|
|
>> Fedora Security Update Fixes MIT Kerberos Multiple Command Execution Vulnerabilities
|
Title : Fedora Security Update Fixes MIT Kerberos Multiple Command Execution Vulnerabilities
VUPEN ID : VUPEN/ADV-2007-1226
CVE ID : CVE-2007-0956 - CVE-2007-0957 - CVE-2007-1216
Rated as : Critical 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-04-04
|
Fedora has released security updates to address multiple vulnerabilities identified in krb5. These issues could be exploited by attackers to bypass security restrictions and execute arbitrary commands. For additional information, see : VUPEN/ADV-2007-1218
Affected Products
Fedora Core 5
Fedora Core 6
Solution
Upgrade the affected packages :
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
aa93427c2746f1bbbe8efe23a5c5467c60d30e08 SRPMS/krb5-1.4.3-5.4.src.rpm
aa93427c2746f1bbbe8efe23a5c5467c60d30e08 noarch/krb5-1.4.3-5.4.src.rpm
48c9018cddb73d08ffb00a90f9881c2aa5903d23 ppc/debug/krb5-debuginfo-1.4.3-5.4.ppc.rpm
cbe7dd65e1789a36643d3f8cf14e99baed64deb5 ppc/krb5-devel-1.4.3-5.4.ppc.rpm
7e3358bcebb4905cd6a1f56d123605b73cd34e76 ppc/krb5-libs-1.4.3-5.4.ppc.rpm
61b890d957e9bcf7c07f63a191dba10035d68214 ppc/krb5-workstation-1.4.3-5.4.ppc.rpm
ff67a4115d83936cd8f6d081f5d46b0184977495 ppc/krb5-server-1.4.3-5.4.ppc.rpm
dc8a46dc68d7ee109980da5aabb6fe79d0f083d6 x86_64/krb5-workstation-1.4.3-5.4.x86_64.rpm
db80ab276f2ad2d0a5ecd609628927b3a9f5696f x86_64/krb5-server-1.4.3-5.4.x86_64.rpm
539cf0842e40bd7f7e8ae894c2754c77aea19359 x86_64/krb5-libs-1.4.3-5.4.x86_64.rpm
71bb8fd479ef11d7214f34c98e133351fbda6517 x86_64/krb5-devel-1.4.3-5.4.x86_64.rpm
cc6002aab53682ca0168717b93044c732f2767d1 x86_64/debug/krb5-debuginfo-1.4.3-5.4.x86_64.rpm
d6ac9c92d1c2588ee2c2a11aad0120dc8295d0de i386/krb5-devel-1.4.3-5.4.i386.rpm
5a3a187cb31db326e73458697ac87122df6ed7f5 i386/debug/krb5-debuginfo-1.4.3-5.4.i386.rpm
442af2e9753cf1910e5aa307b55403dd92654204 i386/krb5-server-1.4.3-5.4.i386.rpm
5bc9cfe4e938a4739ef76dd946bab8c66abf579a i386/krb5-workstation-1.4.3-5.4.i386.rpm
e5fe201c7b63323c6c2a96a0cb5b4176db84407f i386/krb5-libs-1.4.3-5.4.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
cc068f79cd7fe62667147cba0b96659ddce60b5b SRPMS/krb5-1.5-21.src.rpm
cc068f79cd7fe62667147cba0b96659ddce60b5b noarch/krb5-1.5-21.src.rpm
98c8b325ddb13f3757fb349cd87c3d61c8eec9bf ppc/krb5-workstation-1.5-21.ppc.rpm
9a20b89bdcfabf503926c17b69f09ab345a86ac3 ppc/krb5-devel-1.5-21.ppc.rpm
bca3beecb2eb73065de7f79982d3190e50fe5b6b ppc/krb5-server-1.5-21.ppc.rpm
411eecd8de23dd486abd96de14b6b45a0fcb481a ppc/krb5-libs-1.5-21.ppc.rpm
7f423433186622ec45cbff24892e58fd3eb08cd9 ppc/debug/krb5-debuginfo-1.5-21.ppc.rpm
a3138abb663b94999499bcc2ffc392710f4782f5 x86_64/debug/krb5-debuginfo-1.5-21.x86_64.rpm
412873d0d6b2ba5b4ac7a60bab868541286ac376 x86_64/krb5-server-1.5-21.x86_64.rpm
59475786c6a7c9702099257fdbd30e1657641da8 x86_64/krb5-workstation-1.5-21.x86_64.rpm
90766b552742d35290b7ac7dca280c1284a5e131 x86_64/krb5-devel-1.5-21.x86_64.rpm
479e1ae2c82899660cc4bcaa8d30fa6b2ad4a32c x86_64/krb5-libs-1.5-21.x86_64.rpm
5440d096e7f74e242c5c2974018f926f2b47e6b9 i386/krb5-workstation-1.5-21.i386.rpm
662953e86cd6f2f9ef8c7b5bf71bb5c76259186a i386/debug/krb5-debuginfo-1.5-21.i386.rpm
6b9fda6d658e97f95a1728e63cbd08b8c8586bed i386/krb5-libs-1.5-21.i386.rpm
4659fe73d50c5542f50bdcf231022fecbfdb677e i386/krb5-server-1.5-21.i386.rpm
5cda24bfe886b33745524085308cf379ae16c216 i386/krb5-devel-1.5-21.i386.rpm
References
http://www.vupen.com/english/advisories/2007/1226
https://www.redhat.com/archives/fedora-package-announce/2007-April/msg00009.html
https://www.redhat.com/archives/fedora-package-announce/2007-April/msg00008.html
ChangeLog
2007-04-04 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
