RHSA-2011:0200: krb5 security update

Description

Kerberos is a network authentication system which allows clients andservers to authenticate to each other using symmetric encryption and atrusted third-party, the Key Distribution Center (KDC).A NULL pointer dereference flaw was found in the way the MIT Kerberos KDCprocessed principal names that were not null terminated, when the KDC wasconfigured to use an LDAP back end. A remote attacker could use this flawto crash the KDC via a specially-crafted request. (CVE-2011-0282)A denial of service flaw was found in the way the MIT Kerberos KDCprocessed certain principal names when the KDC was configured to use anLDAP back end. A remote attacker could use this flaw to cause the KDC tohang via a specially-crafted request. (CVE-2011-0281)A denial of service flaw was found in the way the MIT Kerberos V5 slave KDCupdate server (kpropd) processed certain update requests for KDC databasepropagation. A remote attacker could use this flaw to terminate the kpropddaemon via a specially-crafted update request. (CVE-2010-4022)Red Hat would like to thank the MIT Kerberos Team for reporting theCVE-2011-0282 and CVE-2011-0281 issues. Upstream acknowledges KevinLongfellow of Oracle Corporation as the original reporter of theCVE-2011-0281 issue.All krb5 users should upgrade to these updated packages, which containbackported patches to correct these issues. After installing the updatedpackages, the krb5kdc daemon will be restarted automatically.