Oval Definition:oval:com.redhat.rhsa:def:20141255
Revision Date:2014-09-17Version:636
Title:RHSA-2014:1255: krb5 security update (Moderate)
Description:Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC).

  • A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345)

    All krb5 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2014-4345
    CVE-2014-4345
    RHSA-2014:1255
    RHSA-2014:1255-00
    RHSA-2014:1255-01
    Platform(s):Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • krb5-devel is earlier than 0:1.6.1-80.el5_11
  • AND krb5-devel is signed with Red Hat redhatrelease2 key
  • krb5-libs is earlier than 0:1.6.1-80.el5_11
  • AND krb5-libs is signed with Red Hat redhatrelease2 key
  • krb5-server is earlier than 0:1.6.1-80.el5_11
  • AND krb5-server is signed with Red Hat redhatrelease2 key
  • krb5-server-ldap is earlier than 0:1.6.1-80.el5_11
  • AND krb5-server-ldap is signed with Red Hat redhatrelease2 key
  • krb5-workstation is earlier than 0:1.6.1-80.el5_11
  • AND krb5-workstation is signed with Red Hat redhatrelease2 key
    • BACK