol
compatibility enabled, which is a compiled-in default in all
Kerberos versions that Mandriva Linux ships prior to Mandriva
Linux 2008.0. Kerberos v4 protocol support can be disabled by
adding v4_mode=none (without quotes) to the [kdcdefaults] section
of /etc/kerberos/krb5kdc/kdc.conf.
The updated packages have been patched to correct these issues.
| Updated Packages |
Corporate Server 3.0
d671c7e0f68642556b1ba5a33d26eaf8 corporate/3.0/i586/ftp-client-krb5-1.3-6.10.C30mdk.i586.rpm 9e5a2591cee10ed62948f6d30e836863 corporate/3.0/i586/ftp-server-krb5-1.3-6.10.C30mdk.i586.rpm 7e8fc318772ff7dcd22f5b1c81bbfe6d corporate/3.0/i586/krb5-server-1.3-6.10.C30mdk.i586.rpm 45838af9454ffc5f6c06a505b4468c83 corporate/3.0/i586/krb5-workstation-1.3-6.10.C30mdk.i586.rpm fbdb6f71d9e2a939bbea33312b74c998 corporate/3.0/i586/libkrb51-1.3-6.10.C30mdk.i586.rpm 50f964ee10fc744553a862c918913b03 corporate/3.0/i586/libkrb51-devel-1.3-6.10.C30mdk.i586.rpm 667270f39306bd837b08b310a189f75d corporate/3.0/i586/telnet-client-krb5-1.3-6.10.C30mdk.i586.rpm a5a4a1a64c14164e1755ad37e35cf99d corporate/3.0/i586/telnet-server-krb5-1.3-6.10.C30mdk.i586.rpm 07535be43a1e339a0ba69cc167fbb530 corporate/3.0/SRPMS/krb5-1.3-6.10.C30mdk.src.rpm
Corporate Server 3.0/X86_64
0f693533eea0d49c60b20c40e6b5a872 corporate/3.0/x86_64/ftp-client-krb5-1.3-6.10.C30mdk.x86_64.rpm 061429249b1cc62647c3a95d6b2a3d8b corporate/3.0/x86_64/ftp-server-krb5-1.3-6.10.C30mdk.x86_64.rpm bda82007dd59af28240d51ca020370d1 corporate/3.0/x86_64/krb5-server-1.3-6.10.C30mdk.x86_64.rpm 9d7e810eacfc17774ee33a438cdc196d corporate/3.0/x86_64/krb5-workstation-1.3-6.10.C30mdk.x86_64.rpm b4abcda997c06b142bbae27cf3e617ef corporate/3.0/x86_64/lib64krb51-1.3-6.10.C30mdk.x86_64.rpm e3692fe347ec21c7fd25a581ef817d66 corporate/3.0/x86_64/lib64krb51-devel-1.3-6.10.C30mdk.x86_64.rpm c5da9da1f3aa15a0966f8d1644748340 corporate/3.0/x86_64/telnet-client-krb5-1.3-6.10.C30mdk.x86_64.rpm fd9ff563b0d3d58705eb3b2b4aeebc11 corporate/3.0/x86_64/telnet-server-krb5-1.3-6.10.C30mdk.x86_64.rpm 07535be43a1e339a0ba69cc167fbb530 corporate/3.0/SRPMS/krb5-1.3-6.10.C30mdk.src.rpm
Multi Network Firewall 2.0
fa4c3506c056e55862b4db41e134db1c mnf/2.0/i586/libkrb51-1.3-6.10.M20mdk.i586.rpm 5c5caff1487f3284ba0c9529a831405e mnf/2.0/SRPMS/krb5-1.3-6.10.M20mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.