Novell

This is Your Open EnterpriseTM

novell-kerberos 20080331

(5548eba11560878b814dc88356851561)

This document (5022520) is provided subject to the disclaimer at the end of this document.

patches this patch supersedes

This patch does not supersede any other patches.

patches that supersede this patch

This patch is not superseded by any other patches.

patch attributes

Architecture: x86
Security patch: YesView security alerts.
Priority: Mandatory
Distribution Type: Public
http://download.novell.com/Download?buildid=yEhbIVtcB40~

document

Revision: 2
Document ID: 5022520
Creation Date: 2008-04-02 13:00:01
Modified Date: 2008-05-15 02:58:00

abstract

novell-kerberos
SuSE Linux Maintenance Web (5548eba11560878b814dc88356851561)

Applies to

Package: novell-kerberos-admin-server novell-kerberos-authentication novell-kerberos-base novell-kerberos-kdc novell-kerberos-ldap-extensions novell-kerberos-password-agent novell-kerberos-password-server novell-kerberos-server-base novell-kerberos-utilities
Product(s):
Novell Open Enterprise Server 2 for x86
Novell Open Enterprise Server 2 for AMD64 and Intel EM64T
Patch: oes2-novell-kerberos-5140

Release: 20080331
Obsoletes: none

details

indications

All users of Novell Kerberos KDC 1.5 should update.

contraindications

None.

problem description

The following vulnerabilities were discovered: 1. Double-free, uninitialized data vulnerabilities in krb5kdc, when Kerberos 4 support is enabled in the Novell Kerberos KDC (MITKRB5-SA-2008-001). The patch fixes this issue and the Kerberos 4 support is now disabled. 2. Use of high-numbered file descriptors in the RPC library, used by kadmind, can cause references past the end of an array (MITKRB5-SA-2008-002). The patch fixes this issue.

file contents

Files IncludedSizeDate
novell-kerberos-kdc-1.5-32.2.i586.rpm42.2 KB (43242)2008-04-02 15:31:40
novell-kerberos-server-base-1.5-32.2.i586.rpm269.4 KB (275894)2008-04-02 15:31:43
novell-kerberos-password-server-1.5-32.2.i586.rpm21.1 KB (21674)2008-04-02 15:31:42
novell-kerberos-base-1.5-32.2.i586.rpm258.4 KB (264666)2008-04-02 15:31:40
novell-kerberos-ldap-extensions-1.5-32.2.i586.rpm25.6 KB (26232)2008-04-02 15:31:41
novell-kerberos-authentication-1.5-32.2.i586.rpm17.9 KB (18426)2008-04-02 15:31:39
novell-kerberos-admin-server-1.5-32.2.i586.rpm30.7 KB (31486)2008-04-02 15:31:38
novell-kerberos-utilities-1.5-32.2.i586.rpm111.7 KB (114390)2008-04-02 15:31:43
novell-kerberos-password-agent-1.5-32.2.i586.rpm25.1 KB (25747)2008-04-02 15:31:41
readme_5022520.htmlN/A2008-05-15 02:58:02

source packages

Download the source code of the patches for maintained products.

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.

© 2007 Novell, Inc. All Rights Reserved.