[El-errata] ELSA-2015-0794 Moderate: Oracle Linux 6 krb5 security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu Apr 9 07:49:39 PDT 2015
Oracle Linux Security Advisory ELSA-2015-0794
http://linux.oracle.com/errata/ELSA-2015-0794.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
i386:
krb5-devel-1.10.3-37.el6_6.i686.rpm
krb5-libs-1.10.3-37.el6_6.i686.rpm
krb5-pkinit-openssl-1.10.3-37.el6_6.i686.rpm
krb5-server-1.10.3-37.el6_6.i686.rpm
krb5-server-ldap-1.10.3-37.el6_6.i686.rpm
krb5-workstation-1.10.3-37.el6_6.i686.rpm
x86_64:
krb5-devel-1.10.3-37.el6_6.i686.rpm
krb5-devel-1.10.3-37.el6_6.x86_64.rpm
krb5-libs-1.10.3-37.el6_6.i686.rpm
krb5-libs-1.10.3-37.el6_6.x86_64.rpm
krb5-pkinit-openssl-1.10.3-37.el6_6.x86_64.rpm
krb5-server-1.10.3-37.el6_6.x86_64.rpm
krb5-server-ldap-1.10.3-37.el6_6.i686.rpm
krb5-server-ldap-1.10.3-37.el6_6.x86_64.rpm
krb5-workstation-1.10.3-37.el6_6.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/krb5-1.10.3-37.el6_6.src.rpm
Description of changes:
[1.10.3-37]
- fix for CVE-2014-5355 (#1193939) "krb5: unauthenticated
denial of service in recvauth_common() and others"
[1.10.3-36]
- fix for CVE-2014-5353 (#1174543) "Fix LDAP misused policy
name crash"
[1.10.3-35]
- Changelog fixes to make errata subsystem happy.
[1.10.3-34]
- fix for CVE-2014-5352 (#1179856) "gss_process_context_token()
incorrectly frees context (MITKRB5-SA-2015-001)"
- fix for CVE-2014-9421 (#1179857) "kadmind doubly frees partial
deserialization results (MITKRB5-SA-2015-001)"
- fix for CVE-2014-9422 (#1179861) "kadmind incorrectly
validates server principal name (MITKRB5-SA-2015-001)"
More information about the El-errata
mailing list