Fedora Core 9 FEDORA-2009-6279 (pam_krb5)

Summary
The remote host is missing an update to pam_krb5 announced via advisory FEDORA-2009-6279.
Solution
Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update pam_krb5' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-6279
Insight
Update Information: This updates the pam_krb5 package from version 2.3.2 to 2.3.5, fixing CVE-2009-1384: in certain configurations, the password prompt could vary depending on whether or not the user account was known to the system or the KDC. It also fixes a bug which prevented password change attempts from working if the KDC denied requests for password-changing credentials with settings which would be used for login credentials, and makes the -n option for the afs5log command work as advertised. ChangeLog: * Tue May 26 2009 Nalin Dahyabhai - 2.3.5-1 - catch the case where we pass a NULL initial password into libkrb5 and it uses our callback to ask us for the password for the user using a principal name, and reject that (#502602) - always prompt for a password unless we were told not to (#502602, CVE-2009-1384)
References