Summary
The remote host is missing an update to krb5
announced via advisory FEDORA-2009-2852.
Solution
Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update krb5' at the command line.
For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-2852
Insight
Update Information:
This update incorporates patches to fix potential read overflow and NULL pointer dereferences in the implementation of the SPNEGO GSSAPI mechanism (CVE-2009-0844, CVE-2009-0845), attempts to free an uninitialized pointer during protocol parsing (CVE-2009-0846), and a bug in length validation during protocol parsing (CVE-2009-0847).
ChangeLog:
* Tue Apr 7 2009 Nalin Dahyabhai 1.6.3-18
- add patches for read overflow and null pointer dereference in the implementation of the SPNEGO mechanism (CVE-2009-0844, CVE-2009-0845) - add patch for attempt to free uninitialized pointer in libkrb5 (CVE-2009-0846)
- add patch to fix length validation bug in libkrb5 (CVE-2009-0847) * Tue Mar 17 2009 Nalin Dahyabhai 1.6.3-17
- libgssapi_krb5: backport fix for some errors which can occur when we fail to set up the server half of a context (CVE-2009-0845)
References
Severity
Classification
-
CVE CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities