[Technik] [SECURITY] [DSA 1524-1] New krb5 packages fix multiple vulnerabilities
Noèl Köthe
noel at debian.org
Wed Mar 19 13:18:04 CET 2008
Am Dienstag, den 18.03.2008, 20:11 +0100 schrieb Noah Meyerhans:
> Debian Security Advisory DSA-1524-1 security at debian.org
> http://www.debian.org/security/ Noah Meyerhans
> March 18, 2008 http://www.debian.org/security/faq
>
> Package : krb5
> Vulnerability : several
> Problem type : remote
> Debian-specific: no
> CVE Id(s) : CVE-2008-0062 CVE-2008-0063 CVE-2008-0947
krb5 auf allen Rechnern aktualisiert.
> For the stable distribution (etch), these problems have been fixed in
> version 1.4.4-7etch5.
changelog:
krb5 (1.4.4-7etch5) stable-security; urgency=emergency
* MITKRB5-SA-2008-001: When Kerberos v4 support is enabled in the KDC,
malformed messages may result in NULL pointer use, double-frees, or
exposure of information. (CVE-2008-0062, CVE-2008-0063)
* MITKRB5-SA-2008-002: If the file descriptor limit is larger than
FD_SETSIZE and kadmind has more open connections than FD_SETSIZE, an
array overrun and memory corruption may result. (CVE-2008-0947)
-- Russ Allbery <rra at debian.org> Thu, 06 Mar 2008 14:27:28 -0800
> For the old stable distribution (sarge), these problems have been fixed
> in version krb5 1.3.6-2sarge6.
changelog:
krb5 (1.3.6-2sarge6) oldstable-security; urgency=emergency
* MITKRB5-SA-2008-001: When Kerberos v4 support is enabled in the KDC,
malformed messages may result in NULL pointer use, double-frees, or
exposure of information. (CVE-2008-0062, CVE-2008-0063)
-- Russ Allbery <rra at debian.org> Thu, 06 Mar 2008 17:20:27 -0800
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20080319/1c99b695/attachment.pgp
More information about the Technik
mailing list