FLEA-2007-0029-1: krb5 krb5-workstation

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Foresight Linux Essential Advisory: 2007-0029-1 Published: 2007-06-27

Rating: Critical

Updated Versions:

    krb5=/conary.rpath.com@rpl:devel//1/1.4.1-7.7-1     krb5-workstation=/conary.rpath.com@rpl:devel//1/1.4.1-7.7-1     group-dist=/foresight.rpath.org@fl:1-devel//1/1.3.1-0.2-3

References:

    
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442
    
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2443
    
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2798
    
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txt
    
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-005.txt

Description:

    Previous versions of the krb5 package are vulnerable to three     attacks. Two (MITKRB5-SA-2007-004: CVE-2007-2442 and CVE-2007-2443)     are likely limited in practice on Foresight Linux to denial of service,     but the third (MITKRB5-SA-2007-005: CVE-2007-2798) is believed to     allow a remote arbitrary code execution attack against kadmind     servers. Foresight Linux systems are not automatically configured with     kadmind enabled.

• ---

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Copyright 2007 Foresight Linux Project
This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----

Version: GnuPG v2.0.4 (GNU/Linux)

iQIVAwUBRoMAZtfwEn07iAtZAQIVWhAAlbOiMLhjLd8e4TqjCx/UXPby0jEBzO5P wMX+mJlGUHnX4FfvYqlNgpPnPL6DdfymieE6AnTxs85/Gsuli2aGLN09gPpG5UW1 MxF2pM3pbYGc5DmLZrWJadmx/q+BQTZ3NHBOi/hYnoMLO3ppnuEhIQYyQkMRJlel UEob7/KYflIZp1QjLcDvbG3Vag+AwGMCybSRMWTP+Mfo+SaXQSbCbumpF8JYBd12 SQjQCrj+hLTyet0DaDqqDj97xUh7F1Nxm7wL3HSxPTBQf6vNKvkcIkACtQVADy4H q5MKJS+oRtVoILdJduhjmaPpEp6XxhAMinPvWdZ3XKOExTae4OvreAOP2hR2aySx V60CZgNR3dsd7FIc+BRY8uIS31yjM+lcHPI8tsvd55cSgdNQ63umw6mleusMgLHY PCkzG+2xEnwQYY6GGXHbhBZsxuRR6JzjKmLWzf5suOJBMLFoKoDYD2ThqodcwX1u XfEgLFI5bTTiU8y8F5XVsjC00IoV+n/aiQ3dtcr1o9REB/Ht99+1+OwUvAGr5hwy qRAoDmkKz4rCXzUB9HHkGyNuv8CIdgpWdsCSbV9RNaqVLbQpf4yokxHWif7KrB/5 BzuK3wg+rorWy1ZYcJo0Zf9ewYRGXQtJ6qhX1Kko+P+hdQ4T/OYCqSf1Lts2X99d 2HzaipeRrok=
=aRLv
-----END PGP SIGNATURE-----
Received on Thu Jun 28 11:43:05 2007