Synopsis: Moderate: krb5 security update Advisory ID: SLSA-2013:0942-1 Issue Date: 2013-06-12 CVE Numbers: CVE-2002-2443 -- It was found that kadmind's kpasswd service did not perform any validation on incoming network packets, causing it to reply to all requests. A remote attacker could use this flaw to send spoofed packets to a kpasswd service that appear to come from kadmind on a different server, causing the services to keep replying packets to each other, consuming network bandwidth and CPU. (CVE-2002-2443) After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically. -- SL5 x86_64 krb5-debuginfo-1.6.1-70.el5_9.2.i386.rpm krb5-debuginfo-1.6.1-70.el5_9.2.x86_64.rpm krb5-libs-1.6.1-70.el5_9.2.i386.rpm krb5-libs-1.6.1-70.el5_9.2.x86_64.rpm krb5-workstation-1.6.1-70.el5_9.2.x86_64.rpm krb5-devel-1.6.1-70.el5_9.2.i386.rpm krb5-devel-1.6.1-70.el5_9.2.x86_64.rpm krb5-server-1.6.1-70.el5_9.2.x86_64.rpm krb5-server-ldap-1.6.1-70.el5_9.2.x86_64.rpm i386 krb5-debuginfo-1.6.1-70.el5_9.2.i386.rpm krb5-libs-1.6.1-70.el5_9.2.i386.rpm krb5-workstation-1.6.1-70.el5_9.2.i386.rpm krb5-devel-1.6.1-70.el5_9.2.i386.rpm krb5-server-1.6.1-70.el5_9.2.i386.rpm krb5-server-ldap-1.6.1-70.el5_9.2.i386.rpm SL6 x86_64 krb5-debuginfo-1.10.3-10.el6_4.3.i686.rpm krb5-debuginfo-1.10.3-10.el6_4.3.x86_64.rpm krb5-libs-1.10.3-10.el6_4.3.i686.rpm krb5-libs-1.10.3-10.el6_4.3.x86_64.rpm krb5-pkinit-openssl-1.10.3-10.el6_4.3.x86_64.rpm krb5-workstation-1.10.3-10.el6_4.3.x86_64.rpm krb5-devel-1.10.3-10.el6_4.3.i686.rpm krb5-devel-1.10.3-10.el6_4.3.x86_64.rpm krb5-server-1.10.3-10.el6_4.3.x86_64.rpm krb5-server-ldap-1.10.3-10.el6_4.3.i686.rpm krb5-server-ldap-1.10.3-10.el6_4.3.x86_64.rpm i386 krb5-debuginfo-1.10.3-10.el6_4.3.i686.rpm krb5-libs-1.10.3-10.el6_4.3.i686.rpm krb5-pkinit-openssl-1.10.3-10.el6_4.3.i686.rpm krb5-workstation-1.10.3-10.el6_4.3.i686.rpm krb5-devel-1.10.3-10.el6_4.3.i686.rpm krb5-server-1.10.3-10.el6_4.3.i686.rpm krb5-server-ldap-1.10.3-10.el6_4.3.i686.rpm - Scientific Linux Development Team