Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Errata Announcements for Oracle Linux <el-errata <at> oss.oracle.com>
Subject: ELSA-2013-0656 Moderate: Oracle Linux 6 krb5 security update
Newsgroups: gmane.linux.oracle.el-errata
Date: Tuesday 19th March 2013 04:06:40 UTC (over 3 years ago)
Oracle Linux Security Advisory ELSA-2013-0656

https://rhn.redhat.com/errata/RHSA-2013-0656.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
krb5-devel-1.10.3-10.el6_4.1.i686.rpm
krb5-libs-1.10.3-10.el6_4.1.i686.rpm
krb5-pkinit-openssl-1.10.3-10.el6_4.1.i686.rpm
krb5-server-1.10.3-10.el6_4.1.i686.rpm
krb5-server-ldap-1.10.3-10.el6_4.1.i686.rpm
krb5-workstation-1.10.3-10.el6_4.1.i686.rpm

x86_64:
krb5-devel-1.10.3-10.el6_4.1.i686.rpm
krb5-devel-1.10.3-10.el6_4.1.x86_64.rpm
krb5-libs-1.10.3-10.el6_4.1.i686.rpm
krb5-libs-1.10.3-10.el6_4.1.x86_64.rpm
krb5-pkinit-openssl-1.10.3-10.el6_4.1.x86_64.rpm
krb5-server-1.10.3-10.el6_4.1.x86_64.rpm
krb5-server-ldap-1.10.3-10.el6_4.1.i686.rpm
krb5-server-ldap-1.10.3-10.el6_4.1.x86_64.rpm
krb5-workstation-1.10.3-10.el6_4.1.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/krb5-1.10.3-10.el6_4.1.src.rpm



Description of changes:

[1.10.3-10.1]
- incorporate upstream patch to fix a NULL pointer dereference when the 
client
   supplies an otherwise-normal-looking PKINIT request (CVE-2013-1415, 
#917909)
- add patch to avoid dereferencing a NULL pointer in the KDC when handling
a
   draft9 PKINIT request (#917909, CVE-2012-1016)
 
CD: 3ms