Synopsis: Important: krb5 security update Issue date: 2011-02-08 CVE Names: CVE-2010-4022 CVE-2011-0281 CVE-2011-0282 A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed principal names that were not null terminated, when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to crash the KDC via a specially-crafted request. (CVE-2011-0282) A denial of service flaw was found in the way the MIT Kerberos KDC processed certain principal names when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to cause the KDC to hang via a specially-crafted request. (CVE-2011-0281) A denial of service flaw was found in the way the MIT Kerberos V5 slave KDC update server (kpropd) processed certain update requests for KDC database propagation. A remote attacker could use this flaw to terminate the kpropd daemon via a specially-crafted update request. (CVE-2010-4022) After installing the updated packages, the krb5kdc daemon will be restarted automatically. SL 6.x SRPMS: krb5-1.8.2-3.el6_0.4.src.rpm i386: krb5-devel-1.8.2-3.el6_0.4.i686.rpm krb5-libs-1.8.2-3.el6_0.4.i686.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.4.i686.rpm krb5-server-1.8.2-3.el6_0.4.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.4.i686.rpm krb5-workstation-1.8.2-3.el6_0.4.i686.rpm x86_64: krb5-devel-1.8.2-3.el6_0.4.i686.rpm krb5-devel-1.8.2-3.el6_0.4.x86_64.rpm krb5-libs-1.8.2-3.el6_0.4.i686.rpm krb5-libs-1.8.2-3.el6_0.4.x86_64.rpm krb5-pkinit-openssl-1.8.2-3.el6_0.4.x86_64.rpm krb5-server-1.8.2-3.el6_0.4.x86_64.rpm krb5-server-ldap-1.8.2-3.el6_0.4.i686.rpm krb5-server-ldap-1.8.2-3.el6_0.4.x86_64.rpm krb5-workstation-1.8.2-3.el6_0.4.x86_64.rpm -Connie Sieh -Troy Dawson