Synopsis:	Important: krb5 security update

Issue date:	2011-02-08

CVE Names:	CVE-2010-4022 CVE-2011-0281 CVE-2011-0282



A NULL pointer dereference flaw was found in the way the MIT Kerberos 

KDC processed principal names that were not null terminated, when the 

KDC was configured to use an LDAP back end. A remote attacker could use 

this flaw to crash the KDC via a specially-crafted request. (CVE-2011-0282)



A denial of service flaw was found in the way the MIT Kerberos KDC

processed certain principal names when the KDC was configured to use an

LDAP back end. A remote attacker could use this flaw to cause the KDC to

hang via a specially-crafted request. (CVE-2011-0281)



A denial of service flaw was found in the way the MIT Kerberos V5 slave 

KDC update server (kpropd) processed certain update requests for KDC 

database propagation. A remote attacker could use this flaw to terminate 

the kpropd daemon via a specially-crafted update request. (CVE-2010-4022)



After installing the updated packages, the krb5kdc daemon will be 

restarted automatically.



SL 6.x



      SRPMS:

krb5-1.8.2-3.el6_0.4.src.rpm

      i386:

krb5-devel-1.8.2-3.el6_0.4.i686.rpm

krb5-libs-1.8.2-3.el6_0.4.i686.rpm

krb5-pkinit-openssl-1.8.2-3.el6_0.4.i686.rpm

krb5-server-1.8.2-3.el6_0.4.i686.rpm

krb5-server-ldap-1.8.2-3.el6_0.4.i686.rpm

krb5-workstation-1.8.2-3.el6_0.4.i686.rpm

      x86_64:

krb5-devel-1.8.2-3.el6_0.4.i686.rpm

krb5-devel-1.8.2-3.el6_0.4.x86_64.rpm

krb5-libs-1.8.2-3.el6_0.4.i686.rpm

krb5-libs-1.8.2-3.el6_0.4.x86_64.rpm

krb5-pkinit-openssl-1.8.2-3.el6_0.4.x86_64.rpm

krb5-server-1.8.2-3.el6_0.4.x86_64.rpm

krb5-server-ldap-1.8.2-3.el6_0.4.i686.rpm

krb5-server-ldap-1.8.2-3.el6_0.4.x86_64.rpm

krb5-workstation-1.8.2-3.el6_0.4.x86_64.rpm



-Connie Sieh

-Troy Dawson