Amazon Linux 1 Security Advisory: ALAS-2011-15
Advisory Release Date: 2011-10-31 18:26 Pacific
Advisory Updated Date: 2014-09-14 14:34 Pacific
Severity:
Medium
Issue Overview:
Multiple NULL pointer dereference and assertion failure flaws were found in the MIT Kerberos KDC when it was configured to use an LDAP (Lightweight Directory Access Protocol) or Berkeley Database (Berkeley DB) back end. A remote attacker could use these flaws to crash the KDC. (CVE-2011-1527, CVE-2011-1528, CVE-2011-1529)
Affected Packages:
krb5
Issue Correction:
Run yum update krb5 to update your system.
New Packages:
i686:
krb5-devel-1.9-9.19.amzn1.i686
krb5-server-ldap-1.9-9.19.amzn1.i686
krb5-server-1.9-9.19.amzn1.i686
krb5-pkinit-openssl-1.9-9.19.amzn1.i686
krb5-libs-1.9-9.19.amzn1.i686
krb5-workstation-1.9-9.19.amzn1.i686
krb5-debuginfo-1.9-9.19.amzn1.i686
src:
krb5-1.9-9.19.amzn1.src
x86_64:
krb5-libs-1.9-9.19.amzn1.x86_64
krb5-server-1.9-9.19.amzn1.x86_64
krb5-debuginfo-1.9-9.19.amzn1.x86_64
krb5-server-ldap-1.9-9.19.amzn1.x86_64
krb5-workstation-1.9-9.19.amzn1.x86_64
krb5-devel-1.9-9.19.amzn1.x86_64
krb5-pkinit-openssl-1.9-9.19.amzn1.x86_64