[El-errata] ELSA-2014-1245 Moderate: Oracle Linux 5 krb5 security and bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Sep 17 10:43:14 PDT 2014


Oracle Linux Security Advisory ELSA-2014-1245

https://rhn.redhat.com/errata/RHSA-2014-1245.html

The following updated rpms for Oracle Linux 5 have been uploaded to the 
Unbreakable Linux Network:

i386:
krb5-devel-1.6.1-78.el5.i386.rpm
krb5-libs-1.6.1-78.el5.i386.rpm
krb5-server-1.6.1-78.el5.i386.rpm
krb5-server-ldap-1.6.1-78.el5.i386.rpm
krb5-workstation-1.6.1-78.el5.i386.rpm

x86_64:
krb5-devel-1.6.1-78.el5.i386.rpm
krb5-devel-1.6.1-78.el5.x86_64.rpm
krb5-libs-1.6.1-78.el5.i386.rpm
krb5-libs-1.6.1-78.el5.x86_64.rpm
krb5-server-1.6.1-78.el5.x86_64.rpm
krb5-server-ldap-1.6.1-78.el5.x86_64.rpm
krb5-workstation-1.6.1-78.el5.x86_64.rpm

ia64:
krb5-devel-1.6.1-78.el5.ia64.rpm
krb5-libs-1.6.1-78.el5.i386.rpm
krb5-libs-1.6.1-78.el5.ia64.rpm
krb5-server-1.6.1-78.el5.ia64.rpm
krb5-server-ldap-1.6.1-78.el5.ia64.rpm
krb5-workstation-1.6.1-78.el5.ia64.rpm


SRPMS:
http://oss.oracle.com/ol5/SRPMS-updates/krb5-1.6.1-78.el5.src.rpm



Description of changes:

[1.6.1-78.el5]
- gssapi: pull in upstream fix for a possible NULL dereference in spnego
   (CVE-2014-4344, #1121509)

[1.6.1-77.el5]
- fix what appears to be a cosmetic error in the patch for self-tests
   for CVE-2014-4341

[1.6.1-76.el5]
- run the backported self-tests, such as they are, for CVE-2014-4341

[1.6.1-75.el5]
- pull in backported fix for denial of service by injection of malformed
   GSSAPI tokens (CVE-2014-4341, #1121509)

[1.6.1-74.el5]
- add patch based on one from Filip Krska to not call poll() with a negative
   timeout when the caller's intent is for us to just stop calling it 
(#1089732)

[1.6.1-73.el5]
- incorporate backported upstream patch for remote crash of KDCs which serve
   multiple realms simultaneously (RT#7756, CVE-2013-1418/CVE-2013-6800,

[1.6.1-72.el5]
- add part-backported fix to avoid possible use-after-free when encrypting
   delegated creds (Jatin Nansi, #1004632)






More information about the El-errata mailing list