Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2015-2154)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.122742

Kategorie: Oracle Linux Local Security Checks

Titel: Oracle: Security Advisory (ELSA-2015-2154)

Zusammenfassung: The remote host is missing an update for the 'krb5' package(s) announced via the ELSA-2015-2154 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'krb5' package(s) announced via the ELSA-2015-2154 advisory.

Vulnerability Insight:
[1.13.2-9]
- Add patch and test case for 'KDC does not return proper
client principal for client referrals'
- Resolves: #1259846

[1.13.2-9]
- Amend patch for RedHat bug #1252454 ('testsuite complains
'Lifetime has increased by 32436 sec while 0 sec passed!',
while rhel5-libkrb5 passes') to handle the newly introduced
valgrind hits.

[1.13.2-8]
- Add a patch to fix RH Bug #1250154 ('[s390x, ppc64, ppc64le]:
kadmind does not accept ACL if kadm5.acl does not end with EOL')
The code 'accidently' works on x86/AMD64 because declaring a
variable char results in an unsigned char by default while
most other platforms (e.g. { s390x, ppc64, ppc64le, ...})
default to signed char (still have to use lint(1) to clean
up 38 more instances of this kind of bug).

[1.13.2-7]
- Obsolete multilib versions of server packages to fix RH
bug #1251913 ('krb5 should obsolete the multilib versions
of krb5-server and krb5-server-ldap').
The following packages are declared obsolete:
- krb5-server-1.11.3-49.el7.i686
- krb5-server-1.11.3-49.el7.ppc
- krb5-server-1.11.3-49.el7.s390
- krb5-server-ldap-1.11.3-49.el7.i686
- krb5-server-ldap-1.11.3-49.el7.ppc
- krb5-server-ldap-1.11.3-49.el7.s390

[1.13.2-6]
- Add a patch to fix RedHat bug #1252454 ('testsuite complains
'Lifetime has increased by 32436 sec while 0 sec passed!',
while rhel5-libkrb5 passes') so that krb5 resolves GSS creds
if time_rec is requested.

[1.13.2-5]
- Add a patch to fix RedHat bug #1251586 ('KDC sends multiple
requests to ipa-otpd for the same authentication') which causes
the KDC to send multiple retries to ipa-otpd for TCP transports
while it should only be done for UDP.

[1.13.2-4]
- the rebase to krb5 1.13.2 in vers 1.13.2-0 also fixed:
- Redhat Bug #1247761 ('RFE: Minor krb5 spec file cleanup and sync
with recent Fedora 22/23 changes')
- Redhat Bug #1247751 ('krb5-config returns wrong -specs path')
- Redhat Bug #1247608 ('Add support for multi-hop preauth mechs
via KDC_ERR_MORE_PREAUTH_DATA_REQUIRED for RFC 6113 ('A
Generalized Framework for Kerberos Pre-Authentication')')
- Removed 'krb5-1.10-kprop-mktemp.patch' and
'krb5-1.3.4-send-pr-tempfile.patch', both are no longer used since
the rebase to krb5 1.13.1

[1.13.2-3]
- Add patch to fix Redhat Bug #1222903 ('[SELinux] AVC denials may appear
when kadmind starts'). The issue was caused by an unneeded htons()
which triggered SELinux AVC denials due to the 'random' port usage.

[1.13.2-2]
- Add fix for RedHat Bug #1164304 ('Upstream unit tests loads
the installed shared libraries instead the ones from the build')

[1.13.2-1]
- the rebase to krb5 1.13.1 in vers 1.13.1-0 also fixed:
- Bug 1144498 ('Fix the race condition in the libkrb5 replay cache')
- Bug 1163402 ('kdb5_ldap_util view_policy does not shows ticket flags on s390x and ppc64')
- Bug 1185770 ('Missing ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'krb5' package(s) on Oracle Linux 7.

Solution:
Please install the updated package(s).

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-5355
BugTraq ID: 74042
http://www.securityfocus.com/bid/74042
http://www.mandriva.com/security/advisories?name=MDVSA-2015:069
https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html
RedHat Security Advisories: RHSA-2015:0794
http://rhn.redhat.com/errata/RHSA-2015-0794.html
SuSE Security Announcement: openSUSE-SU-2015:0542 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html
http://www.ubuntu.com/usn/USN-2810-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-2694
BugTraq ID: 74824
http://www.securityfocus.com/bid/74824

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.122742
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2015-2154)
Zusammenfassung:	The remote host is missing an update for the 'krb5' package(s) announced via the ELSA-2015-2154 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'krb5' package(s) announced via the ELSA-2015-2154 advisory. Vulnerability Insight: [1.13.2-9] - Add patch and test case for 'KDC does not return proper client principal for client referrals' - Resolves: #1259846 [1.13.2-9] - Amend patch for RedHat bug #1252454 ('testsuite complains 'Lifetime has increased by 32436 sec while 0 sec passed!', while rhel5-libkrb5 passes') to handle the newly introduced valgrind hits. [1.13.2-8] - Add a patch to fix RH Bug #1250154 ('[s390x, ppc64, ppc64le]: kadmind does not accept ACL if kadm5.acl does not end with EOL') The code 'accidently' works on x86/AMD64 because declaring a variable char results in an unsigned char by default while most other platforms (e.g. { s390x, ppc64, ppc64le, ...}) default to signed char (still have to use lint(1) to clean up 38 more instances of this kind of bug). [1.13.2-7] - Obsolete multilib versions of server packages to fix RH bug #1251913 ('krb5 should obsolete the multilib versions of krb5-server and krb5-server-ldap'). The following packages are declared obsolete: - krb5-server-1.11.3-49.el7.i686 - krb5-server-1.11.3-49.el7.ppc - krb5-server-1.11.3-49.el7.s390 - krb5-server-ldap-1.11.3-49.el7.i686 - krb5-server-ldap-1.11.3-49.el7.ppc - krb5-server-ldap-1.11.3-49.el7.s390 [1.13.2-6] - Add a patch to fix RedHat bug #1252454 ('testsuite complains 'Lifetime has increased by 32436 sec while 0 sec passed!', while rhel5-libkrb5 passes') so that krb5 resolves GSS creds if time_rec is requested. [1.13.2-5] - Add a patch to fix RedHat bug #1251586 ('KDC sends multiple requests to ipa-otpd for the same authentication') which causes the KDC to send multiple retries to ipa-otpd for TCP transports while it should only be done for UDP. [1.13.2-4] - the rebase to krb5 1.13.2 in vers 1.13.2-0 also fixed: - Redhat Bug #1247761 ('RFE: Minor krb5 spec file cleanup and sync with recent Fedora 22/23 changes') - Redhat Bug #1247751 ('krb5-config returns wrong -specs path') - Redhat Bug #1247608 ('Add support for multi-hop preauth mechs via KDC_ERR_MORE_PREAUTH_DATA_REQUIRED for RFC 6113 ('A Generalized Framework for Kerberos Pre-Authentication')') - Removed 'krb5-1.10-kprop-mktemp.patch' and 'krb5-1.3.4-send-pr-tempfile.patch', both are no longer used since the rebase to krb5 1.13.1 [1.13.2-3] - Add patch to fix Redhat Bug #1222903 ('[SELinux] AVC denials may appear when kadmind starts'). The issue was caused by an unneeded htons() which triggered SELinux AVC denials due to the 'random' port usage. [1.13.2-2] - Add fix for RedHat Bug #1164304 ('Upstream unit tests loads the installed shared libraries instead the ones from the build') [1.13.2-1] - the rebase to krb5 1.13.1 in vers 1.13.1-0 also fixed: - Bug 1144498 ('Fix the race condition in the libkrb5 replay cache') - Bug 1163402 ('kdb5_ldap_util view_policy does not shows ticket flags on s390x and ppc64') - Bug 1185770 ('Missing ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'krb5' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-5355 BugTraq ID: 74042 http://www.securityfocus.com/bid/74042 http://www.mandriva.com/security/advisories?name=MDVSA-2015:069 https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html RedHat Security Advisories: RHSA-2015:0794 http://rhn.redhat.com/errata/RHSA-2015-0794.html SuSE Security Announcement: openSUSE-SU-2015:0542 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html http://www.ubuntu.com/usn/USN-2810-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-2694 BugTraq ID: 74824 http://www.securityfocus.com/bid/74824
Copyright	Copyright (C) 2015 Greenbone AG