[El-errata] ELSA-2012-0306 Low: Oracle Linux 5 krb5 security and bug fix update

Wed Mar 7 15:38:42 PST 2012

Oracle Linux Security Advisory ELSA-2012-0306

https://rhn.redhat.com/errata/RHSA-2012-0306.html

The following updated rpms for Oracle Linux 5 have been uploaded to the 
Unbreakable Linux Network:

i386:
krb5-devel-1.6.1-70.el5.i386.rpm
krb5-libs-1.6.1-70.el5.i386.rpm
krb5-server-1.6.1-70.el5.i386.rpm
krb5-server-ldap-1.6.1-70.el5.i386.rpm
krb5-workstation-1.6.1-70.el5.i386.rpm

x86_64:
krb5-devel-1.6.1-70.el5.i386.rpm
krb5-devel-1.6.1-70.el5.x86_64.rpm
krb5-libs-1.6.1-70.el5.i386.rpm
krb5-libs-1.6.1-70.el5.x86_64.rpm
krb5-server-1.6.1-70.el5.x86_64.rpm
krb5-server-ldap-1.6.1-70.el5.x86_64.rpm
krb5-workstation-1.6.1-70.el5.x86_64.rpm

ia64:
krb5-devel-1.6.1-70.el5.ia64.rpm
krb5-libs-1.6.1-70.el5.i386.rpm
krb5-libs-1.6.1-70.el5.ia64.rpm
krb5-server-1.6.1-70.el5.ia64.rpm
krb5-server-ldap-1.6.1-70.el5.ia64.rpm
krb5-workstation-1.6.1-70.el5.ia64.rpm

SRPMS:
http://oss.oracle.com/ol5/SRPMS-updates/krb5-1.6.1-70.el5.src.rpm

Description of changes:

[1.6.1-70.el5]
- add upstream patch for telnetd buffer overflow (CVE-2011-4862, #770351)

[1.6.1-69.el5]
- ftp: fix a static analysis should-never-happen NULL dereference (#750823)

[1.6.1-68.el5]
- backport fixes to teach libkrb5 to use descriptors higher than FD_SETSIZE
   to talk to a KDC by using poll() if it's detected at compile-time, 
revised
   (#701444, RT#6905)

[1.6.1-67.el5]
- add backported patch by way of jbarbuc to free subkeys created by the
   KDC while processing TGS requests (#708516)

[1.6.1-66.el5]
- add backported patch by way of several people to better avoid false
   detection of replay attacks when talking to systems with coarse time
   resolution (#713500)

[1.6.1-65.el5]
- ftpd: add backported patch to check for errors when calling setegid
   (MITKRB5-SA-2011-005, CVE-2011-1526, #719098)

[1.6.1-64.el5]
- klist: don't trip over referral entries when invoked with -s (#729067,
   RT#6915)