[El-errata] ELSA-2010-0423 Important: Enterprise Linux 5 krb5 security update

Errata Announcements for Enterprise Linux el-errata at oss.oracle.com
Tue May 18 19:27:01 PDT 2010


Enterprise Linux Security Advisory ELSA-2010-0423

https://rhn.redhat.com/errata/RHSA-2010-0423.html

The following updated rpms for Enterprise Linux 5 have been uploaded to 
the Unbreakable Linux Network:

i386:
krb5-devel-1.6.1-36.el5_5.4.i386.rpm
krb5-libs-1.6.1-36.el5_5.4.i386.rpm
krb5-server-1.6.1-36.el5_5.4.i386.rpm
krb5-workstation-1.6.1-36.el5_5.4.i386.rpm

x86_64:
krb5-devel-1.6.1-36.el5_5.4.i386.rpm
krb5-devel-1.6.1-36.el5_5.4.x86_64.rpm
krb5-libs-1.6.1-36.el5_5.4.i386.rpm
krb5-libs-1.6.1-36.el5_5.4.x86_64.rpm
krb5-server-1.6.1-36.el5_5.4.x86_64.rpm
krb5-workstation-1.6.1-36.el5_5.4.x86_64.rpm

ia64:
krb5-devel-1.6.1-36.el5_5.4.ia64.rpm
krb5-libs-1.6.1-36.el5_5.4.i386.rpm
krb5-libs-1.6.1-36.el5_5.4.ia64.rpm
krb5-server-1.6.1-36.el5_5.4.ia64.rpm
krb5-workstation-1.6.1-36.el5_5.4.ia64.rpm


SRPMS:
http://oss.oracle.com/el5/SRPMS-updates/krb5-1.6.1-36.el5_5.4.src.rpm


Description of changes:

[1.6.1-36.el5_5.4]
- add candidate patch to correct KDC null pointer dereference which
  could be triggered by malformed client requests (CVE-2010-1321, #583703)

[1.6.1-36.el5_5.3]
- add upstream patch to fix a few use-after-free bugs, including one in
  kadmind (CVE-2010-0629, #578185)





More information about the El-errata mailing list