[El-errata] ELSA-2015-0794 Moderate: Oracle Linux 6 krb5 security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Apr 9 07:49:39 PDT 2015


Oracle Linux Security Advisory ELSA-2015-0794

http://linux.oracle.com/errata/ELSA-2015-0794.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
krb5-devel-1.10.3-37.el6_6.i686.rpm
krb5-libs-1.10.3-37.el6_6.i686.rpm
krb5-pkinit-openssl-1.10.3-37.el6_6.i686.rpm
krb5-server-1.10.3-37.el6_6.i686.rpm
krb5-server-ldap-1.10.3-37.el6_6.i686.rpm
krb5-workstation-1.10.3-37.el6_6.i686.rpm

x86_64:
krb5-devel-1.10.3-37.el6_6.i686.rpm
krb5-devel-1.10.3-37.el6_6.x86_64.rpm
krb5-libs-1.10.3-37.el6_6.i686.rpm
krb5-libs-1.10.3-37.el6_6.x86_64.rpm
krb5-pkinit-openssl-1.10.3-37.el6_6.x86_64.rpm
krb5-server-1.10.3-37.el6_6.x86_64.rpm
krb5-server-ldap-1.10.3-37.el6_6.i686.rpm
krb5-server-ldap-1.10.3-37.el6_6.x86_64.rpm
krb5-workstation-1.10.3-37.el6_6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/krb5-1.10.3-37.el6_6.src.rpm



Description of changes:

[1.10.3-37]
- fix for CVE-2014-5355 (#1193939) "krb5: unauthenticated
   denial of service in recvauth_common() and others"

[1.10.3-36]
- fix for CVE-2014-5353 (#1174543) "Fix LDAP misused policy
   name crash"

[1.10.3-35]
- Changelog fixes to make errata subsystem happy.

[1.10.3-34]
- fix for CVE-2014-5352 (#1179856) "gss_process_context_token()
   incorrectly frees context (MITKRB5-SA-2015-001)"
- fix for CVE-2014-9421 (#1179857) "kadmind doubly frees partial
   deserialization results (MITKRB5-SA-2015-001)"
- fix for CVE-2014-9422 (#1179861) "kadmind incorrectly
   validates server principal name (MITKRB5-SA-2015-001)"





More information about the El-errata mailing list