[El-errata] ELSA-2013-0656 Moderate: Oracle Linux 6 krb5 security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Mon Mar 18 21:06:40 PDT 2013
Oracle Linux Security Advisory ELSA-2013-0656
https://rhn.redhat.com/errata/RHSA-2013-0656.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
i386:
krb5-devel-1.10.3-10.el6_4.1.i686.rpm
krb5-libs-1.10.3-10.el6_4.1.i686.rpm
krb5-pkinit-openssl-1.10.3-10.el6_4.1.i686.rpm
krb5-server-1.10.3-10.el6_4.1.i686.rpm
krb5-server-ldap-1.10.3-10.el6_4.1.i686.rpm
krb5-workstation-1.10.3-10.el6_4.1.i686.rpm
x86_64:
krb5-devel-1.10.3-10.el6_4.1.i686.rpm
krb5-devel-1.10.3-10.el6_4.1.x86_64.rpm
krb5-libs-1.10.3-10.el6_4.1.i686.rpm
krb5-libs-1.10.3-10.el6_4.1.x86_64.rpm
krb5-pkinit-openssl-1.10.3-10.el6_4.1.x86_64.rpm
krb5-server-1.10.3-10.el6_4.1.x86_64.rpm
krb5-server-ldap-1.10.3-10.el6_4.1.i686.rpm
krb5-server-ldap-1.10.3-10.el6_4.1.x86_64.rpm
krb5-workstation-1.10.3-10.el6_4.1.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/krb5-1.10.3-10.el6_4.1.src.rpm
Description of changes:
[1.10.3-10.1]
- incorporate upstream patch to fix a NULL pointer dereference when the
client
supplies an otherwise-normal-looking PKINIT request (CVE-2013-1415,
#917909)
- add patch to avoid dereferencing a NULL pointer in the KDC when handling a
draft9 PKINIT request (#917909, CVE-2012-1016)
More information about the El-errata
mailing list