Oval Definition:oval:com.redhat.rhsa:def:20090409
Revision Date:2009-04-07Version:637
Title:RHSA-2009:0409: krb5 security update (Important)
Description:Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC).

  • An input validation flaw was found in the ASN.1 (Abstract Syntax Notation One) decoder used by MIT Kerberos. A remote attacker could use this flaw to crash a network service using the MIT Kerberos library, such as kadmind or krb5kdc, by causing it to dereference or free an uninitialized pointer. (CVE-2009-0846)

    All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running services using the MIT Kerberos libraries must be restarted for the update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2009-0846
    RHSA-2009:0409
    RHSA-2009:0409-01
    RHSA-2009:0409-01
    Platform(s):Red Hat Enterprise Linux 4
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • krb5-devel is earlier than 0:1.3.4-60.el4_7.2
  • AND krb5-devel is signed with Red Hat redhatrelease2 key
  • krb5-libs is earlier than 0:1.3.4-60.el4_7.2
  • AND krb5-libs is signed with Red Hat redhatrelease2 key
  • krb5-server is earlier than 0:1.3.4-60.el4_7.2
  • AND krb5-server is signed with Red Hat redhatrelease2 key
  • krb5-workstation is earlier than 0:1.3.4-60.el4_7.2
  • AND krb5-workstation is signed with Red Hat redhatrelease2 key
    • BACK