Oval Definition:oval:com.redhat.rhsa:def:20130748
Revision Date:2013-04-16Version:636
Title:RHSA-2013:0748: krb5 security update (Moderate)
Description:Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC).

  • A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS (Ticket-granting Server) requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially-crafted TGS request. (CVE-2013-1416)

    All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc daemon will be restarted automatically.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2013-1416
    CVE-2013-1416
    RHSA-2013:0748
    RHSA-2013:0748-01
    RHSA-2013:0748-01
    Platform(s):Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • krb5-devel is earlier than 0:1.10.3-10.el6_4.2
  • AND krb5-devel is signed with Red Hat redhatrelease2 key
  • krb5-libs is earlier than 0:1.10.3-10.el6_4.2
  • AND krb5-libs is signed with Red Hat redhatrelease2 key
  • krb5-pkinit-openssl is earlier than 0:1.10.3-10.el6_4.2
  • AND krb5-pkinit-openssl is signed with Red Hat redhatrelease2 key
  • krb5-server is earlier than 0:1.10.3-10.el6_4.2
  • AND krb5-server is signed with Red Hat redhatrelease2 key
  • krb5-server-ldap is earlier than 0:1.10.3-10.el6_4.2
  • AND krb5-server-ldap is signed with Red Hat redhatrelease2 key
  • krb5-workstation is earlier than 0:1.10.3-10.el6_4.2
  • AND krb5-workstation is signed with Red Hat redhatrelease2 key
    • BACK