[El-errata] ELSA-2011-0200 Important: Oracle Linux 6 krb5 security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Wed Feb 16 13:05:58 PST 2011
Oracle Linux Security Advisory ELSA-2011-0200
https://rhn.redhat.com/errata/RHSA-2011-0200.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
i386:
krb5-devel-1.8.2-3.el6_0.4.i686.rpm
krb5-libs-1.8.2-3.el6_0.4.i686.rpm
krb5-pkinit-openssl-1.8.2-3.el6_0.4.i686.rpm
krb5-server-1.8.2-3.el6_0.4.i686.rpm
krb5-server-ldap-1.8.2-3.el6_0.4.i686.rpm
krb5-workstation-1.8.2-3.el6_0.4.i686.rpm
x86_64:
krb5-devel-1.8.2-3.el6_0.4.i686.rpm
krb5-devel-1.8.2-3.el6_0.4.x86_64.rpm
krb5-libs-1.8.2-3.el6_0.4.i686.rpm
krb5-libs-1.8.2-3.el6_0.4.x86_64.rpm
krb5-pkinit-openssl-1.8.2-3.el6_0.4.x86_64.rpm
krb5-server-1.8.2-3.el6_0.4.x86_64.rpm
krb5-server-ldap-1.8.2-3.el6_0.4.i686.rpm
krb5-server-ldap-1.8.2-3.el6_0.4.x86_64.rpm
krb5-workstation-1.8.2-3.el6_0.4.x86_64.rpm
SRPMS:
http://oss.oracle.com/el6/SRPMS-updates/krb5-1.8.2-3.el6_0.4.src.rpm
Description of changes:
[1.8.2-3.4]
- add upstream patches to fix standalone kpropd exiting if the per-client
child process exits with an error, and hang or crash in the KDC when using
the LDAP kdb backend (CVE-2010-4022, CVE-2011-0281, CVE-2011-0282,
#671101)
[1.8.2-3.3]
- pull up crypto changes made between 1.8.2 and 1.8.3 to fix upstream #6751,
assumed to already be there for the next fix
- incorporate candidate patch to fix various issues from MITKRB5-SA-2010-007
(CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, #651962)
[1.8.2-3.2]
- fix reading of keyUsage extensions when attempting to select pkinit client
certs (part of #644825, RT#6775)
- fix selection of pkinit client certs when one or more don't include a
subjectAltName extension (part of #644825, RT#6774)
[1.8.2-3.1]
- incorporate candidate patch to fix uninitialized pointer crash in the KDC
(CVE-2010-1322, #636336)
More information about the El-errata
mailing list