Synopsis: Critical: krb5 security update
Issue date: 2009-04-07
CVE Names: CVE-2009-0846
An input validation flaw was found in the ASN.1 (Abstract Syntax
Notation One) decoder used by MIT Kerberos. A remote attacker could use
this flaw to crash a network service using the MIT Kerberos library,
such as kadmind or krb5kdc, by causing it to dereference or free an
uninitialized pointer or, possibly, execute arbitrary code with the
privileges of the user running the service. (CVE-2009-0846)
All running services using the MIT Kerberos libraries must be restarted
for the update to take effect.
SL 3.0.x
SRPMS:
krb5-1.2.7-70.src.rpm
i386:
krb5-devel-1.2.7-70.i386.rpm
krb5-libs-1.2.7-70.i386.rpm
krb5-server-1.2.7-70.i386.rpm
krb5-workstation-1.2.7-70.i386.rpm
x86_64:
krb5-devel-1.2.7-70.x86_64.rpm
krb5-libs-1.2.7-70.i386.rpm
krb5-libs-1.2.7-70.x86_64.rpm
krb5-server-1.2.7-70.x86_64.rpm
krb5-workstation-1.2.7-70.x86_64.rpm
-Connie Sieh
-Troy Dawson