krb5-1.15.1-18.el7
エラータID: AXSA:2018-2754:01
Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).
Security Fix(es):
* krb5: Authentication bypass by improper validation of certificate EKU and SAN (CVE-2017-7562)
* krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure (CVE-2017-11368)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Asianux Server 7.5 Release Notes linked from the References section.
CVE-2017-7562
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
CVE-2017-11368
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
Update packages.
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.
N/A
SRPMS
- krb5-1.15.1-18.el7.src.rpm
MD5: 0079fb0b93b5e15e0079617fd87b60dd
SHA-256: 66681fba5273cb555505cb07d3927af9031911c83e369d2b053e400626815a18
Size: 10.84 MB
Asianux Server 7 for x86_64
- krb5-devel-1.15.1-18.el7.x86_64.rpm
MD5: 0ac53f52391fa1cf255ec5d125ecd380
SHA-256: b073e95d6a3acc74413c56557802bf1c7e08f50b26c9499317de54e781f830ee
Size: 267.81 kB - krb5-libs-1.15.1-18.el7.x86_64.rpm
MD5: 6ab4a025aab08fef5ba13aa191dd2fef
SHA-256: 10cbae80a84488db0a7632ecb29e2712d3f1ab64c603b752e1933ad125ed5847
Size: 745.73 kB - krb5-pkinit-1.15.1-18.el7.x86_64.rpm
MD5: 478c04c4e98c7a64482791dd1ebd2ca4
SHA-256: e1a2b4fc4e1595ee8c2f060975a5382c4a1c9417dd740b77cb5698fbf1d45c01
Size: 161.53 kB - krb5-server-1.15.1-18.el7.x86_64.rpm
MD5: ecbea1028ccaf6d7ce6857d8b845e0fd
SHA-256: 763f3e78112d25490f5e2330b1537c4ec521bc2f0c798f298475a3afb22ef298
Size: 1.02 MB - krb5-server-ldap-1.15.1-18.el7.x86_64.rpm
MD5: dbf4dedbce0ee0cdfd1641ab28a638e8
SHA-256: 0d7703a3b704ac8b6b1a861f7719a33999d3b111044b008aea29a96ee757952f
Size: 189.85 kB - krb5-workstation-1.15.1-18.el7.x86_64.rpm
MD5: 3ba8051c5f55bc01d993ca0102db0dc7
SHA-256: e2935d67b27e5ed944d526288a79cd35ae07ba8d468fb0d589fe8900bcbda261
Size: 821.96 kB - libkadm5-1.15.1-18.el7.x86_64.rpm
MD5: 1ee05ea21ce4c28f09eff2e625908271
SHA-256: 2678d232edc6e18cad50754f2c3285d11d767403bd44451ab48609ec7a2807e7
Size: 174.09 kB - krb5-devel-1.15.1-18.el7.i686.rpm
MD5: 949a26bf1085458c24691345257517d3
SHA-256: b52a83c649cb74225966dd2158ea1b83868ed27d556e0d9f660c99545ce770cb
Size: 266.93 kB - krb5-libs-1.15.1-18.el7.i686.rpm
MD5: af82c5989a9dd56c75b229e89a78ae42
SHA-256: dbd8b5a72ac6ba937440a5f5a19d965d4d7e8f0acc683b3300b82aa19dde3cf2
Size: 746.61 kB - libkadm5-1.15.1-18.el7.i686.rpm
MD5: fb7b563e4c2faf45af2210f1873fa4d0
SHA-256: 1c674e566313af39b2fcdfbaef5f5a5623f20c2ec919baf2a04cd8e0aa9b5320
Size: 174.64 kB