krb5 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1279043819
업데이트 : 2010.07.14
상세내용
1.3.4-62.el48.2 update
- fixed CVE-2010-1321
CVE-2010-1321:
The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API
library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2,
as used in kadmind and other applications, does not properly check for
invalid GSS-API tokens, which allows remote authenticated users to cause
a denial of service (NULL pointer dereference and daemon crash) via an
AP-REQ message in which the authenticator's checksum field is missing.
Autoupdates 지원 : Packages System
pkgadd -F "krb5*"
update 패키지
RPMS :
. krb5-libs-1.3.4-62.el48.2.i686.rpm
. krb5-server-1.3.4-62.el48.2.i686.rpm
. krb5-workstation-1.3.4-62.el48.2.i686.rpm
. krb5-devel-1.3.4-62.el48.2.i686.rpm
SRPMS :
. krb5-1.3.4-62.el48.2.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321
|