[El-errata] ELSA-2009-0408 Important: Enterprise Linux 5 krb5 security update

Errata Announcements for Enterprise Linux el-errata at oss.oracle.com
Tue Apr 7 18:26:59 PDT 2009


Enterprise Linux Security Advisory ELSA-2009-0408

https://rhn.redhat.com/errata/RHSA-2009-0408.html

The following updated rpms for Enterprise Linux 5 have been uploaded to 
the Unbreakable Linux Network:

i386:
krb5-devel-1.6.1-31.el5_3.3.i386.rpm
krb5-libs-1.6.1-31.el5_3.3.i386.rpm
krb5-server-1.6.1-31.el5_3.3.i386.rpm
krb5-workstation-1.6.1-31.el5_3.3.i386.rpm

x86_64:
krb5-devel-1.6.1-31.el5_3.3.i386.rpm
krb5-devel-1.6.1-31.el5_3.3.x86_64.rpm
krb5-libs-1.6.1-31.el5_3.3.i386.rpm
krb5-libs-1.6.1-31.el5_3.3.x86_64.rpm
krb5-server-1.6.1-31.el5_3.3.x86_64.rpm
krb5-workstation-1.6.1-31.el5_3.3.x86_64.rpm

SRPMS:
http://oss.oracle.com/el5/SRPMS-updates/krb5-1.6.1-31.el5_3.3.src.rpm

Description of changes:

[1.6.1-31.el5_3.3]
- update to revised patch for CVE-2009-0844/CVE-2009-0845

[1.6.1-31.el5_3.2]
- add fix for potential buffer read overrun in the SPNEGO GSSAPI mechanism
  (#490635, CVE-2009-0844)
- add fix for NULL pointer dereference when handling certain error cases
  in the SPNEGO GSSAPI mechanism (#490635, CVE-2009-0845)
- add fix for attempt to free uninitialized pointer in the ASN.1 decoder
  (#490635, CVE-2009-0846)
- add fix for bug in length validation in the ASN.1 decoder (CVE-2009-0847)

[1.6.1-31.el5_3.1]
- add backport of svn patch to fix a bug in how the gssapi library
  handles certain error cases in gss_accept_sec_context (CVE-2009-0845,




More information about the El-errata mailing list