Summary
The remote host is missing an update to krb5
announced via advisory FEDORA-2009-2834.
Solution
Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update krb5' at the command line.
For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-2834
Insight
Update Information:
This update incorporates patches to fix potential read overflow and NULL pointer dereferences in the implementation of the SPNEGO GSSAPI mechanism (CVE-2009-0844, CVE-2009-0845), attempts to free an uninitialized pointer during protocol parsing (CVE-2009-0846), and a bug in length validation during protocol parsing (CVE-2009-0847).
ChangeLog:
* Tue Apr 7 2009 Nalin Dahyabhai 1.6.3-16
- add patches for read overflow and null pointer dereference in the implementation of the SPNEGO mechanism (CVE-2009-0844, CVE-2009-0845) - add patch for attempt to free uninitialized pointer in libkrb5 (CVE-2009-0846)
- add patch to fix length validation bug in libkrb5 (CVE-2009-0847) * Mon Apr 6 2009 Nalin Dahyabhai
- pull in a couple of defuzzed patches from the F-10 version of this package, dropping a redundant man page patch in the process
References
Severity
Classification
-
CVE CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities