| Description: | Description:
The remote host is missing an update to krb5
announced via advisory FEDORA-2004-276.
Several double-free bugs were found in the Kerberos 5 KDC and
libraries. A remote attacker could potentially exploit these flaws to
execute arbitrary code. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the names CVE-2004-0642 and
CVE-2004-0643 to these issues.
A double-free bug was also found in the krb524 server
(CVE-2004-0772), however this issue does not affect Fedora Core.
An infinite loop bug was found in the Kerberos 5 ASN.1 decoder
library. A remote attacker may be able to trigger this flaw and cause
a denial of service. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-0644 to this issue.
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
215744598787e8555852a42346523ff0 SRPMS/krb5-1.3.4-5.src.rpm
0bdb0a2c01e7682ac61009e86eb79c92 x86_64/krb5-devel-1.3.4-5.x86_64.rpm
575fa819175d43d6835867acb616da45 x86_64/krb5-libs-1.3.4-5.x86_64.rpm
2417f376a3f96de6514432efd70ba550 x86_64/krb5-server-1.3.4-5.x86_64.rpm
f79c01f71dd81127946c5e951ee3fa70 x86_64/krb5-workstation-1.3.4-5.x86_64.rpm
43fd30f8236c8a05edc726d7a9a318c9 x86_64/debug/krb5-debuginfo-1.3.4-5.x86_64.rpm
90924e3b1aa64f7e0780613e49d97a77 x86_64/krb5-libs-1.3.4-5.i386.rpm
201f89557be28e3cbcf6c7e2d23187d0 i386/krb5-devel-1.3.4-5.i386.rpm
90924e3b1aa64f7e0780613e49d97a77 i386/krb5-libs-1.3.4-5.i386.rpm
0ea73ac3eeb55350d9ae5b2bcdf33059 i386/krb5-server-1.3.4-5.i386.rpm
69ecbbe96b6b900c0a8b5f5d76fffbab i386/krb5-workstation-1.3.4-5.i386.rpm
dfb27688cf0416cb9c051e9df0bbe5ab i386/debug/krb5-debuginfo-1.3.4-5.i386.rpm
This update can also be installed with the Update Agent
you can
launch the Update Agent with the 'up2date' command.
Solution: Apply the appropriate updates.
http://www.fedoranews.org/updates/FEDORA-2004-276.shtml
Risk factor : High
CVSS Score:
7.5
|
