[El-errata] ELSA-2011-0200 Important: Oracle Linux 6 krb5 security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Feb 16 13:05:58 PST 2011


Oracle Linux Security Advisory ELSA-2011-0200

https://rhn.redhat.com/errata/RHSA-2011-0200.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
krb5-devel-1.8.2-3.el6_0.4.i686.rpm
krb5-libs-1.8.2-3.el6_0.4.i686.rpm
krb5-pkinit-openssl-1.8.2-3.el6_0.4.i686.rpm
krb5-server-1.8.2-3.el6_0.4.i686.rpm
krb5-server-ldap-1.8.2-3.el6_0.4.i686.rpm
krb5-workstation-1.8.2-3.el6_0.4.i686.rpm

x86_64:
krb5-devel-1.8.2-3.el6_0.4.i686.rpm
krb5-devel-1.8.2-3.el6_0.4.x86_64.rpm
krb5-libs-1.8.2-3.el6_0.4.i686.rpm
krb5-libs-1.8.2-3.el6_0.4.x86_64.rpm
krb5-pkinit-openssl-1.8.2-3.el6_0.4.x86_64.rpm
krb5-server-1.8.2-3.el6_0.4.x86_64.rpm
krb5-server-ldap-1.8.2-3.el6_0.4.i686.rpm
krb5-server-ldap-1.8.2-3.el6_0.4.x86_64.rpm
krb5-workstation-1.8.2-3.el6_0.4.x86_64.rpm


SRPMS:
http://oss.oracle.com/el6/SRPMS-updates/krb5-1.8.2-3.el6_0.4.src.rpm


Description of changes:

[1.8.2-3.4]
- add upstream patches to fix standalone kpropd exiting if the per-client
  child process exits with an error, and hang or crash in the KDC when using
  the LDAP kdb backend (CVE-2010-4022, CVE-2011-0281, CVE-2011-0282, 
#671101)

[1.8.2-3.3]
- pull up crypto changes made between 1.8.2 and 1.8.3 to fix upstream #6751,
  assumed to already be there for the next fix
- incorporate candidate patch to fix various issues from MITKRB5-SA-2010-007
  (CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, #651962)

[1.8.2-3.2]
- fix reading of keyUsage extensions when attempting to select pkinit client
  certs (part of #644825, RT#6775)
- fix selection of pkinit client certs when one or more don't include a
  subjectAltName extension (part of #644825, RT#6774)

[1.8.2-3.1]
- incorporate candidate patch to fix uninitialized pointer crash in the KDC
  (CVE-2010-1322, #636336)





More information about the El-errata mailing list