エラータID: AXSA:2018-3419:03

Release date: 
Thursday, November 8, 2018 - 16:38
Affected Channels: 
Asianux Server 7 for x86_64

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).

Security Fix(es):

* krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729)

* krb5: DN container check bypass by supplying special crafted data (CVE-2018-5730)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.6 Release Notes linked from the References section.

MIT krb5 1.6 or later allows an authenticated kadmin with permission
to add principals to an LDAP Kerberos database to cause a denial of
service (NULL pointer dereference) or bypass a DN container check by
supplying tagged data that is internal to the database module.
MIT krb5 1.6 or later allows an authenticated kadmin with permission
to add principals to an LDAP Kerberos database to circumvent a DN
containership check by supplying both a "linkdn" and "containerdn"
database argument, or by supplying a DN string which is a left
extension of a container DN string but is not hierarchically within
the container DN.


Update packages.

Additional Info: 



  1. krb5-1.15.1-34.el7.src.rpm
    MD5: c34abbeb5591fc49e7e9c5cb4a7030f1
    SHA-256: c24629d1a6829212b1a90ee48cbe797d291e415f162f639b6b8ab080de2c3d4e
    Size: 10.96 MB

Asianux Server 7 for x86_64
  1. krb5-devel-1.15.1-34.el7.x86_64.rpm
    MD5: 8e2cee972dbbb870567d3cddf4d6004b
    SHA-256: ac1251168d0baa1935ecf06a11058a6320b3d6bc822cbeea19fe9b6860dc98b6
    Size: 270.14 kB
  2. krb5-libs-1.15.1-34.el7.x86_64.rpm
    MD5: aa1c42133dc2475d4fd8956b6b8bd743
    SHA-256: a21e5f1d31ee02ea571787166da37ebd895e09191172b350bd904d52d927b6a6
    Size: 762.17 kB
  3. krb5-pkinit-1.15.1-34.el7.x86_64.rpm
    MD5: 573d9ecfbd67e4bb9a9a153c43d3b38d
    SHA-256: 0ce2bd7ce933523e9b86aadac972fd0dc253f1abb5b1870295dbc40a1326122e
    Size: 163.20 kB
  4. krb5-server-1.15.1-34.el7.x86_64.rpm
    MD5: fd74c297418abfb8fdf078364c6cd7bb
    SHA-256: 0ca38a95c264720c72c477605b8e35f80dc84da737ed9a4bf9d5a92b5d34aa13
    Size: 1.02 MB
  5. krb5-server-ldap-1.15.1-34.el7.x86_64.rpm
    MD5: d66ea5de4cb4eefe4c9e145c74c34d13
    SHA-256: f2c6a2107591411051493bcd996655d62a4bdd1a2731a9a58eaed885ce286571
    Size: 192.32 kB
  6. krb5-workstation-1.15.1-34.el7.x86_64.rpm
    MD5: bb35d35a021320457fcde3eb9568c832
    SHA-256: 217d6bca76ea6a739494a808e09becf744c48ce959a98386f3425374c9b68f09
    Size: 815.35 kB
  7. libkadm5-1.15.1-34.el7.x86_64.rpm
    MD5: 42479ae57f70c0ace63cb991d0e1d048
    SHA-256: 383bd31ded12f93bcc0bcf81334699d6fb8eabe93fc7dc4f164ea569afe0ac93
    Size: 176.54 kB
  8. krb5-devel-1.15.1-34.el7.i686.rpm
    MD5: 5c3bd50fd216afa043542515260912b8
    SHA-256: 46d7e842c0df5b2276053609ba40cb4f008f0de01d4973d6b4bad1e66beb6de6
    Size: 269.36 kB
  9. krb5-libs-1.15.1-34.el7.i686.rpm
    MD5: f7643bcc6ffa6f89475ebc610fe232ac
    SHA-256: b45036380f9a54234fc26efdfd502497501f9f6a2ad2c2ba4cc70509f2b11690
    Size: 765.95 kB
  10. libkadm5-1.15.1-34.el7.i686.rpm
    MD5: 9d0c8bbe109dcd376ed594574ca28844
    SHA-256: ccdf74bae485453bdc6e9d5e6e9cd69e3cb92ae7caf2fc2f071b51173ecc20cf
    Size: 176.96 kB