Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=160033575cfe7944c04092e616a886bd2ecc8be0
commit 160033575cfe7944c04092e616a886bd2ecc8be0 Author: Miklos Vajna <vmik...@frugalware.org> Date: Sat Aug 27 08:13:13 2011 +0200 FSA738-krb5 diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index 105a137..7d46753 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -26,6 +26,25 @@ <fsas> <fsa> + <id>738</id> + <date>2011-08-27</date> + <author>Miklos Vajna</author> + <package>krb5</package> + <vulnerable>1.7-6</vulnerable> + <unaffected>1.7.2-1mores1</unaffected> + <bts>http://bugs.frugalware.org/task/4256</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0628 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1320 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321</cve> + <desc>1) A vulnerability has been reported in Kerberos, which can be exploited by malicious people to cause a DoS (Denial of Service). + The vulnerability is caused due to an assertion error within the "spnego_gss_accept_sec_context()" function in src/lib/gssapi/spnego/spnego_mech.c when receiving an invalid packet, which can be exploited to e.g. crash an application using the library by sending a specially crafted packet. + 2) Joel Johnson has reported a vulnerability in Kerberos, which can be exploited by malicious users to potentially compromise a vulnerable system. + The vulnerability is caused due to an error in KDC within the "process_tgs_req()" function in kdc/do_tgs_req.c when validating or renewing tickets and can be exploited to trigger a double-free condition. + Successful exploitation may allow execution of arbitrary code. + 3) A vulnerability has been reported in Kerberos, which can be exploited by malicious users to cause a DoS (Denial of Service). + The vulnerability is caused due to a NULL pointer dereference error when processing certain Kerberos AP-REQ authenticators, which can be exploited to cause a crash in e.g. kadmind or other applications linked against the GSS-API library by sending an AP-REQ authenticator with a missing checksum field.</desc> + </fsa> + <fsa> <id>737</id> <date>2011-08-24</date> <author>Miklos Vajna</author> _______________________________________________ Frugalware-git mailing list Frugalware-git@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-git