Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2008-0062 (GCVE-0-2008-0062)
Vulnerability from cvelistv5 – Published: 2008-03-19 10:00 – Updated: 2024-08-07 07:32
VLAI?
EPSS
Summary
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
Date Public ?
2008-03-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:23.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1744",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"name": "29457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29457"
},
{
"name": "MDVSA-2008:069",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:069"
},
{
"name": "29464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29464"
},
{
"name": "GLSA-200803-31",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml"
},
{
"name": "FEDORA-2008-2637",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html"
},
{
"name": "MDVSA-2008:071",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:071"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html"
},
{
"name": "SSRT100495",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"name": "29451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29451"
},
{
"name": "29663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29663"
},
{
"name": "FEDORA-2008-2647",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112"
},
{
"name": "29438",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29438"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"name": "oval:org.mitre.oval:def:9496",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "RHSA-2008:0164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0164.html"
},
{
"name": "MDVSA-2008:070",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:070"
},
{
"name": "ADV-2008-0922",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0922/references"
},
{
"name": "29450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29450"
},
{
"name": "29435",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29435"
},
{
"name": "krb5-kdc-code-execution(41275)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41275"
},
{
"name": "1019626",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019626"
},
{
"name": "20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489883/100/0/threaded"
},
{
"name": "29428",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29428"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "DSA-1524",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1524"
},
{
"name": "30535",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30535"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "RHSA-2008:0182",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0182.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html"
},
{
"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"name": "RHSA-2008:0180",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0180.html"
},
{
"name": "SUSE-SA:2008:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html"
},
{
"name": "29516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29516"
},
{
"name": "29462",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29462"
},
{
"name": "29424",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29424"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "RHSA-2008:0181",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0181.html"
},
{
"name": "29423",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29423"
},
{
"name": "USN-587-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-587-1"
},
{
"name": "ADV-2008-1102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1102/references"
},
{
"name": "28303",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28303"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt"
},
{
"name": "20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489761"
},
{
"name": "HPSBOV02682",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"name": "VU#895609",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/895609"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1744",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"name": "29457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29457"
},
{
"name": "MDVSA-2008:069",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:069"
},
{
"name": "29464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29464"
},
{
"name": "GLSA-200803-31",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml"
},
{
"name": "FEDORA-2008-2637",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html"
},
{
"name": "MDVSA-2008:071",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:071"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html"
},
{
"name": "SSRT100495",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"name": "29451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29451"
},
{
"name": "29663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29663"
},
{
"name": "FEDORA-2008-2647",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112"
},
{
"name": "29438",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29438"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"name": "oval:org.mitre.oval:def:9496",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "RHSA-2008:0164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0164.html"
},
{
"name": "MDVSA-2008:070",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:070"
},
{
"name": "ADV-2008-0922",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0922/references"
},
{
"name": "29450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29450"
},
{
"name": "29435",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29435"
},
{
"name": "krb5-kdc-code-execution(41275)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41275"
},
{
"name": "1019626",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019626"
},
{
"name": "20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489883/100/0/threaded"
},
{
"name": "29428",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29428"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "DSA-1524",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1524"
},
{
"name": "30535",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30535"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "RHSA-2008:0182",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0182.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html"
},
{
"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"name": "RHSA-2008:0180",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0180.html"
},
{
"name": "SUSE-SA:2008:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html"
},
{
"name": "29516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29516"
},
{
"name": "29462",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29462"
},
{
"name": "29424",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29424"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "RHSA-2008:0181",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0181.html"
},
{
"name": "29423",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29423"
},
{
"name": "USN-587-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-587-1"
},
{
"name": "ADV-2008-1102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1102/references"
},
{
"name": "28303",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28303"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt"
},
{
"name": "20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489761"
},
{
"name": "HPSBOV02682",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"name": "VU#895609",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/895609"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1744",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"name": "29457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29457"
},
{
"name": "MDVSA-2008:069",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:069"
},
{
"name": "29464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29464"
},
{
"name": "GLSA-200803-31",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml"
},
{
"name": "FEDORA-2008-2637",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html"
},
{
"name": "MDVSA-2008:071",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:071"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0112",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0112"
},
{
"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html"
},
{
"name": "SSRT100495",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"name": "29451",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29451"
},
{
"name": "29663",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29663"
},
{
"name": "FEDORA-2008-2647",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112"
},
{
"name": "29438",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29438"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"name": "oval:org.mitre.oval:def:9496",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "RHSA-2008:0164",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0164.html"
},
{
"name": "MDVSA-2008:070",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:070"
},
{
"name": "ADV-2008-0922",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0922/references"
},
{
"name": "29450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29450"
},
{
"name": "29435",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29435"
},
{
"name": "krb5-kdc-code-execution(41275)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41275"
},
{
"name": "1019626",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019626"
},
{
"name": "20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489883/100/0/threaded"
},
{
"name": "29428",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29428"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "DSA-1524",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1524"
},
{
"name": "30535",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30535"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "RHSA-2008:0182",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0182.html"
},
{
"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html"
},
{
"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"name": "RHSA-2008:0180",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0180.html"
},
{
"name": "SUSE-SA:2008:016",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html"
},
{
"name": "29516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29516"
},
{
"name": "29462",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29462"
},
{
"name": "29424",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29424"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "RHSA-2008:0181",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0181.html"
},
{
"name": "29423",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29423"
},
{
"name": "USN-587-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-587-1"
},
{
"name": "ADV-2008-1102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1102/references"
},
{
"name": "28303",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28303"
},
{
"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt"
},
{
"name": "20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489761"
},
{
"name": "HPSBOV02682",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"name": "VU#895609",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/895609"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0062",
"datePublished": "2008-03-19T10:00:00.000Z",
"dateReserved": "2008-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:32:23.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2008-0062\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-03-19T10:44:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.\"},{\"lang\":\"es\",\"value\":\"KDC en MIT Kerberos 5 (krb5kdc) no fija variable global alguna para determinados tipos de mensaje krb4, la cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n mediante mensajes manipulados que disparan una referencia a un puntero nulo o doble liberaci\u00f3n de memoria (double-free).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-665\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.6.3\",\"matchCriteriaId\":\"904FBF9F-9269-4088-BD5A-3C773E6F841E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F92AB32-E7DE-43F4-B877-1F41FA162EC7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23E304C9-F780-4358-A58D-1E4C93977704\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EBDAFF8-DE44-4E80-B6BD-E341F767F501\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"823BF8BE-2309-4F67-A5E2-EAD98F723468\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3EFD171-01F7-450B-B6F3-0F7E443A2337\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72E4DB7F-07C3-46BB-AAA2-05CD0312C57F\"}]}]}],\"references\":[{\"url\":\"http://docs.info.apple.com/article.html?artnum=307562\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://secunia.com/advisories/29420\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/29423\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/29424\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/29428\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/29435\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/29438\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/29450\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/29451\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/29457\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/29462\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/29464\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/29516\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/29663\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/30535\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://wiki.rpath.com/Advisories:rPSA-2008-0112\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.debian.org/security/2008/dsa-1524\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/895609\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:069\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:070\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:071\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0164.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0180.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0181.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0182.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/archive/1/489761\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/489883/100/0/threaded\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/493080/100/0/threaded\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/28303\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1019626\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-587-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2008-0009.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0922/references\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0924/references\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1102/references\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1744\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41275\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://docs.info.apple.com/article.html?artnum=307562\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://secunia.com/advisories/29420\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/29423\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/29424\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/29428\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/29435\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/29438\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/29450\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/29451\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/29457\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/29462\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/29464\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/29516\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/29663\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/30535\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://wiki.rpath.com/Advisories:rPSA-2008-0112\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.debian.org/security/2008/dsa-1524\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/895609\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:069\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:070\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:071\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0164.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0180.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0181.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0182.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/archive/1/489761\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/489883/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/493080/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/28303\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1019626\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-587-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2008-0009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0922/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0924/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1102/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1744\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41275\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]}]}}"
}
}
GSD-2008-0062
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2008-0062",
"description": "KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.",
"id": "GSD-2008-0062",
"references": [
"https://www.suse.com/security/cve/CVE-2008-0062.html",
"https://www.debian.org/security/2008/dsa-1524",
"https://access.redhat.com/errata/RHSA-2008:0182",
"https://access.redhat.com/errata/RHSA-2008:0181",
"https://access.redhat.com/errata/RHSA-2008:0180",
"https://access.redhat.com/errata/RHSA-2008:0164",
"https://linux.oracle.com/cve/CVE-2008-0062.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2008-0062"
],
"details": "KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.",
"id": "GSD-2008-0062",
"modified": "2023-12-13T01:22:58.393542Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1744",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"name": "29457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29457"
},
{
"name": "MDVSA-2008:069",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:069"
},
{
"name": "29464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29464"
},
{
"name": "GLSA-200803-31",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml"
},
{
"name": "FEDORA-2008-2637",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html"
},
{
"name": "MDVSA-2008:071",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:071"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0112",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0112"
},
{
"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html"
},
{
"name": "SSRT100495",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"name": "29451",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29451"
},
{
"name": "29663",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29663"
},
{
"name": "FEDORA-2008-2647",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112"
},
{
"name": "29438",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29438"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"name": "oval:org.mitre.oval:def:9496",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "RHSA-2008:0164",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0164.html"
},
{
"name": "MDVSA-2008:070",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:070"
},
{
"name": "ADV-2008-0922",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0922/references"
},
{
"name": "29450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29450"
},
{
"name": "29435",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29435"
},
{
"name": "krb5-kdc-code-execution(41275)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41275"
},
{
"name": "1019626",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019626"
},
{
"name": "20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489883/100/0/threaded"
},
{
"name": "29428",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29428"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "DSA-1524",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1524"
},
{
"name": "30535",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30535"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "RHSA-2008:0182",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0182.html"
},
{
"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html"
},
{
"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"name": "RHSA-2008:0180",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0180.html"
},
{
"name": "SUSE-SA:2008:016",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html"
},
{
"name": "29516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29516"
},
{
"name": "29462",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29462"
},
{
"name": "29424",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29424"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "RHSA-2008:0181",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0181.html"
},
{
"name": "29423",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29423"
},
{
"name": "USN-587-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-587-1"
},
{
"name": "ADV-2008-1102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1102/references"
},
{
"name": "28303",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28303"
},
{
"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt"
},
{
"name": "20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489761"
},
{
"name": "HPSBOV02682",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"name": "VU#895609",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/895609"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "904FBF9F-9269-4088-BD5A-3C773E6F841E",
"versionEndIncluding": "1.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EFD171-01F7-450B-B6F3-0F7E443A2337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*",
"matchCriteriaId": "72E4DB7F-07C3-46BB-AAA2-05CD0312C57F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free."
},
{
"lang": "es",
"value": "KDC en MIT Kerberos 5 (krb5kdc) no fija variable global alguna para determinados tipos de mensaje krb4, la cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n mediante mensajes manipulados que disparan una referencia a un puntero nulo o doble liberaci\u00f3n de memoria (double-free)."
}
],
"id": "CVE-2008-0062",
"lastModified": "2024-02-09T00:42:52.807",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2008-03-19T10:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29423"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29424"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29428"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29435"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29438"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29450"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29451"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29457"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29462"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29464"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29516"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29663"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/30535"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0112"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1524"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/895609"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:069"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:070"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:071"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0164.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0180.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0181.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0182.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/489761"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/489883/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/28303"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1019626"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-587-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/0922/references"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/1102/references"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41275"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
CERTA-2008-AVI-148
Vulnerability from certfr_avis - Published: 2008-03-19 - Updated: 2008-03-19None
Description
De multiples vulnérabilités ont été découvertes dans le système d'exploitation Apple Mac OS X. L'exploitation de ces vulnérabilités permet à un individu malveillant diverses actions dont exécuter du code arbitaire à distance, effectuer un déni de service, contourner la politique de sécurité, élever ses privilèges et effectuer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité Apple 307562 pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple Mac Os X version 10.4.11 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Mac Os X version 10.5.2 et ant\u00e9rieures.",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s\npermet \u00e0 un individu malveillant diverses actions dont ex\u00e9cuter du code\narbitaire \u00e0 distance, effectuer un d\u00e9ni de service, contourner la\npolitique de s\u00e9curit\u00e9, \u00e9lever ses privil\u00e8ges et effectuer une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Apple 307562 pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-0063",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0063"
},
{
"name": "CVE-2008-0060",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0060"
},
{
"name": "CVE-2007-3847",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3847"
},
{
"name": "CVE-2007-6109",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6109"
},
{
"name": "CVE-2007-1661",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1661"
},
{
"name": "CVE-2008-0882",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0882"
},
{
"name": "CVE-2007-6336",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6336"
},
{
"name": "CVE-2007-2799",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2799"
},
{
"name": "CVE-2006-3747",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3747"
},
{
"name": "CVE-2007-5000",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
},
{
"name": "CVE-2008-1089",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1089"
},
{
"name": "CVE-2008-0005",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0005"
},
{
"name": "CVE-2007-4768",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4768"
},
{
"name": "CVE-2008-0059",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0059"
},
{
"name": "CVE-2008-1000",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1000"
},
{
"name": "CVE-2007-1660",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1660"
},
{
"name": "CVE-2007-4568",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4568"
},
{
"name": "CVE-2007-3378",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3378"
},
{
"name": "CVE-2008-0052",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0052"
},
{
"name": "CVE-2008-0990",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0990"
},
{
"name": "CVE-2008-0995",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0995"
},
{
"name": "CVE-2007-0898",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0898"
},
{
"name": "CVE-2007-5266",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5266"
},
{
"name": "CVE-2008-0055",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0055"
},
{
"name": "CVE-2007-1997",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1997"
},
{
"name": "CVE-2007-1659",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1659"
},
{
"name": "CVE-2007-6337",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6337"
},
{
"name": "CVE-2008-0044",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0044"
},
{
"name": "CVE-2008-0045",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0045"
},
{
"name": "CVE-2007-5971",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5971"
},
{
"name": "CVE-2008-0046",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0046"
},
{
"name": "CVE-2008-0047",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0047"
},
{
"name": "CVE-2007-6335",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6335"
},
{
"name": "CVE-2007-5267",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5267"
},
{
"name": "CVE-2007-3725",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3725"
},
{
"name": "CVE-2008-0054",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0054"
},
{
"name": "CVE-2008-0996",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0996"
},
{
"name": "CVE-2007-5268",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5268"
},
{
"name": "CVE-2007-6203",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6203"
},
{
"name": "CVE-2008-0051",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0051"
},
{
"name": "CVE-2007-3799",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3799"
},
{
"name": "CVE-2008-0048",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0048"
},
{
"name": "CVE-2007-1662",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1662"
},
{
"name": "CVE-2006-3334",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3334"
},
{
"name": "CVE-2008-0998",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0998"
},
{
"name": "CVE-2007-0897",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0897"
},
{
"name": "CVE-2008-0318",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0318"
},
{
"name": "CVE-2007-6429",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6429"
},
{
"name": "CVE-2007-4510",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4510"
},
{
"name": "CVE-2007-5269",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5269"
},
{
"name": "CVE-2007-5795",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5795"
},
{
"name": "CVE-2008-0006",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0006"
},
{
"name": "CVE-2008-0062",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0062"
},
{
"name": "CVE-2008-0728",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0728"
},
{
"name": "CVE-2007-2445",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2445"
},
{
"name": "CVE-2008-0049",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0049"
},
{
"name": "CVE-2007-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1745"
},
{
"name": "CVE-2007-6427",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6427"
},
{
"name": "CVE-2008-0987",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0987"
},
{
"name": "CVE-2008-0993",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0993"
},
{
"name": "CVE-2008-0988",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0988"
},
{
"name": "CVE-2008-0056",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0056"
},
{
"name": "CVE-2008-0992",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0992"
},
{
"name": "CVE-2006-5793",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-5793"
},
{
"name": "CVE-2007-6428",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6428"
},
{
"name": "CVE-2008-0989",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0989"
},
{
"name": "CVE-2005-3352",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-3352"
},
{
"name": "CVE-2008-0053",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0053"
},
{
"name": "CVE-2007-4767",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4767"
},
{
"name": "CVE-2008-0050",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0050"
},
{
"name": "CVE-2007-5958",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5958"
},
{
"name": "CVE-2006-6481",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-6481"
},
{
"name": "CVE-2008-0994",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0994"
},
{
"name": "CVE-2007-6421",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6421"
},
{
"name": "CVE-2008-0058",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0058"
},
{
"name": "CVE-2007-4752",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4752"
},
{
"name": "CVE-2008-0999",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0999"
},
{
"name": "CVE-2007-4560",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4560"
},
{
"name": "CVE-2007-4990",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4990"
},
{
"name": "CVE-2007-4766",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4766"
},
{
"name": "CVE-2007-6388",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6388"
},
{
"name": "CVE-2008-0596",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0596"
},
{
"name": "CVE-2007-4887",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4887"
}
],
"initial_release_date": "2008-03-19T00:00:00",
"last_revision_date": "2008-03-19T00:00:00",
"links": [],
"reference": "CERTA-2008-AVI-148",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-03-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": null,
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple 307562 du 18 mars 2008",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
}
]
}
CERTA-2008-AVI-154
Vulnerability from certfr_avis - Published: 2008-03-20 - Updated: 2008-03-25
De multiples vulnérabilités dans Kerberos 5 permettent de porter atteinte à la confidentialité des données, de réaliser un déni de service à distance et éventuellement, d'exécuter du code arbitraire à distance.
Description
Plusieurs vulnérabilités ont été découvertes dans Kerberos 5 :
- l'utilisation d'un pointeur non initialisé pour certains types de messages krb4 peut provoquer un déni de service ou l'exécution de code arbitraire à distance. L'exploitation de cette vulnérabilité nécessite l'activation du support Kerberos 4, ce qui n'est pas le cas par défaut (CVE-2008-0062) ;
- des messages krb4 peuvent contenir des informations stockées en mémoire, ce qui peut porter atteinte à la confidentialité des données. L'exploitation de cette vulnérabilité nécessite l'activation du support Kerberos 4 (CVE-2008-0063) ;
- un utilisateur malintentionné peut provoquer une corruption de la mémoire dans le processus kadmind, ce qui se traduit par un déni de service et, éventuellement, une exécution de code arbitraire à distance. L'exploitation de cette vulnérabilité nécessite des configurations qui permettent l'ouverture d'un grand nombre de descripteurs de fichier par processus (CVE-2008-0947 et CVE-2008-0948).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Kerberos 5 versions 1.6.3 et antérieures.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003e\u003cSPAN class=\"textit\"\u003eKerberos 5\u003c/SPAN\u003e versions 1.6.3 et ant\u00e9rieures.\u003c/P\u003e",
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Kerberos 5 :\n\n- l\u0027utilisation d\u0027un pointeur non initialis\u00e9 pour certains types de\n messages krb4 peut provoquer un d\u00e9ni de service ou l\u0027ex\u00e9cution de\n code arbitraire \u00e0 distance. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9\n n\u00e9cessite l\u0027activation du support Kerberos 4, ce qui n\u0027est pas le\n cas par d\u00e9faut (CVE-2008-0062) ;\n- des messages krb4 peuvent contenir des informations stock\u00e9es en\n m\u00e9moire, ce qui peut porter atteinte \u00e0 la confidentialit\u00e9 des\n donn\u00e9es. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9 n\u00e9cessite\n l\u0027activation du support Kerberos 4 (CVE-2008-0063) ;\n- un utilisateur malintentionn\u00e9 peut provoquer une corruption de la\n m\u00e9moire dans le processus kadmind, ce qui se traduit par un d\u00e9ni de\n service et, \u00e9ventuellement, une ex\u00e9cution de code arbitraire \u00e0\n distance. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9 n\u00e9cessite des\n configurations qui permettent l\u0027ouverture d\u0027un grand nombre de\n descripteurs de fichier par processus (CVE-2008-0947 et\n CVE-2008-0948).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-0063",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0063"
},
{
"name": "CVE-2008-0948",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0948"
},
{
"name": "CVE-2008-0947",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0947"
},
{
"name": "CVE-2008-0062",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0062"
}
],
"initial_release_date": "2008-03-20T00:00:00",
"last_revision_date": "2008-03-25T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1524 du 18 mars 2008 :",
"url": "http://www.debian.org/security/2008/dsa-1524"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-587-1 du 19 mars 2008 :",
"url": "http://www.ubuntulinux.org/usn/usn-587-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2008:0180 du 18 mars 2008 :",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0180.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2008:069 du 19 mars 2008 :",
"url": "http://www.mandriva.com/en/security/advisroies?name=MDVSA-2008:069"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200803-31 du 24 mars 2008 :",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml"
}
],
"reference": "CERTA-2008-AVI-154",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-03-20T00:00:00.000000"
},
{
"description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Gentoo, Debian et Mandriva.",
"revision_date": "2008-03-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eKerberos 5\u003c/span\u003e\npermettent de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, de\nr\u00e9aliser un d\u00e9ni de service \u00e0 distance et \u00e9ventuellement, d\u0027ex\u00e9cuter du\ncode arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Kerberos",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 MITKRB5-SA-2008-001 du 18 mars 2008",
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2008-001.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 MITKRB5-SA-2008-002 du 18 mars 2008",
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2008-002.txt"
}
]
}
RHSA-2008:0180
Vulnerability from csaf_redhat - Published: 2008-03-18 18:35 - Updated: 2025-11-21 17:33Summary
Red Hat Security Advisory: krb5 security update
Severity
Critical
Notes
Topic: Updated krb5 packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 4.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details: Kerberos is a network authentication system which allows clients and
servers to authenticate to each other through use of symmetric encryption
and a trusted third party, the KDC.
A flaw was found in the way the MIT Kerberos Authentication Service and Key
Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets.
An unauthenticated remote attacker could use this flaw to crash the
krb5kdc daemon, disclose portions of its memory, or possibly execute
arbitrary code using malformed or truncated Kerberos v4 protocol
requests. (CVE-2008-0062, CVE-2008-0063)
This issue only affected krb5kdc with Kerberos v4 protocol compatibility
enabled, which is the default setting on Red Hat Enterprise Linux 4.
Kerberos v4 protocol support can be disabled by adding "v4_mode=none"
(without the quotes) to the "[kdcdefaults]" section of
/var/kerberos/krb5kdc/kdc.conf.
Red Hat would like to thank MIT for reporting these issues.
A double-free flaw was discovered in the GSSAPI library used by MIT
Kerberos. This flaw could possibly cause a crash of the application using
the GSSAPI library. (CVE-2007-5971)
All krb5 users are advised to update to these erratum packages which
contain backported fixes to correct these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
https://access.redhat.com/errata/RHSA-2008:0180
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
https://access.redhat.com/errata/RHSA-2008:0180
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
https://access.redhat.com/errata/RHSA-2008:0180
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
MIT
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated krb5 packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Kerberos is a network authentication system which allows clients and\nservers to authenticate to each other through use of symmetric encryption\nand a trusted third party, the KDC.\n\nA flaw was found in the way the MIT Kerberos Authentication Service and Key\nDistribution Center server (krb5kdc) handled Kerberos v4 protocol packets.\nAn unauthenticated remote attacker could use this flaw to crash the\nkrb5kdc daemon, disclose portions of its memory, or possibly execute\narbitrary code using malformed or truncated Kerberos v4 protocol\nrequests. (CVE-2008-0062, CVE-2008-0063)\n\nThis issue only affected krb5kdc with Kerberos v4 protocol compatibility\nenabled, which is the default setting on Red Hat Enterprise Linux 4.\nKerberos v4 protocol support can be disabled by adding \"v4_mode=none\"\n(without the quotes) to the \"[kdcdefaults]\" section of\n/var/kerberos/krb5kdc/kdc.conf.\n\nRed Hat would like to thank MIT for reporting these issues.\n\nA double-free flaw was discovered in the GSSAPI library used by MIT\nKerberos. This flaw could possibly cause a crash of the application using\nthe GSSAPI library. (CVE-2007-5971)\n\nAll krb5 users are advised to update to these erratum packages which\ncontain backported fixes to correct these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0180",
"url": "https://access.redhat.com/errata/RHSA-2008:0180"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "415351",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=415351"
},
{
"category": "external",
"summary": "432620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432620"
},
{
"category": "external",
"summary": "432621",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432621"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0180.json"
}
],
"title": "Red Hat Security Advisory: krb5 security update",
"tracking": {
"current_release_date": "2025-11-21T17:33:03+00:00",
"generator": {
"date": "2025-11-21T17:33:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2008:0180",
"initial_release_date": "2008-03-18T18:35:00+00:00",
"revision_history": [
{
"date": "2008-03-18T18:35:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-03-18T14:47:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:33:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"product": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"product_id": "krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.3.4-54.el4_6.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "krb5-server-0:1.3.4-54.el4_6.1.ia64",
"product": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.ia64",
"product_id": "krb5-server-0:1.3.4-54.el4_6.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.3.4-54.el4_6.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"product": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"product_id": "krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.3.4-54.el4_6.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"product": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"product_id": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.3.4-54.el4_6.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"product": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"product_id": "krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.3.4-54.el4_6.1?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"product": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"product_id": "krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.3.4-54.el4_6.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "krb5-libs-0:1.3.4-54.el4_6.1.i386",
"product": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.i386",
"product_id": "krb5-libs-0:1.3.4-54.el4_6.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.3.4-54.el4_6.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "krb5-devel-0:1.3.4-54.el4_6.1.i386",
"product": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.i386",
"product_id": "krb5-devel-0:1.3.4-54.el4_6.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.3.4-54.el4_6.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "krb5-server-0:1.3.4-54.el4_6.1.i386",
"product": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.i386",
"product_id": "krb5-server-0:1.3.4-54.el4_6.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.3.4-54.el4_6.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"product": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"product_id": "krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.3.4-54.el4_6.1?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"product": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"product_id": "krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.3.4-54.el4_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"product": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"product_id": "krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.3.4-54.el4_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"product": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"product_id": "krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.3.4-54.el4_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"product": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"product_id": "krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.3.4-54.el4_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"product": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"product_id": "krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.3.4-54.el4_6.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-0:1.3.4-54.el4_6.1.src",
"product": {
"name": "krb5-0:1.3.4-54.el4_6.1.src",
"product_id": "krb5-0:1.3.4-54.el4_6.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5@1.3.4-54.el4_6.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"product": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"product_id": "krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.3.4-54.el4_6.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "krb5-server-0:1.3.4-54.el4_6.1.ppc",
"product": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.ppc",
"product_id": "krb5-server-0:1.3.4-54.el4_6.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.3.4-54.el4_6.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"product": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"product_id": "krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.3.4-54.el4_6.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"product": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"product_id": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.3.4-54.el4_6.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"product": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"product_id": "krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.3.4-54.el4_6.1?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"product": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"product_id": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.3.4-54.el4_6.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"product": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"product_id": "krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.3.4-54.el4_6.1?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"product": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"product_id": "krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.3.4-54.el4_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "krb5-server-0:1.3.4-54.el4_6.1.s390x",
"product": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.s390x",
"product_id": "krb5-server-0:1.3.4-54.el4_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.3.4-54.el4_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"product": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"product_id": "krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.3.4-54.el4_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"product": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"product_id": "krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.3.4-54.el4_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"product": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"product_id": "krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.3.4-54.el4_6.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"product": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"product_id": "krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.3.4-54.el4_6.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "krb5-libs-0:1.3.4-54.el4_6.1.s390",
"product": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.s390",
"product_id": "krb5-libs-0:1.3.4-54.el4_6.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.3.4-54.el4_6.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "krb5-devel-0:1.3.4-54.el4_6.1.s390",
"product": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.s390",
"product_id": "krb5-devel-0:1.3.4-54.el4_6.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.3.4-54.el4_6.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "krb5-server-0:1.3.4-54.el4_6.1.s390",
"product": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.s390",
"product_id": "krb5-server-0:1.3.4-54.el4_6.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.3.4-54.el4_6.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"product": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"product_id": "krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.3.4-54.el4_6.1?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-0:1.3.4-54.el4_6.1.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-0:1.3.4-54.el4_6.1.src"
},
"product_reference": "krb5-0:1.3.4-54.el4_6.1.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-devel-0:1.3.4-54.el4_6.1.i386"
},
"product_reference": "krb5-devel-0:1.3.4-54.el4_6.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-devel-0:1.3.4-54.el4_6.1.ia64"
},
"product_reference": "krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-devel-0:1.3.4-54.el4_6.1.ppc"
},
"product_reference": "krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-devel-0:1.3.4-54.el4_6.1.s390"
},
"product_reference": "krb5-devel-0:1.3.4-54.el4_6.1.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-devel-0:1.3.4-54.el4_6.1.s390x"
},
"product_reference": "krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-devel-0:1.3.4-54.el4_6.1.x86_64"
},
"product_reference": "krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-libs-0:1.3.4-54.el4_6.1.i386"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-libs-0:1.3.4-54.el4_6.1.ia64"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-libs-0:1.3.4-54.el4_6.1.ppc"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.ppc64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-libs-0:1.3.4-54.el4_6.1.ppc64"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-libs-0:1.3.4-54.el4_6.1.s390"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-libs-0:1.3.4-54.el4_6.1.s390x"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-libs-0:1.3.4-54.el4_6.1.x86_64"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-server-0:1.3.4-54.el4_6.1.i386"
},
"product_reference": "krb5-server-0:1.3.4-54.el4_6.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-server-0:1.3.4-54.el4_6.1.ia64"
},
"product_reference": "krb5-server-0:1.3.4-54.el4_6.1.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-server-0:1.3.4-54.el4_6.1.ppc"
},
"product_reference": "krb5-server-0:1.3.4-54.el4_6.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-server-0:1.3.4-54.el4_6.1.s390"
},
"product_reference": "krb5-server-0:1.3.4-54.el4_6.1.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-server-0:1.3.4-54.el4_6.1.s390x"
},
"product_reference": "krb5-server-0:1.3.4-54.el4_6.1.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-server-0:1.3.4-54.el4_6.1.x86_64"
},
"product_reference": "krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-workstation-0:1.3.4-54.el4_6.1.i386"
},
"product_reference": "krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-workstation-0:1.3.4-54.el4_6.1.ia64"
},
"product_reference": "krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-workstation-0:1.3.4-54.el4_6.1.ppc"
},
"product_reference": "krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-workstation-0:1.3.4-54.el4_6.1.s390"
},
"product_reference": "krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-workstation-0:1.3.4-54.el4_6.1.s390x"
},
"product_reference": "krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64"
},
"product_reference": "krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-0:1.3.4-54.el4_6.1.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-0:1.3.4-54.el4_6.1.src"
},
"product_reference": "krb5-0:1.3.4-54.el4_6.1.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.i386"
},
"product_reference": "krb5-devel-0:1.3.4-54.el4_6.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.ia64"
},
"product_reference": "krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.ppc"
},
"product_reference": "krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.s390"
},
"product_reference": "krb5-devel-0:1.3.4-54.el4_6.1.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.s390x"
},
"product_reference": "krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.x86_64"
},
"product_reference": "krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.i386"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.ia64"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.ppc"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.ppc64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.ppc64"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.s390"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.s390x"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.x86_64"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-server-0:1.3.4-54.el4_6.1.i386"
},
"product_reference": "krb5-server-0:1.3.4-54.el4_6.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-server-0:1.3.4-54.el4_6.1.ia64"
},
"product_reference": "krb5-server-0:1.3.4-54.el4_6.1.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-server-0:1.3.4-54.el4_6.1.ppc"
},
"product_reference": "krb5-server-0:1.3.4-54.el4_6.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-server-0:1.3.4-54.el4_6.1.s390"
},
"product_reference": "krb5-server-0:1.3.4-54.el4_6.1.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-server-0:1.3.4-54.el4_6.1.s390x"
},
"product_reference": "krb5-server-0:1.3.4-54.el4_6.1.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-server-0:1.3.4-54.el4_6.1.x86_64"
},
"product_reference": "krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.i386"
},
"product_reference": "krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.ia64"
},
"product_reference": "krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.ppc"
},
"product_reference": "krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.s390"
},
"product_reference": "krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.s390x"
},
"product_reference": "krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64"
},
"product_reference": "krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-0:1.3.4-54.el4_6.1.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-0:1.3.4-54.el4_6.1.src"
},
"product_reference": "krb5-0:1.3.4-54.el4_6.1.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-devel-0:1.3.4-54.el4_6.1.i386"
},
"product_reference": "krb5-devel-0:1.3.4-54.el4_6.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-devel-0:1.3.4-54.el4_6.1.ia64"
},
"product_reference": "krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-devel-0:1.3.4-54.el4_6.1.ppc"
},
"product_reference": "krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-devel-0:1.3.4-54.el4_6.1.s390"
},
"product_reference": "krb5-devel-0:1.3.4-54.el4_6.1.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-devel-0:1.3.4-54.el4_6.1.s390x"
},
"product_reference": "krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-devel-0:1.3.4-54.el4_6.1.x86_64"
},
"product_reference": "krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-libs-0:1.3.4-54.el4_6.1.i386"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-libs-0:1.3.4-54.el4_6.1.ia64"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-libs-0:1.3.4-54.el4_6.1.ppc"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.ppc64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-libs-0:1.3.4-54.el4_6.1.ppc64"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-libs-0:1.3.4-54.el4_6.1.s390"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-libs-0:1.3.4-54.el4_6.1.s390x"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-libs-0:1.3.4-54.el4_6.1.x86_64"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-server-0:1.3.4-54.el4_6.1.i386"
},
"product_reference": "krb5-server-0:1.3.4-54.el4_6.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-server-0:1.3.4-54.el4_6.1.ia64"
},
"product_reference": "krb5-server-0:1.3.4-54.el4_6.1.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-server-0:1.3.4-54.el4_6.1.ppc"
},
"product_reference": "krb5-server-0:1.3.4-54.el4_6.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-server-0:1.3.4-54.el4_6.1.s390"
},
"product_reference": "krb5-server-0:1.3.4-54.el4_6.1.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-server-0:1.3.4-54.el4_6.1.s390x"
},
"product_reference": "krb5-server-0:1.3.4-54.el4_6.1.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-server-0:1.3.4-54.el4_6.1.x86_64"
},
"product_reference": "krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-workstation-0:1.3.4-54.el4_6.1.i386"
},
"product_reference": "krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-workstation-0:1.3.4-54.el4_6.1.ia64"
},
"product_reference": "krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-workstation-0:1.3.4-54.el4_6.1.ppc"
},
"product_reference": "krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-workstation-0:1.3.4-54.el4_6.1.s390"
},
"product_reference": "krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-workstation-0:1.3.4-54.el4_6.1.s390x"
},
"product_reference": "krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64"
},
"product_reference": "krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-0:1.3.4-54.el4_6.1.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-0:1.3.4-54.el4_6.1.src"
},
"product_reference": "krb5-0:1.3.4-54.el4_6.1.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64"
},
"product_reference": "krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-devel-0:1.3.4-54.el4_6.1.i386"
},
"product_reference": "krb5-devel-0:1.3.4-54.el4_6.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-devel-0:1.3.4-54.el4_6.1.ia64"
},
"product_reference": "krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-devel-0:1.3.4-54.el4_6.1.ppc"
},
"product_reference": "krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-devel-0:1.3.4-54.el4_6.1.s390"
},
"product_reference": "krb5-devel-0:1.3.4-54.el4_6.1.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-devel-0:1.3.4-54.el4_6.1.s390x"
},
"product_reference": "krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-54.el4_6.1.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-devel-0:1.3.4-54.el4_6.1.x86_64"
},
"product_reference": "krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-libs-0:1.3.4-54.el4_6.1.i386"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-libs-0:1.3.4-54.el4_6.1.ia64"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-libs-0:1.3.4-54.el4_6.1.ppc"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.ppc64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-libs-0:1.3.4-54.el4_6.1.ppc64"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-libs-0:1.3.4-54.el4_6.1.s390"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-libs-0:1.3.4-54.el4_6.1.s390x"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-54.el4_6.1.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-libs-0:1.3.4-54.el4_6.1.x86_64"
},
"product_reference": "krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-server-0:1.3.4-54.el4_6.1.i386"
},
"product_reference": "krb5-server-0:1.3.4-54.el4_6.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-server-0:1.3.4-54.el4_6.1.ia64"
},
"product_reference": "krb5-server-0:1.3.4-54.el4_6.1.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-server-0:1.3.4-54.el4_6.1.ppc"
},
"product_reference": "krb5-server-0:1.3.4-54.el4_6.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-server-0:1.3.4-54.el4_6.1.s390"
},
"product_reference": "krb5-server-0:1.3.4-54.el4_6.1.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-server-0:1.3.4-54.el4_6.1.s390x"
},
"product_reference": "krb5-server-0:1.3.4-54.el4_6.1.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-54.el4_6.1.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-server-0:1.3.4-54.el4_6.1.x86_64"
},
"product_reference": "krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-workstation-0:1.3.4-54.el4_6.1.i386"
},
"product_reference": "krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-workstation-0:1.3.4-54.el4_6.1.ia64"
},
"product_reference": "krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-workstation-0:1.3.4-54.el4_6.1.ppc"
},
"product_reference": "krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-workstation-0:1.3.4-54.el4_6.1.s390"
},
"product_reference": "krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-workstation-0:1.3.4-54.el4_6.1.s390x"
},
"product_reference": "krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-54.el4_6.1.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64"
},
"product_reference": "krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2007-5971",
"discovery_date": "2007-11-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "415351"
}
],
"notes": [
{
"category": "description",
"text": "Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: double free in gssapi lib",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5971\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. See https://marc.info/?m=119743235325151",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS:krb5-0:1.3.4-54.el4_6.1.src",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-0:1.3.4-54.el4_6.1.src",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-0:1.3.4-54.el4_6.1.src",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-0:1.3.4-54.el4_6.1.src",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5971"
},
{
"category": "external",
"summary": "RHBZ#415351",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=415351"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5971",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5971"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5971",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5971"
}
],
"release_date": "2007-11-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-03-18T18:35:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS:krb5-0:1.3.4-54.el4_6.1.src",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-0:1.3.4-54.el4_6.1.src",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-0:1.3.4-54.el4_6.1.src",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-0:1.3.4-54.el4_6.1.src",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0180"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "krb5: double free in gssapi lib"
},
{
"acknowledgments": [
{
"names": [
"MIT"
]
}
],
"cve": "CVE-2008-0062",
"discovery_date": "2008-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "432620"
}
],
"notes": [
{
"category": "description",
"text": "KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: uninitialized pointer use in krb5kdc",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS:krb5-0:1.3.4-54.el4_6.1.src",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-0:1.3.4-54.el4_6.1.src",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-0:1.3.4-54.el4_6.1.src",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-0:1.3.4-54.el4_6.1.src",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0062"
},
{
"category": "external",
"summary": "RHBZ#432620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432620"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0062",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0062"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0062",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0062"
}
],
"release_date": "2008-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-03-18T18:35:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS:krb5-0:1.3.4-54.el4_6.1.src",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-0:1.3.4-54.el4_6.1.src",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-0:1.3.4-54.el4_6.1.src",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-0:1.3.4-54.el4_6.1.src",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0180"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "krb5: uninitialized pointer use in krb5kdc"
},
{
"acknowledgments": [
{
"names": [
"MIT"
]
}
],
"cve": "CVE-2008-0063",
"discovery_date": "2008-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "432621"
}
],
"notes": [
{
"category": "description",
"text": "The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka \"Uninitialized stack values.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: possible leak of sensitive data from krb5kdc using krb4 request",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS:krb5-0:1.3.4-54.el4_6.1.src",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-0:1.3.4-54.el4_6.1.src",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-0:1.3.4-54.el4_6.1.src",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-0:1.3.4-54.el4_6.1.src",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0063"
},
{
"category": "external",
"summary": "RHBZ#432621",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432621"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0063",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0063"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0063",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0063"
}
],
"release_date": "2008-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-03-18T18:35:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS:krb5-0:1.3.4-54.el4_6.1.src",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"4AS:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-0:1.3.4-54.el4_6.1.src",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"4Desktop:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-0:1.3.4-54.el4_6.1.src",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"4ES:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-0:1.3.4-54.el4_6.1.src",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.ppc64",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-debuginfo-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-devel-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.ppc64",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-libs-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-server-0:1.3.4-54.el4_6.1.x86_64",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.i386",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.ia64",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.ppc",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.s390",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.s390x",
"4WS:krb5-workstation-0:1.3.4-54.el4_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0180"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "krb5: possible leak of sensitive data from krb5kdc using krb4 request"
}
]
}
RHSA-2008:0181
Vulnerability from csaf_redhat - Published: 2008-03-18 18:54 - Updated: 2025-11-21 17:33Summary
Red Hat Security Advisory: krb5 security update
Severity
Critical
Notes
Topic: Updated krb5 packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 2.1 and 3.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details: Kerberos is a network authentication system which allows clients and
servers to authenticate to each other through use of symmetric encryption
and a trusted third party, the KDC.
A flaw was found in the way the MIT Kerberos Authentication Service and Key
Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets.
An unauthenticated remote attacker could use this flaw to crash the
krb5kdc daemon, disclose portions of its memory, or possibly execute
arbitrary code using malformed or truncated Kerberos v4 protocol
requests. (CVE-2008-0062, CVE-2008-0063)
This issue only affected krb5kdc with Kerberos v4 protocol compatibility
enabled, which is the default setting on Red Hat Enterprise Linux 4.
Kerberos v4 protocol support can be disabled by adding "v4_mode=none"
(without the quotes) to the "[kdcdefaults]" section of
/var/kerberos/krb5kdc/kdc.conf.
A flaw was found in the RPC library used by the MIT Kerberos kadmind
server. An unauthenticated remote attacker could use this flaw to crash
kadmind. This issue only affected systems with certain resource limits
configured and did not affect systems using default resource limits used by
Red Hat Enterprise Linux 2.1 or 3. (CVE-2008-0948)
Red Hat would like to thank MIT for reporting these issues.
All krb5 users are advised to update to these erratum packages which
contain backported fixes to correct these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
https://access.redhat.com/errata/RHSA-2008:0181
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
https://access.redhat.com/errata/RHSA-2008:0181
Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
https://access.redhat.com/errata/RHSA-2008:0181
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
MIT
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated krb5 packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 2.1 and 3.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Kerberos is a network authentication system which allows clients and\nservers to authenticate to each other through use of symmetric encryption\nand a trusted third party, the KDC.\n\nA flaw was found in the way the MIT Kerberos Authentication Service and Key\nDistribution Center server (krb5kdc) handled Kerberos v4 protocol packets.\nAn unauthenticated remote attacker could use this flaw to crash the\nkrb5kdc daemon, disclose portions of its memory, or possibly execute\narbitrary code using malformed or truncated Kerberos v4 protocol\nrequests. (CVE-2008-0062, CVE-2008-0063)\n\nThis issue only affected krb5kdc with Kerberos v4 protocol compatibility\nenabled, which is the default setting on Red Hat Enterprise Linux 4.\nKerberos v4 protocol support can be disabled by adding \"v4_mode=none\"\n(without the quotes) to the \"[kdcdefaults]\" section of\n/var/kerberos/krb5kdc/kdc.conf.\n\nA flaw was found in the RPC library used by the MIT Kerberos kadmind\nserver. An unauthenticated remote attacker could use this flaw to crash\nkadmind. This issue only affected systems with certain resource limits\nconfigured and did not affect systems using default resource limits used by\nRed Hat Enterprise Linux 2.1 or 3. (CVE-2008-0948)\n\nRed Hat would like to thank MIT for reporting these issues.\n\nAll krb5 users are advised to update to these erratum packages which\ncontain backported fixes to correct these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0181",
"url": "https://access.redhat.com/errata/RHSA-2008:0181"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "432620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432620"
},
{
"category": "external",
"summary": "432621",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432621"
},
{
"category": "external",
"summary": "435087",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=435087"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0181.json"
}
],
"title": "Red Hat Security Advisory: krb5 security update",
"tracking": {
"current_release_date": "2025-11-21T17:33:03+00:00",
"generator": {
"date": "2025-11-21T17:33:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2008:0181",
"initial_release_date": "2008-03-18T18:54:00+00:00",
"revision_history": [
{
"date": "2008-03-18T18:54:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-03-18T15:19:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:33:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product": {
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "2.1AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux Advanced Workstation 2.1",
"product": {
"name": "Red Hat Linux Advanced Workstation 2.1",
"product_id": "2.1AW",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 2.1",
"product": {
"name": "Red Hat Enterprise Linux ES version 2.1",
"product_id": "2.1ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 2.1",
"product": {
"name": "Red Hat Enterprise Linux WS version 2.1",
"product_id": "2.1WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3",
"product": {
"name": "Red Hat Enterprise Linux AS version 3",
"product_id": "3AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3",
"product": {
"name": "Red Hat Desktop version 3",
"product_id": "3Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3",
"product": {
"name": "Red Hat Enterprise Linux ES version 3",
"product_id": "3ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3",
"product": {
"name": "Red Hat Enterprise Linux WS version 3",
"product_id": "3WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-workstation-0:1.2.2-48.ia64",
"product": {
"name": "krb5-workstation-0:1.2.2-48.ia64",
"product_id": "krb5-workstation-0:1.2.2-48.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.2.2-48?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "krb5-libs-0:1.2.2-48.ia64",
"product": {
"name": "krb5-libs-0:1.2.2-48.ia64",
"product_id": "krb5-libs-0:1.2.2-48.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.2.2-48?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "krb5-devel-0:1.2.2-48.ia64",
"product": {
"name": "krb5-devel-0:1.2.2-48.ia64",
"product_id": "krb5-devel-0:1.2.2-48.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.2.2-48?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "krb5-server-0:1.2.2-48.ia64",
"product": {
"name": "krb5-server-0:1.2.2-48.ia64",
"product_id": "krb5-server-0:1.2.2-48.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.2.2-48?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "krb5-server-0:1.2.7-68.ia64",
"product": {
"name": "krb5-server-0:1.2.7-68.ia64",
"product_id": "krb5-server-0:1.2.7-68.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.2.7-68?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "krb5-workstation-0:1.2.7-68.ia64",
"product": {
"name": "krb5-workstation-0:1.2.7-68.ia64",
"product_id": "krb5-workstation-0:1.2.7-68.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.2.7-68?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "krb5-libs-0:1.2.7-68.ia64",
"product": {
"name": "krb5-libs-0:1.2.7-68.ia64",
"product_id": "krb5-libs-0:1.2.7-68.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.2.7-68?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.2.7-68.ia64",
"product": {
"name": "krb5-debuginfo-0:1.2.7-68.ia64",
"product_id": "krb5-debuginfo-0:1.2.7-68.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.2.7-68?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "krb5-devel-0:1.2.7-68.ia64",
"product": {
"name": "krb5-devel-0:1.2.7-68.ia64",
"product_id": "krb5-devel-0:1.2.7-68.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.2.7-68?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-0:1.2.2-48.src",
"product": {
"name": "krb5-0:1.2.2-48.src",
"product_id": "krb5-0:1.2.2-48.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5@1.2.2-48?arch=src"
}
}
},
{
"category": "product_version",
"name": "krb5-0:1.2.7-68.src",
"product": {
"name": "krb5-0:1.2.7-68.src",
"product_id": "krb5-0:1.2.7-68.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5@1.2.7-68?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-workstation-0:1.2.2-48.i386",
"product": {
"name": "krb5-workstation-0:1.2.2-48.i386",
"product_id": "krb5-workstation-0:1.2.2-48.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.2.2-48?arch=i386"
}
}
},
{
"category": "product_version",
"name": "krb5-libs-0:1.2.2-48.i386",
"product": {
"name": "krb5-libs-0:1.2.2-48.i386",
"product_id": "krb5-libs-0:1.2.2-48.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.2.2-48?arch=i386"
}
}
},
{
"category": "product_version",
"name": "krb5-devel-0:1.2.2-48.i386",
"product": {
"name": "krb5-devel-0:1.2.2-48.i386",
"product_id": "krb5-devel-0:1.2.2-48.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.2.2-48?arch=i386"
}
}
},
{
"category": "product_version",
"name": "krb5-server-0:1.2.2-48.i386",
"product": {
"name": "krb5-server-0:1.2.2-48.i386",
"product_id": "krb5-server-0:1.2.2-48.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.2.2-48?arch=i386"
}
}
},
{
"category": "product_version",
"name": "krb5-libs-0:1.2.7-68.i386",
"product": {
"name": "krb5-libs-0:1.2.7-68.i386",
"product_id": "krb5-libs-0:1.2.7-68.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.2.7-68?arch=i386"
}
}
},
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.2.7-68.i386",
"product": {
"name": "krb5-debuginfo-0:1.2.7-68.i386",
"product_id": "krb5-debuginfo-0:1.2.7-68.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.2.7-68?arch=i386"
}
}
},
{
"category": "product_version",
"name": "krb5-server-0:1.2.7-68.i386",
"product": {
"name": "krb5-server-0:1.2.7-68.i386",
"product_id": "krb5-server-0:1.2.7-68.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.2.7-68?arch=i386"
}
}
},
{
"category": "product_version",
"name": "krb5-workstation-0:1.2.7-68.i386",
"product": {
"name": "krb5-workstation-0:1.2.7-68.i386",
"product_id": "krb5-workstation-0:1.2.7-68.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.2.7-68?arch=i386"
}
}
},
{
"category": "product_version",
"name": "krb5-devel-0:1.2.7-68.i386",
"product": {
"name": "krb5-devel-0:1.2.7-68.i386",
"product_id": "krb5-devel-0:1.2.7-68.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.2.7-68?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-server-0:1.2.7-68.x86_64",
"product": {
"name": "krb5-server-0:1.2.7-68.x86_64",
"product_id": "krb5-server-0:1.2.7-68.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.2.7-68?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "krb5-workstation-0:1.2.7-68.x86_64",
"product": {
"name": "krb5-workstation-0:1.2.7-68.x86_64",
"product_id": "krb5-workstation-0:1.2.7-68.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.2.7-68?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "krb5-libs-0:1.2.7-68.x86_64",
"product": {
"name": "krb5-libs-0:1.2.7-68.x86_64",
"product_id": "krb5-libs-0:1.2.7-68.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.2.7-68?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.2.7-68.x86_64",
"product": {
"name": "krb5-debuginfo-0:1.2.7-68.x86_64",
"product_id": "krb5-debuginfo-0:1.2.7-68.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.2.7-68?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "krb5-devel-0:1.2.7-68.x86_64",
"product": {
"name": "krb5-devel-0:1.2.7-68.x86_64",
"product_id": "krb5-devel-0:1.2.7-68.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.2.7-68?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-server-0:1.2.7-68.ppc",
"product": {
"name": "krb5-server-0:1.2.7-68.ppc",
"product_id": "krb5-server-0:1.2.7-68.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.2.7-68?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "krb5-workstation-0:1.2.7-68.ppc",
"product": {
"name": "krb5-workstation-0:1.2.7-68.ppc",
"product_id": "krb5-workstation-0:1.2.7-68.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.2.7-68?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "krb5-libs-0:1.2.7-68.ppc",
"product": {
"name": "krb5-libs-0:1.2.7-68.ppc",
"product_id": "krb5-libs-0:1.2.7-68.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.2.7-68?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.2.7-68.ppc",
"product": {
"name": "krb5-debuginfo-0:1.2.7-68.ppc",
"product_id": "krb5-debuginfo-0:1.2.7-68.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.2.7-68?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "krb5-devel-0:1.2.7-68.ppc",
"product": {
"name": "krb5-devel-0:1.2.7-68.ppc",
"product_id": "krb5-devel-0:1.2.7-68.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.2.7-68?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-libs-0:1.2.7-68.ppc64",
"product": {
"name": "krb5-libs-0:1.2.7-68.ppc64",
"product_id": "krb5-libs-0:1.2.7-68.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.2.7-68?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.2.7-68.ppc64",
"product": {
"name": "krb5-debuginfo-0:1.2.7-68.ppc64",
"product_id": "krb5-debuginfo-0:1.2.7-68.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.2.7-68?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-server-0:1.2.7-68.s390x",
"product": {
"name": "krb5-server-0:1.2.7-68.s390x",
"product_id": "krb5-server-0:1.2.7-68.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.2.7-68?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "krb5-workstation-0:1.2.7-68.s390x",
"product": {
"name": "krb5-workstation-0:1.2.7-68.s390x",
"product_id": "krb5-workstation-0:1.2.7-68.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.2.7-68?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "krb5-libs-0:1.2.7-68.s390x",
"product": {
"name": "krb5-libs-0:1.2.7-68.s390x",
"product_id": "krb5-libs-0:1.2.7-68.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.2.7-68?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.2.7-68.s390x",
"product": {
"name": "krb5-debuginfo-0:1.2.7-68.s390x",
"product_id": "krb5-debuginfo-0:1.2.7-68.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.2.7-68?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "krb5-devel-0:1.2.7-68.s390x",
"product": {
"name": "krb5-devel-0:1.2.7-68.s390x",
"product_id": "krb5-devel-0:1.2.7-68.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.2.7-68?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-libs-0:1.2.7-68.s390",
"product": {
"name": "krb5-libs-0:1.2.7-68.s390",
"product_id": "krb5-libs-0:1.2.7-68.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.2.7-68?arch=s390"
}
}
},
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.2.7-68.s390",
"product": {
"name": "krb5-debuginfo-0:1.2.7-68.s390",
"product_id": "krb5-debuginfo-0:1.2.7-68.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.2.7-68?arch=s390"
}
}
},
{
"category": "product_version",
"name": "krb5-server-0:1.2.7-68.s390",
"product": {
"name": "krb5-server-0:1.2.7-68.s390",
"product_id": "krb5-server-0:1.2.7-68.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.2.7-68?arch=s390"
}
}
},
{
"category": "product_version",
"name": "krb5-workstation-0:1.2.7-68.s390",
"product": {
"name": "krb5-workstation-0:1.2.7-68.s390",
"product_id": "krb5-workstation-0:1.2.7-68.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.2.7-68?arch=s390"
}
}
},
{
"category": "product_version",
"name": "krb5-devel-0:1.2.7-68.s390",
"product": {
"name": "krb5-devel-0:1.2.7-68.s390",
"product_id": "krb5-devel-0:1.2.7-68.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.2.7-68?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-0:1.2.2-48.src as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "2.1AS:krb5-0:1.2.2-48.src"
},
"product_reference": "krb5-0:1.2.2-48.src",
"relates_to_product_reference": "2.1AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.2-48.i386 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "2.1AS:krb5-devel-0:1.2.2-48.i386"
},
"product_reference": "krb5-devel-0:1.2.2-48.i386",
"relates_to_product_reference": "2.1AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.2-48.ia64 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "2.1AS:krb5-devel-0:1.2.2-48.ia64"
},
"product_reference": "krb5-devel-0:1.2.2-48.ia64",
"relates_to_product_reference": "2.1AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.2-48.i386 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "2.1AS:krb5-libs-0:1.2.2-48.i386"
},
"product_reference": "krb5-libs-0:1.2.2-48.i386",
"relates_to_product_reference": "2.1AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.2-48.ia64 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "2.1AS:krb5-libs-0:1.2.2-48.ia64"
},
"product_reference": "krb5-libs-0:1.2.2-48.ia64",
"relates_to_product_reference": "2.1AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.2-48.i386 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "2.1AS:krb5-server-0:1.2.2-48.i386"
},
"product_reference": "krb5-server-0:1.2.2-48.i386",
"relates_to_product_reference": "2.1AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.2-48.ia64 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "2.1AS:krb5-server-0:1.2.2-48.ia64"
},
"product_reference": "krb5-server-0:1.2.2-48.ia64",
"relates_to_product_reference": "2.1AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.2-48.i386 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "2.1AS:krb5-workstation-0:1.2.2-48.i386"
},
"product_reference": "krb5-workstation-0:1.2.2-48.i386",
"relates_to_product_reference": "2.1AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.2-48.ia64 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "2.1AS:krb5-workstation-0:1.2.2-48.ia64"
},
"product_reference": "krb5-workstation-0:1.2.2-48.ia64",
"relates_to_product_reference": "2.1AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-0:1.2.2-48.src as a component of Red Hat Linux Advanced Workstation 2.1",
"product_id": "2.1AW:krb5-0:1.2.2-48.src"
},
"product_reference": "krb5-0:1.2.2-48.src",
"relates_to_product_reference": "2.1AW"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.2-48.i386 as a component of Red Hat Linux Advanced Workstation 2.1",
"product_id": "2.1AW:krb5-devel-0:1.2.2-48.i386"
},
"product_reference": "krb5-devel-0:1.2.2-48.i386",
"relates_to_product_reference": "2.1AW"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.2-48.ia64 as a component of Red Hat Linux Advanced Workstation 2.1",
"product_id": "2.1AW:krb5-devel-0:1.2.2-48.ia64"
},
"product_reference": "krb5-devel-0:1.2.2-48.ia64",
"relates_to_product_reference": "2.1AW"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.2-48.i386 as a component of Red Hat Linux Advanced Workstation 2.1",
"product_id": "2.1AW:krb5-libs-0:1.2.2-48.i386"
},
"product_reference": "krb5-libs-0:1.2.2-48.i386",
"relates_to_product_reference": "2.1AW"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.2-48.ia64 as a component of Red Hat Linux Advanced Workstation 2.1",
"product_id": "2.1AW:krb5-libs-0:1.2.2-48.ia64"
},
"product_reference": "krb5-libs-0:1.2.2-48.ia64",
"relates_to_product_reference": "2.1AW"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.2-48.i386 as a component of Red Hat Linux Advanced Workstation 2.1",
"product_id": "2.1AW:krb5-server-0:1.2.2-48.i386"
},
"product_reference": "krb5-server-0:1.2.2-48.i386",
"relates_to_product_reference": "2.1AW"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.2-48.ia64 as a component of Red Hat Linux Advanced Workstation 2.1",
"product_id": "2.1AW:krb5-server-0:1.2.2-48.ia64"
},
"product_reference": "krb5-server-0:1.2.2-48.ia64",
"relates_to_product_reference": "2.1AW"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.2-48.i386 as a component of Red Hat Linux Advanced Workstation 2.1",
"product_id": "2.1AW:krb5-workstation-0:1.2.2-48.i386"
},
"product_reference": "krb5-workstation-0:1.2.2-48.i386",
"relates_to_product_reference": "2.1AW"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.2-48.ia64 as a component of Red Hat Linux Advanced Workstation 2.1",
"product_id": "2.1AW:krb5-workstation-0:1.2.2-48.ia64"
},
"product_reference": "krb5-workstation-0:1.2.2-48.ia64",
"relates_to_product_reference": "2.1AW"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-0:1.2.2-48.src as a component of Red Hat Enterprise Linux ES version 2.1",
"product_id": "2.1ES:krb5-0:1.2.2-48.src"
},
"product_reference": "krb5-0:1.2.2-48.src",
"relates_to_product_reference": "2.1ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.2-48.i386 as a component of Red Hat Enterprise Linux ES version 2.1",
"product_id": "2.1ES:krb5-devel-0:1.2.2-48.i386"
},
"product_reference": "krb5-devel-0:1.2.2-48.i386",
"relates_to_product_reference": "2.1ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.2-48.ia64 as a component of Red Hat Enterprise Linux ES version 2.1",
"product_id": "2.1ES:krb5-devel-0:1.2.2-48.ia64"
},
"product_reference": "krb5-devel-0:1.2.2-48.ia64",
"relates_to_product_reference": "2.1ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.2-48.i386 as a component of Red Hat Enterprise Linux ES version 2.1",
"product_id": "2.1ES:krb5-libs-0:1.2.2-48.i386"
},
"product_reference": "krb5-libs-0:1.2.2-48.i386",
"relates_to_product_reference": "2.1ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.2-48.ia64 as a component of Red Hat Enterprise Linux ES version 2.1",
"product_id": "2.1ES:krb5-libs-0:1.2.2-48.ia64"
},
"product_reference": "krb5-libs-0:1.2.2-48.ia64",
"relates_to_product_reference": "2.1ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.2-48.i386 as a component of Red Hat Enterprise Linux ES version 2.1",
"product_id": "2.1ES:krb5-server-0:1.2.2-48.i386"
},
"product_reference": "krb5-server-0:1.2.2-48.i386",
"relates_to_product_reference": "2.1ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.2-48.ia64 as a component of Red Hat Enterprise Linux ES version 2.1",
"product_id": "2.1ES:krb5-server-0:1.2.2-48.ia64"
},
"product_reference": "krb5-server-0:1.2.2-48.ia64",
"relates_to_product_reference": "2.1ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.2-48.i386 as a component of Red Hat Enterprise Linux ES version 2.1",
"product_id": "2.1ES:krb5-workstation-0:1.2.2-48.i386"
},
"product_reference": "krb5-workstation-0:1.2.2-48.i386",
"relates_to_product_reference": "2.1ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.2-48.ia64 as a component of Red Hat Enterprise Linux ES version 2.1",
"product_id": "2.1ES:krb5-workstation-0:1.2.2-48.ia64"
},
"product_reference": "krb5-workstation-0:1.2.2-48.ia64",
"relates_to_product_reference": "2.1ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-0:1.2.2-48.src as a component of Red Hat Enterprise Linux WS version 2.1",
"product_id": "2.1WS:krb5-0:1.2.2-48.src"
},
"product_reference": "krb5-0:1.2.2-48.src",
"relates_to_product_reference": "2.1WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.2-48.i386 as a component of Red Hat Enterprise Linux WS version 2.1",
"product_id": "2.1WS:krb5-devel-0:1.2.2-48.i386"
},
"product_reference": "krb5-devel-0:1.2.2-48.i386",
"relates_to_product_reference": "2.1WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.2-48.ia64 as a component of Red Hat Enterprise Linux WS version 2.1",
"product_id": "2.1WS:krb5-devel-0:1.2.2-48.ia64"
},
"product_reference": "krb5-devel-0:1.2.2-48.ia64",
"relates_to_product_reference": "2.1WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.2-48.i386 as a component of Red Hat Enterprise Linux WS version 2.1",
"product_id": "2.1WS:krb5-libs-0:1.2.2-48.i386"
},
"product_reference": "krb5-libs-0:1.2.2-48.i386",
"relates_to_product_reference": "2.1WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.2-48.ia64 as a component of Red Hat Enterprise Linux WS version 2.1",
"product_id": "2.1WS:krb5-libs-0:1.2.2-48.ia64"
},
"product_reference": "krb5-libs-0:1.2.2-48.ia64",
"relates_to_product_reference": "2.1WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.2-48.i386 as a component of Red Hat Enterprise Linux WS version 2.1",
"product_id": "2.1WS:krb5-server-0:1.2.2-48.i386"
},
"product_reference": "krb5-server-0:1.2.2-48.i386",
"relates_to_product_reference": "2.1WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.2-48.ia64 as a component of Red Hat Enterprise Linux WS version 2.1",
"product_id": "2.1WS:krb5-server-0:1.2.2-48.ia64"
},
"product_reference": "krb5-server-0:1.2.2-48.ia64",
"relates_to_product_reference": "2.1WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.2-48.i386 as a component of Red Hat Enterprise Linux WS version 2.1",
"product_id": "2.1WS:krb5-workstation-0:1.2.2-48.i386"
},
"product_reference": "krb5-workstation-0:1.2.2-48.i386",
"relates_to_product_reference": "2.1WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.2-48.ia64 as a component of Red Hat Enterprise Linux WS version 2.1",
"product_id": "2.1WS:krb5-workstation-0:1.2.2-48.ia64"
},
"product_reference": "krb5-workstation-0:1.2.2-48.ia64",
"relates_to_product_reference": "2.1WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-0:1.2.7-68.src as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-0:1.2.7-68.src"
},
"product_reference": "krb5-0:1.2.7-68.src",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-debuginfo-0:1.2.7-68.i386"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-debuginfo-0:1.2.7-68.ia64"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-debuginfo-0:1.2.7-68.ppc"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.ppc64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-debuginfo-0:1.2.7-68.ppc64"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.ppc64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-debuginfo-0:1.2.7-68.s390"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-debuginfo-0:1.2.7-68.s390x"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-debuginfo-0:1.2.7-68.x86_64"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.7-68.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-devel-0:1.2.7-68.i386"
},
"product_reference": "krb5-devel-0:1.2.7-68.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.7-68.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-devel-0:1.2.7-68.ia64"
},
"product_reference": "krb5-devel-0:1.2.7-68.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.7-68.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-devel-0:1.2.7-68.ppc"
},
"product_reference": "krb5-devel-0:1.2.7-68.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.7-68.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-devel-0:1.2.7-68.s390"
},
"product_reference": "krb5-devel-0:1.2.7-68.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.7-68.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-devel-0:1.2.7-68.s390x"
},
"product_reference": "krb5-devel-0:1.2.7-68.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.7-68.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-devel-0:1.2.7-68.x86_64"
},
"product_reference": "krb5-devel-0:1.2.7-68.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-libs-0:1.2.7-68.i386"
},
"product_reference": "krb5-libs-0:1.2.7-68.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-libs-0:1.2.7-68.ia64"
},
"product_reference": "krb5-libs-0:1.2.7-68.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-libs-0:1.2.7-68.ppc"
},
"product_reference": "krb5-libs-0:1.2.7-68.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.ppc64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-libs-0:1.2.7-68.ppc64"
},
"product_reference": "krb5-libs-0:1.2.7-68.ppc64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-libs-0:1.2.7-68.s390"
},
"product_reference": "krb5-libs-0:1.2.7-68.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-libs-0:1.2.7-68.s390x"
},
"product_reference": "krb5-libs-0:1.2.7-68.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-libs-0:1.2.7-68.x86_64"
},
"product_reference": "krb5-libs-0:1.2.7-68.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.7-68.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-server-0:1.2.7-68.i386"
},
"product_reference": "krb5-server-0:1.2.7-68.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.7-68.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-server-0:1.2.7-68.ia64"
},
"product_reference": "krb5-server-0:1.2.7-68.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.7-68.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-server-0:1.2.7-68.ppc"
},
"product_reference": "krb5-server-0:1.2.7-68.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.7-68.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-server-0:1.2.7-68.s390"
},
"product_reference": "krb5-server-0:1.2.7-68.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.7-68.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-server-0:1.2.7-68.s390x"
},
"product_reference": "krb5-server-0:1.2.7-68.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.7-68.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-server-0:1.2.7-68.x86_64"
},
"product_reference": "krb5-server-0:1.2.7-68.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.7-68.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-workstation-0:1.2.7-68.i386"
},
"product_reference": "krb5-workstation-0:1.2.7-68.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.7-68.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-workstation-0:1.2.7-68.ia64"
},
"product_reference": "krb5-workstation-0:1.2.7-68.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.7-68.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-workstation-0:1.2.7-68.ppc"
},
"product_reference": "krb5-workstation-0:1.2.7-68.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.7-68.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-workstation-0:1.2.7-68.s390"
},
"product_reference": "krb5-workstation-0:1.2.7-68.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.7-68.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-workstation-0:1.2.7-68.s390x"
},
"product_reference": "krb5-workstation-0:1.2.7-68.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.7-68.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:krb5-workstation-0:1.2.7-68.x86_64"
},
"product_reference": "krb5-workstation-0:1.2.7-68.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-0:1.2.7-68.src as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-0:1.2.7-68.src"
},
"product_reference": "krb5-0:1.2.7-68.src",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-debuginfo-0:1.2.7-68.i386"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-debuginfo-0:1.2.7-68.ia64"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-debuginfo-0:1.2.7-68.ppc"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.ppc64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-debuginfo-0:1.2.7-68.ppc64"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.ppc64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-debuginfo-0:1.2.7-68.s390"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-debuginfo-0:1.2.7-68.s390x"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-debuginfo-0:1.2.7-68.x86_64"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.7-68.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-devel-0:1.2.7-68.i386"
},
"product_reference": "krb5-devel-0:1.2.7-68.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.7-68.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-devel-0:1.2.7-68.ia64"
},
"product_reference": "krb5-devel-0:1.2.7-68.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.7-68.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-devel-0:1.2.7-68.ppc"
},
"product_reference": "krb5-devel-0:1.2.7-68.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.7-68.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-devel-0:1.2.7-68.s390"
},
"product_reference": "krb5-devel-0:1.2.7-68.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.7-68.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-devel-0:1.2.7-68.s390x"
},
"product_reference": "krb5-devel-0:1.2.7-68.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.7-68.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-devel-0:1.2.7-68.x86_64"
},
"product_reference": "krb5-devel-0:1.2.7-68.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-libs-0:1.2.7-68.i386"
},
"product_reference": "krb5-libs-0:1.2.7-68.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-libs-0:1.2.7-68.ia64"
},
"product_reference": "krb5-libs-0:1.2.7-68.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-libs-0:1.2.7-68.ppc"
},
"product_reference": "krb5-libs-0:1.2.7-68.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.ppc64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-libs-0:1.2.7-68.ppc64"
},
"product_reference": "krb5-libs-0:1.2.7-68.ppc64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-libs-0:1.2.7-68.s390"
},
"product_reference": "krb5-libs-0:1.2.7-68.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-libs-0:1.2.7-68.s390x"
},
"product_reference": "krb5-libs-0:1.2.7-68.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-libs-0:1.2.7-68.x86_64"
},
"product_reference": "krb5-libs-0:1.2.7-68.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.7-68.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-server-0:1.2.7-68.i386"
},
"product_reference": "krb5-server-0:1.2.7-68.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.7-68.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-server-0:1.2.7-68.ia64"
},
"product_reference": "krb5-server-0:1.2.7-68.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.7-68.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-server-0:1.2.7-68.ppc"
},
"product_reference": "krb5-server-0:1.2.7-68.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.7-68.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-server-0:1.2.7-68.s390"
},
"product_reference": "krb5-server-0:1.2.7-68.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.7-68.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-server-0:1.2.7-68.s390x"
},
"product_reference": "krb5-server-0:1.2.7-68.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.7-68.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-server-0:1.2.7-68.x86_64"
},
"product_reference": "krb5-server-0:1.2.7-68.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.7-68.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-workstation-0:1.2.7-68.i386"
},
"product_reference": "krb5-workstation-0:1.2.7-68.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.7-68.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-workstation-0:1.2.7-68.ia64"
},
"product_reference": "krb5-workstation-0:1.2.7-68.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.7-68.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-workstation-0:1.2.7-68.ppc"
},
"product_reference": "krb5-workstation-0:1.2.7-68.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.7-68.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-workstation-0:1.2.7-68.s390"
},
"product_reference": "krb5-workstation-0:1.2.7-68.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.7-68.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-workstation-0:1.2.7-68.s390x"
},
"product_reference": "krb5-workstation-0:1.2.7-68.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.7-68.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:krb5-workstation-0:1.2.7-68.x86_64"
},
"product_reference": "krb5-workstation-0:1.2.7-68.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-0:1.2.7-68.src as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-0:1.2.7-68.src"
},
"product_reference": "krb5-0:1.2.7-68.src",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-debuginfo-0:1.2.7-68.i386"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-debuginfo-0:1.2.7-68.ia64"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-debuginfo-0:1.2.7-68.ppc"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.ppc64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-debuginfo-0:1.2.7-68.ppc64"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.ppc64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-debuginfo-0:1.2.7-68.s390"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-debuginfo-0:1.2.7-68.s390x"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-debuginfo-0:1.2.7-68.x86_64"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.7-68.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-devel-0:1.2.7-68.i386"
},
"product_reference": "krb5-devel-0:1.2.7-68.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.7-68.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-devel-0:1.2.7-68.ia64"
},
"product_reference": "krb5-devel-0:1.2.7-68.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.7-68.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-devel-0:1.2.7-68.ppc"
},
"product_reference": "krb5-devel-0:1.2.7-68.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.7-68.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-devel-0:1.2.7-68.s390"
},
"product_reference": "krb5-devel-0:1.2.7-68.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.7-68.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-devel-0:1.2.7-68.s390x"
},
"product_reference": "krb5-devel-0:1.2.7-68.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.7-68.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-devel-0:1.2.7-68.x86_64"
},
"product_reference": "krb5-devel-0:1.2.7-68.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-libs-0:1.2.7-68.i386"
},
"product_reference": "krb5-libs-0:1.2.7-68.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-libs-0:1.2.7-68.ia64"
},
"product_reference": "krb5-libs-0:1.2.7-68.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-libs-0:1.2.7-68.ppc"
},
"product_reference": "krb5-libs-0:1.2.7-68.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.ppc64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-libs-0:1.2.7-68.ppc64"
},
"product_reference": "krb5-libs-0:1.2.7-68.ppc64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-libs-0:1.2.7-68.s390"
},
"product_reference": "krb5-libs-0:1.2.7-68.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-libs-0:1.2.7-68.s390x"
},
"product_reference": "krb5-libs-0:1.2.7-68.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-libs-0:1.2.7-68.x86_64"
},
"product_reference": "krb5-libs-0:1.2.7-68.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.7-68.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-server-0:1.2.7-68.i386"
},
"product_reference": "krb5-server-0:1.2.7-68.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.7-68.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-server-0:1.2.7-68.ia64"
},
"product_reference": "krb5-server-0:1.2.7-68.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.7-68.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-server-0:1.2.7-68.ppc"
},
"product_reference": "krb5-server-0:1.2.7-68.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.7-68.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-server-0:1.2.7-68.s390"
},
"product_reference": "krb5-server-0:1.2.7-68.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.7-68.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-server-0:1.2.7-68.s390x"
},
"product_reference": "krb5-server-0:1.2.7-68.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.7-68.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-server-0:1.2.7-68.x86_64"
},
"product_reference": "krb5-server-0:1.2.7-68.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.7-68.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-workstation-0:1.2.7-68.i386"
},
"product_reference": "krb5-workstation-0:1.2.7-68.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.7-68.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-workstation-0:1.2.7-68.ia64"
},
"product_reference": "krb5-workstation-0:1.2.7-68.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.7-68.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-workstation-0:1.2.7-68.ppc"
},
"product_reference": "krb5-workstation-0:1.2.7-68.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.7-68.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-workstation-0:1.2.7-68.s390"
},
"product_reference": "krb5-workstation-0:1.2.7-68.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.7-68.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-workstation-0:1.2.7-68.s390x"
},
"product_reference": "krb5-workstation-0:1.2.7-68.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.7-68.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:krb5-workstation-0:1.2.7-68.x86_64"
},
"product_reference": "krb5-workstation-0:1.2.7-68.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-0:1.2.7-68.src as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-0:1.2.7-68.src"
},
"product_reference": "krb5-0:1.2.7-68.src",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-debuginfo-0:1.2.7-68.i386"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-debuginfo-0:1.2.7-68.ia64"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-debuginfo-0:1.2.7-68.ppc"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.ppc64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-debuginfo-0:1.2.7-68.ppc64"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.ppc64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-debuginfo-0:1.2.7-68.s390"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-debuginfo-0:1.2.7-68.s390x"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.2.7-68.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-debuginfo-0:1.2.7-68.x86_64"
},
"product_reference": "krb5-debuginfo-0:1.2.7-68.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.7-68.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-devel-0:1.2.7-68.i386"
},
"product_reference": "krb5-devel-0:1.2.7-68.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.7-68.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-devel-0:1.2.7-68.ia64"
},
"product_reference": "krb5-devel-0:1.2.7-68.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.7-68.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-devel-0:1.2.7-68.ppc"
},
"product_reference": "krb5-devel-0:1.2.7-68.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.7-68.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-devel-0:1.2.7-68.s390"
},
"product_reference": "krb5-devel-0:1.2.7-68.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.7-68.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-devel-0:1.2.7-68.s390x"
},
"product_reference": "krb5-devel-0:1.2.7-68.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.2.7-68.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-devel-0:1.2.7-68.x86_64"
},
"product_reference": "krb5-devel-0:1.2.7-68.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-libs-0:1.2.7-68.i386"
},
"product_reference": "krb5-libs-0:1.2.7-68.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-libs-0:1.2.7-68.ia64"
},
"product_reference": "krb5-libs-0:1.2.7-68.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-libs-0:1.2.7-68.ppc"
},
"product_reference": "krb5-libs-0:1.2.7-68.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.ppc64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-libs-0:1.2.7-68.ppc64"
},
"product_reference": "krb5-libs-0:1.2.7-68.ppc64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-libs-0:1.2.7-68.s390"
},
"product_reference": "krb5-libs-0:1.2.7-68.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-libs-0:1.2.7-68.s390x"
},
"product_reference": "krb5-libs-0:1.2.7-68.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.2.7-68.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-libs-0:1.2.7-68.x86_64"
},
"product_reference": "krb5-libs-0:1.2.7-68.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.7-68.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-server-0:1.2.7-68.i386"
},
"product_reference": "krb5-server-0:1.2.7-68.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.7-68.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-server-0:1.2.7-68.ia64"
},
"product_reference": "krb5-server-0:1.2.7-68.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.7-68.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-server-0:1.2.7-68.ppc"
},
"product_reference": "krb5-server-0:1.2.7-68.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.7-68.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-server-0:1.2.7-68.s390"
},
"product_reference": "krb5-server-0:1.2.7-68.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.7-68.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-server-0:1.2.7-68.s390x"
},
"product_reference": "krb5-server-0:1.2.7-68.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.2.7-68.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-server-0:1.2.7-68.x86_64"
},
"product_reference": "krb5-server-0:1.2.7-68.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.7-68.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-workstation-0:1.2.7-68.i386"
},
"product_reference": "krb5-workstation-0:1.2.7-68.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.7-68.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-workstation-0:1.2.7-68.ia64"
},
"product_reference": "krb5-workstation-0:1.2.7-68.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.7-68.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-workstation-0:1.2.7-68.ppc"
},
"product_reference": "krb5-workstation-0:1.2.7-68.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.7-68.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-workstation-0:1.2.7-68.s390"
},
"product_reference": "krb5-workstation-0:1.2.7-68.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.7-68.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-workstation-0:1.2.7-68.s390x"
},
"product_reference": "krb5-workstation-0:1.2.7-68.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.2.7-68.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:krb5-workstation-0:1.2.7-68.x86_64"
},
"product_reference": "krb5-workstation-0:1.2.7-68.x86_64",
"relates_to_product_reference": "3WS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"MIT"
]
}
],
"cve": "CVE-2008-0062",
"discovery_date": "2008-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "432620"
}
],
"notes": [
{
"category": "description",
"text": "KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: uninitialized pointer use in krb5kdc",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"2.1AS:krb5-0:1.2.2-48.src",
"2.1AS:krb5-devel-0:1.2.2-48.i386",
"2.1AS:krb5-devel-0:1.2.2-48.ia64",
"2.1AS:krb5-libs-0:1.2.2-48.i386",
"2.1AS:krb5-libs-0:1.2.2-48.ia64",
"2.1AS:krb5-server-0:1.2.2-48.i386",
"2.1AS:krb5-server-0:1.2.2-48.ia64",
"2.1AS:krb5-workstation-0:1.2.2-48.i386",
"2.1AS:krb5-workstation-0:1.2.2-48.ia64",
"2.1AW:krb5-0:1.2.2-48.src",
"2.1AW:krb5-devel-0:1.2.2-48.i386",
"2.1AW:krb5-devel-0:1.2.2-48.ia64",
"2.1AW:krb5-libs-0:1.2.2-48.i386",
"2.1AW:krb5-libs-0:1.2.2-48.ia64",
"2.1AW:krb5-server-0:1.2.2-48.i386",
"2.1AW:krb5-server-0:1.2.2-48.ia64",
"2.1AW:krb5-workstation-0:1.2.2-48.i386",
"2.1AW:krb5-workstation-0:1.2.2-48.ia64",
"2.1ES:krb5-0:1.2.2-48.src",
"2.1ES:krb5-devel-0:1.2.2-48.i386",
"2.1ES:krb5-devel-0:1.2.2-48.ia64",
"2.1ES:krb5-libs-0:1.2.2-48.i386",
"2.1ES:krb5-libs-0:1.2.2-48.ia64",
"2.1ES:krb5-server-0:1.2.2-48.i386",
"2.1ES:krb5-server-0:1.2.2-48.ia64",
"2.1ES:krb5-workstation-0:1.2.2-48.i386",
"2.1ES:krb5-workstation-0:1.2.2-48.ia64",
"2.1WS:krb5-0:1.2.2-48.src",
"2.1WS:krb5-devel-0:1.2.2-48.i386",
"2.1WS:krb5-devel-0:1.2.2-48.ia64",
"2.1WS:krb5-libs-0:1.2.2-48.i386",
"2.1WS:krb5-libs-0:1.2.2-48.ia64",
"2.1WS:krb5-server-0:1.2.2-48.i386",
"2.1WS:krb5-server-0:1.2.2-48.ia64",
"2.1WS:krb5-workstation-0:1.2.2-48.i386",
"2.1WS:krb5-workstation-0:1.2.2-48.ia64",
"3AS:krb5-0:1.2.7-68.src",
"3AS:krb5-debuginfo-0:1.2.7-68.i386",
"3AS:krb5-debuginfo-0:1.2.7-68.ia64",
"3AS:krb5-debuginfo-0:1.2.7-68.ppc",
"3AS:krb5-debuginfo-0:1.2.7-68.ppc64",
"3AS:krb5-debuginfo-0:1.2.7-68.s390",
"3AS:krb5-debuginfo-0:1.2.7-68.s390x",
"3AS:krb5-debuginfo-0:1.2.7-68.x86_64",
"3AS:krb5-devel-0:1.2.7-68.i386",
"3AS:krb5-devel-0:1.2.7-68.ia64",
"3AS:krb5-devel-0:1.2.7-68.ppc",
"3AS:krb5-devel-0:1.2.7-68.s390",
"3AS:krb5-devel-0:1.2.7-68.s390x",
"3AS:krb5-devel-0:1.2.7-68.x86_64",
"3AS:krb5-libs-0:1.2.7-68.i386",
"3AS:krb5-libs-0:1.2.7-68.ia64",
"3AS:krb5-libs-0:1.2.7-68.ppc",
"3AS:krb5-libs-0:1.2.7-68.ppc64",
"3AS:krb5-libs-0:1.2.7-68.s390",
"3AS:krb5-libs-0:1.2.7-68.s390x",
"3AS:krb5-libs-0:1.2.7-68.x86_64",
"3AS:krb5-server-0:1.2.7-68.i386",
"3AS:krb5-server-0:1.2.7-68.ia64",
"3AS:krb5-server-0:1.2.7-68.ppc",
"3AS:krb5-server-0:1.2.7-68.s390",
"3AS:krb5-server-0:1.2.7-68.s390x",
"3AS:krb5-server-0:1.2.7-68.x86_64",
"3AS:krb5-workstation-0:1.2.7-68.i386",
"3AS:krb5-workstation-0:1.2.7-68.ia64",
"3AS:krb5-workstation-0:1.2.7-68.ppc",
"3AS:krb5-workstation-0:1.2.7-68.s390",
"3AS:krb5-workstation-0:1.2.7-68.s390x",
"3AS:krb5-workstation-0:1.2.7-68.x86_64",
"3Desktop:krb5-0:1.2.7-68.src",
"3Desktop:krb5-debuginfo-0:1.2.7-68.i386",
"3Desktop:krb5-debuginfo-0:1.2.7-68.ia64",
"3Desktop:krb5-debuginfo-0:1.2.7-68.ppc",
"3Desktop:krb5-debuginfo-0:1.2.7-68.ppc64",
"3Desktop:krb5-debuginfo-0:1.2.7-68.s390",
"3Desktop:krb5-debuginfo-0:1.2.7-68.s390x",
"3Desktop:krb5-debuginfo-0:1.2.7-68.x86_64",
"3Desktop:krb5-devel-0:1.2.7-68.i386",
"3Desktop:krb5-devel-0:1.2.7-68.ia64",
"3Desktop:krb5-devel-0:1.2.7-68.ppc",
"3Desktop:krb5-devel-0:1.2.7-68.s390",
"3Desktop:krb5-devel-0:1.2.7-68.s390x",
"3Desktop:krb5-devel-0:1.2.7-68.x86_64",
"3Desktop:krb5-libs-0:1.2.7-68.i386",
"3Desktop:krb5-libs-0:1.2.7-68.ia64",
"3Desktop:krb5-libs-0:1.2.7-68.ppc",
"3Desktop:krb5-libs-0:1.2.7-68.ppc64",
"3Desktop:krb5-libs-0:1.2.7-68.s390",
"3Desktop:krb5-libs-0:1.2.7-68.s390x",
"3Desktop:krb5-libs-0:1.2.7-68.x86_64",
"3Desktop:krb5-server-0:1.2.7-68.i386",
"3Desktop:krb5-server-0:1.2.7-68.ia64",
"3Desktop:krb5-server-0:1.2.7-68.ppc",
"3Desktop:krb5-server-0:1.2.7-68.s390",
"3Desktop:krb5-server-0:1.2.7-68.s390x",
"3Desktop:krb5-server-0:1.2.7-68.x86_64",
"3Desktop:krb5-workstation-0:1.2.7-68.i386",
"3Desktop:krb5-workstation-0:1.2.7-68.ia64",
"3Desktop:krb5-workstation-0:1.2.7-68.ppc",
"3Desktop:krb5-workstation-0:1.2.7-68.s390",
"3Desktop:krb5-workstation-0:1.2.7-68.s390x",
"3Desktop:krb5-workstation-0:1.2.7-68.x86_64",
"3ES:krb5-0:1.2.7-68.src",
"3ES:krb5-debuginfo-0:1.2.7-68.i386",
"3ES:krb5-debuginfo-0:1.2.7-68.ia64",
"3ES:krb5-debuginfo-0:1.2.7-68.ppc",
"3ES:krb5-debuginfo-0:1.2.7-68.ppc64",
"3ES:krb5-debuginfo-0:1.2.7-68.s390",
"3ES:krb5-debuginfo-0:1.2.7-68.s390x",
"3ES:krb5-debuginfo-0:1.2.7-68.x86_64",
"3ES:krb5-devel-0:1.2.7-68.i386",
"3ES:krb5-devel-0:1.2.7-68.ia64",
"3ES:krb5-devel-0:1.2.7-68.ppc",
"3ES:krb5-devel-0:1.2.7-68.s390",
"3ES:krb5-devel-0:1.2.7-68.s390x",
"3ES:krb5-devel-0:1.2.7-68.x86_64",
"3ES:krb5-libs-0:1.2.7-68.i386",
"3ES:krb5-libs-0:1.2.7-68.ia64",
"3ES:krb5-libs-0:1.2.7-68.ppc",
"3ES:krb5-libs-0:1.2.7-68.ppc64",
"3ES:krb5-libs-0:1.2.7-68.s390",
"3ES:krb5-libs-0:1.2.7-68.s390x",
"3ES:krb5-libs-0:1.2.7-68.x86_64",
"3ES:krb5-server-0:1.2.7-68.i386",
"3ES:krb5-server-0:1.2.7-68.ia64",
"3ES:krb5-server-0:1.2.7-68.ppc",
"3ES:krb5-server-0:1.2.7-68.s390",
"3ES:krb5-server-0:1.2.7-68.s390x",
"3ES:krb5-server-0:1.2.7-68.x86_64",
"3ES:krb5-workstation-0:1.2.7-68.i386",
"3ES:krb5-workstation-0:1.2.7-68.ia64",
"3ES:krb5-workstation-0:1.2.7-68.ppc",
"3ES:krb5-workstation-0:1.2.7-68.s390",
"3ES:krb5-workstation-0:1.2.7-68.s390x",
"3ES:krb5-workstation-0:1.2.7-68.x86_64",
"3WS:krb5-0:1.2.7-68.src",
"3WS:krb5-debuginfo-0:1.2.7-68.i386",
"3WS:krb5-debuginfo-0:1.2.7-68.ia64",
"3WS:krb5-debuginfo-0:1.2.7-68.ppc",
"3WS:krb5-debuginfo-0:1.2.7-68.ppc64",
"3WS:krb5-debuginfo-0:1.2.7-68.s390",
"3WS:krb5-debuginfo-0:1.2.7-68.s390x",
"3WS:krb5-debuginfo-0:1.2.7-68.x86_64",
"3WS:krb5-devel-0:1.2.7-68.i386",
"3WS:krb5-devel-0:1.2.7-68.ia64",
"3WS:krb5-devel-0:1.2.7-68.ppc",
"3WS:krb5-devel-0:1.2.7-68.s390",
"3WS:krb5-devel-0:1.2.7-68.s390x",
"3WS:krb5-devel-0:1.2.7-68.x86_64",
"3WS:krb5-libs-0:1.2.7-68.i386",
"3WS:krb5-libs-0:1.2.7-68.ia64",
"3WS:krb5-libs-0:1.2.7-68.ppc",
"3WS:krb5-libs-0:1.2.7-68.ppc64",
"3WS:krb5-libs-0:1.2.7-68.s390",
"3WS:krb5-libs-0:1.2.7-68.s390x",
"3WS:krb5-libs-0:1.2.7-68.x86_64",
"3WS:krb5-server-0:1.2.7-68.i386",
"3WS:krb5-server-0:1.2.7-68.ia64",
"3WS:krb5-server-0:1.2.7-68.ppc",
"3WS:krb5-server-0:1.2.7-68.s390",
"3WS:krb5-server-0:1.2.7-68.s390x",
"3WS:krb5-server-0:1.2.7-68.x86_64",
"3WS:krb5-workstation-0:1.2.7-68.i386",
"3WS:krb5-workstation-0:1.2.7-68.ia64",
"3WS:krb5-workstation-0:1.2.7-68.ppc",
"3WS:krb5-workstation-0:1.2.7-68.s390",
"3WS:krb5-workstation-0:1.2.7-68.s390x",
"3WS:krb5-workstation-0:1.2.7-68.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0062"
},
{
"category": "external",
"summary": "RHBZ#432620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432620"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0062",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0062"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0062",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0062"
}
],
"release_date": "2008-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-03-18T18:54:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"2.1AS:krb5-0:1.2.2-48.src",
"2.1AS:krb5-devel-0:1.2.2-48.i386",
"2.1AS:krb5-devel-0:1.2.2-48.ia64",
"2.1AS:krb5-libs-0:1.2.2-48.i386",
"2.1AS:krb5-libs-0:1.2.2-48.ia64",
"2.1AS:krb5-server-0:1.2.2-48.i386",
"2.1AS:krb5-server-0:1.2.2-48.ia64",
"2.1AS:krb5-workstation-0:1.2.2-48.i386",
"2.1AS:krb5-workstation-0:1.2.2-48.ia64",
"2.1AW:krb5-0:1.2.2-48.src",
"2.1AW:krb5-devel-0:1.2.2-48.i386",
"2.1AW:krb5-devel-0:1.2.2-48.ia64",
"2.1AW:krb5-libs-0:1.2.2-48.i386",
"2.1AW:krb5-libs-0:1.2.2-48.ia64",
"2.1AW:krb5-server-0:1.2.2-48.i386",
"2.1AW:krb5-server-0:1.2.2-48.ia64",
"2.1AW:krb5-workstation-0:1.2.2-48.i386",
"2.1AW:krb5-workstation-0:1.2.2-48.ia64",
"2.1ES:krb5-0:1.2.2-48.src",
"2.1ES:krb5-devel-0:1.2.2-48.i386",
"2.1ES:krb5-devel-0:1.2.2-48.ia64",
"2.1ES:krb5-libs-0:1.2.2-48.i386",
"2.1ES:krb5-libs-0:1.2.2-48.ia64",
"2.1ES:krb5-server-0:1.2.2-48.i386",
"2.1ES:krb5-server-0:1.2.2-48.ia64",
"2.1ES:krb5-workstation-0:1.2.2-48.i386",
"2.1ES:krb5-workstation-0:1.2.2-48.ia64",
"2.1WS:krb5-0:1.2.2-48.src",
"2.1WS:krb5-devel-0:1.2.2-48.i386",
"2.1WS:krb5-devel-0:1.2.2-48.ia64",
"2.1WS:krb5-libs-0:1.2.2-48.i386",
"2.1WS:krb5-libs-0:1.2.2-48.ia64",
"2.1WS:krb5-server-0:1.2.2-48.i386",
"2.1WS:krb5-server-0:1.2.2-48.ia64",
"2.1WS:krb5-workstation-0:1.2.2-48.i386",
"2.1WS:krb5-workstation-0:1.2.2-48.ia64",
"3AS:krb5-0:1.2.7-68.src",
"3AS:krb5-debuginfo-0:1.2.7-68.i386",
"3AS:krb5-debuginfo-0:1.2.7-68.ia64",
"3AS:krb5-debuginfo-0:1.2.7-68.ppc",
"3AS:krb5-debuginfo-0:1.2.7-68.ppc64",
"3AS:krb5-debuginfo-0:1.2.7-68.s390",
"3AS:krb5-debuginfo-0:1.2.7-68.s390x",
"3AS:krb5-debuginfo-0:1.2.7-68.x86_64",
"3AS:krb5-devel-0:1.2.7-68.i386",
"3AS:krb5-devel-0:1.2.7-68.ia64",
"3AS:krb5-devel-0:1.2.7-68.ppc",
"3AS:krb5-devel-0:1.2.7-68.s390",
"3AS:krb5-devel-0:1.2.7-68.s390x",
"3AS:krb5-devel-0:1.2.7-68.x86_64",
"3AS:krb5-libs-0:1.2.7-68.i386",
"3AS:krb5-libs-0:1.2.7-68.ia64",
"3AS:krb5-libs-0:1.2.7-68.ppc",
"3AS:krb5-libs-0:1.2.7-68.ppc64",
"3AS:krb5-libs-0:1.2.7-68.s390",
"3AS:krb5-libs-0:1.2.7-68.s390x",
"3AS:krb5-libs-0:1.2.7-68.x86_64",
"3AS:krb5-server-0:1.2.7-68.i386",
"3AS:krb5-server-0:1.2.7-68.ia64",
"3AS:krb5-server-0:1.2.7-68.ppc",
"3AS:krb5-server-0:1.2.7-68.s390",
"3AS:krb5-server-0:1.2.7-68.s390x",
"3AS:krb5-server-0:1.2.7-68.x86_64",
"3AS:krb5-workstation-0:1.2.7-68.i386",
"3AS:krb5-workstation-0:1.2.7-68.ia64",
"3AS:krb5-workstation-0:1.2.7-68.ppc",
"3AS:krb5-workstation-0:1.2.7-68.s390",
"3AS:krb5-workstation-0:1.2.7-68.s390x",
"3AS:krb5-workstation-0:1.2.7-68.x86_64",
"3Desktop:krb5-0:1.2.7-68.src",
"3Desktop:krb5-debuginfo-0:1.2.7-68.i386",
"3Desktop:krb5-debuginfo-0:1.2.7-68.ia64",
"3Desktop:krb5-debuginfo-0:1.2.7-68.ppc",
"3Desktop:krb5-debuginfo-0:1.2.7-68.ppc64",
"3Desktop:krb5-debuginfo-0:1.2.7-68.s390",
"3Desktop:krb5-debuginfo-0:1.2.7-68.s390x",
"3Desktop:krb5-debuginfo-0:1.2.7-68.x86_64",
"3Desktop:krb5-devel-0:1.2.7-68.i386",
"3Desktop:krb5-devel-0:1.2.7-68.ia64",
"3Desktop:krb5-devel-0:1.2.7-68.ppc",
"3Desktop:krb5-devel-0:1.2.7-68.s390",
"3Desktop:krb5-devel-0:1.2.7-68.s390x",
"3Desktop:krb5-devel-0:1.2.7-68.x86_64",
"3Desktop:krb5-libs-0:1.2.7-68.i386",
"3Desktop:krb5-libs-0:1.2.7-68.ia64",
"3Desktop:krb5-libs-0:1.2.7-68.ppc",
"3Desktop:krb5-libs-0:1.2.7-68.ppc64",
"3Desktop:krb5-libs-0:1.2.7-68.s390",
"3Desktop:krb5-libs-0:1.2.7-68.s390x",
"3Desktop:krb5-libs-0:1.2.7-68.x86_64",
"3Desktop:krb5-server-0:1.2.7-68.i386",
"3Desktop:krb5-server-0:1.2.7-68.ia64",
"3Desktop:krb5-server-0:1.2.7-68.ppc",
"3Desktop:krb5-server-0:1.2.7-68.s390",
"3Desktop:krb5-server-0:1.2.7-68.s390x",
"3Desktop:krb5-server-0:1.2.7-68.x86_64",
"3Desktop:krb5-workstation-0:1.2.7-68.i386",
"3Desktop:krb5-workstation-0:1.2.7-68.ia64",
"3Desktop:krb5-workstation-0:1.2.7-68.ppc",
"3Desktop:krb5-workstation-0:1.2.7-68.s390",
"3Desktop:krb5-workstation-0:1.2.7-68.s390x",
"3Desktop:krb5-workstation-0:1.2.7-68.x86_64",
"3ES:krb5-0:1.2.7-68.src",
"3ES:krb5-debuginfo-0:1.2.7-68.i386",
"3ES:krb5-debuginfo-0:1.2.7-68.ia64",
"3ES:krb5-debuginfo-0:1.2.7-68.ppc",
"3ES:krb5-debuginfo-0:1.2.7-68.ppc64",
"3ES:krb5-debuginfo-0:1.2.7-68.s390",
"3ES:krb5-debuginfo-0:1.2.7-68.s390x",
"3ES:krb5-debuginfo-0:1.2.7-68.x86_64",
"3ES:krb5-devel-0:1.2.7-68.i386",
"3ES:krb5-devel-0:1.2.7-68.ia64",
"3ES:krb5-devel-0:1.2.7-68.ppc",
"3ES:krb5-devel-0:1.2.7-68.s390",
"3ES:krb5-devel-0:1.2.7-68.s390x",
"3ES:krb5-devel-0:1.2.7-68.x86_64",
"3ES:krb5-libs-0:1.2.7-68.i386",
"3ES:krb5-libs-0:1.2.7-68.ia64",
"3ES:krb5-libs-0:1.2.7-68.ppc",
"3ES:krb5-libs-0:1.2.7-68.ppc64",
"3ES:krb5-libs-0:1.2.7-68.s390",
"3ES:krb5-libs-0:1.2.7-68.s390x",
"3ES:krb5-libs-0:1.2.7-68.x86_64",
"3ES:krb5-server-0:1.2.7-68.i386",
"3ES:krb5-server-0:1.2.7-68.ia64",
"3ES:krb5-server-0:1.2.7-68.ppc",
"3ES:krb5-server-0:1.2.7-68.s390",
"3ES:krb5-server-0:1.2.7-68.s390x",
"3ES:krb5-server-0:1.2.7-68.x86_64",
"3ES:krb5-workstation-0:1.2.7-68.i386",
"3ES:krb5-workstation-0:1.2.7-68.ia64",
"3ES:krb5-workstation-0:1.2.7-68.ppc",
"3ES:krb5-workstation-0:1.2.7-68.s390",
"3ES:krb5-workstation-0:1.2.7-68.s390x",
"3ES:krb5-workstation-0:1.2.7-68.x86_64",
"3WS:krb5-0:1.2.7-68.src",
"3WS:krb5-debuginfo-0:1.2.7-68.i386",
"3WS:krb5-debuginfo-0:1.2.7-68.ia64",
"3WS:krb5-debuginfo-0:1.2.7-68.ppc",
"3WS:krb5-debuginfo-0:1.2.7-68.ppc64",
"3WS:krb5-debuginfo-0:1.2.7-68.s390",
"3WS:krb5-debuginfo-0:1.2.7-68.s390x",
"3WS:krb5-debuginfo-0:1.2.7-68.x86_64",
"3WS:krb5-devel-0:1.2.7-68.i386",
"3WS:krb5-devel-0:1.2.7-68.ia64",
"3WS:krb5-devel-0:1.2.7-68.ppc",
"3WS:krb5-devel-0:1.2.7-68.s390",
"3WS:krb5-devel-0:1.2.7-68.s390x",
"3WS:krb5-devel-0:1.2.7-68.x86_64",
"3WS:krb5-libs-0:1.2.7-68.i386",
"3WS:krb5-libs-0:1.2.7-68.ia64",
"3WS:krb5-libs-0:1.2.7-68.ppc",
"3WS:krb5-libs-0:1.2.7-68.ppc64",
"3WS:krb5-libs-0:1.2.7-68.s390",
"3WS:krb5-libs-0:1.2.7-68.s390x",
"3WS:krb5-libs-0:1.2.7-68.x86_64",
"3WS:krb5-server-0:1.2.7-68.i386",
"3WS:krb5-server-0:1.2.7-68.ia64",
"3WS:krb5-server-0:1.2.7-68.ppc",
"3WS:krb5-server-0:1.2.7-68.s390",
"3WS:krb5-server-0:1.2.7-68.s390x",
"3WS:krb5-server-0:1.2.7-68.x86_64",
"3WS:krb5-workstation-0:1.2.7-68.i386",
"3WS:krb5-workstation-0:1.2.7-68.ia64",
"3WS:krb5-workstation-0:1.2.7-68.ppc",
"3WS:krb5-workstation-0:1.2.7-68.s390",
"3WS:krb5-workstation-0:1.2.7-68.s390x",
"3WS:krb5-workstation-0:1.2.7-68.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0181"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "krb5: uninitialized pointer use in krb5kdc"
},
{
"acknowledgments": [
{
"names": [
"MIT"
]
}
],
"cve": "CVE-2008-0063",
"discovery_date": "2008-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "432621"
}
],
"notes": [
{
"category": "description",
"text": "The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka \"Uninitialized stack values.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: possible leak of sensitive data from krb5kdc using krb4 request",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"2.1AS:krb5-0:1.2.2-48.src",
"2.1AS:krb5-devel-0:1.2.2-48.i386",
"2.1AS:krb5-devel-0:1.2.2-48.ia64",
"2.1AS:krb5-libs-0:1.2.2-48.i386",
"2.1AS:krb5-libs-0:1.2.2-48.ia64",
"2.1AS:krb5-server-0:1.2.2-48.i386",
"2.1AS:krb5-server-0:1.2.2-48.ia64",
"2.1AS:krb5-workstation-0:1.2.2-48.i386",
"2.1AS:krb5-workstation-0:1.2.2-48.ia64",
"2.1AW:krb5-0:1.2.2-48.src",
"2.1AW:krb5-devel-0:1.2.2-48.i386",
"2.1AW:krb5-devel-0:1.2.2-48.ia64",
"2.1AW:krb5-libs-0:1.2.2-48.i386",
"2.1AW:krb5-libs-0:1.2.2-48.ia64",
"2.1AW:krb5-server-0:1.2.2-48.i386",
"2.1AW:krb5-server-0:1.2.2-48.ia64",
"2.1AW:krb5-workstation-0:1.2.2-48.i386",
"2.1AW:krb5-workstation-0:1.2.2-48.ia64",
"2.1ES:krb5-0:1.2.2-48.src",
"2.1ES:krb5-devel-0:1.2.2-48.i386",
"2.1ES:krb5-devel-0:1.2.2-48.ia64",
"2.1ES:krb5-libs-0:1.2.2-48.i386",
"2.1ES:krb5-libs-0:1.2.2-48.ia64",
"2.1ES:krb5-server-0:1.2.2-48.i386",
"2.1ES:krb5-server-0:1.2.2-48.ia64",
"2.1ES:krb5-workstation-0:1.2.2-48.i386",
"2.1ES:krb5-workstation-0:1.2.2-48.ia64",
"2.1WS:krb5-0:1.2.2-48.src",
"2.1WS:krb5-devel-0:1.2.2-48.i386",
"2.1WS:krb5-devel-0:1.2.2-48.ia64",
"2.1WS:krb5-libs-0:1.2.2-48.i386",
"2.1WS:krb5-libs-0:1.2.2-48.ia64",
"2.1WS:krb5-server-0:1.2.2-48.i386",
"2.1WS:krb5-server-0:1.2.2-48.ia64",
"2.1WS:krb5-workstation-0:1.2.2-48.i386",
"2.1WS:krb5-workstation-0:1.2.2-48.ia64",
"3AS:krb5-0:1.2.7-68.src",
"3AS:krb5-debuginfo-0:1.2.7-68.i386",
"3AS:krb5-debuginfo-0:1.2.7-68.ia64",
"3AS:krb5-debuginfo-0:1.2.7-68.ppc",
"3AS:krb5-debuginfo-0:1.2.7-68.ppc64",
"3AS:krb5-debuginfo-0:1.2.7-68.s390",
"3AS:krb5-debuginfo-0:1.2.7-68.s390x",
"3AS:krb5-debuginfo-0:1.2.7-68.x86_64",
"3AS:krb5-devel-0:1.2.7-68.i386",
"3AS:krb5-devel-0:1.2.7-68.ia64",
"3AS:krb5-devel-0:1.2.7-68.ppc",
"3AS:krb5-devel-0:1.2.7-68.s390",
"3AS:krb5-devel-0:1.2.7-68.s390x",
"3AS:krb5-devel-0:1.2.7-68.x86_64",
"3AS:krb5-libs-0:1.2.7-68.i386",
"3AS:krb5-libs-0:1.2.7-68.ia64",
"3AS:krb5-libs-0:1.2.7-68.ppc",
"3AS:krb5-libs-0:1.2.7-68.ppc64",
"3AS:krb5-libs-0:1.2.7-68.s390",
"3AS:krb5-libs-0:1.2.7-68.s390x",
"3AS:krb5-libs-0:1.2.7-68.x86_64",
"3AS:krb5-server-0:1.2.7-68.i386",
"3AS:krb5-server-0:1.2.7-68.ia64",
"3AS:krb5-server-0:1.2.7-68.ppc",
"3AS:krb5-server-0:1.2.7-68.s390",
"3AS:krb5-server-0:1.2.7-68.s390x",
"3AS:krb5-server-0:1.2.7-68.x86_64",
"3AS:krb5-workstation-0:1.2.7-68.i386",
"3AS:krb5-workstation-0:1.2.7-68.ia64",
"3AS:krb5-workstation-0:1.2.7-68.ppc",
"3AS:krb5-workstation-0:1.2.7-68.s390",
"3AS:krb5-workstation-0:1.2.7-68.s390x",
"3AS:krb5-workstation-0:1.2.7-68.x86_64",
"3Desktop:krb5-0:1.2.7-68.src",
"3Desktop:krb5-debuginfo-0:1.2.7-68.i386",
"3Desktop:krb5-debuginfo-0:1.2.7-68.ia64",
"3Desktop:krb5-debuginfo-0:1.2.7-68.ppc",
"3Desktop:krb5-debuginfo-0:1.2.7-68.ppc64",
"3Desktop:krb5-debuginfo-0:1.2.7-68.s390",
"3Desktop:krb5-debuginfo-0:1.2.7-68.s390x",
"3Desktop:krb5-debuginfo-0:1.2.7-68.x86_64",
"3Desktop:krb5-devel-0:1.2.7-68.i386",
"3Desktop:krb5-devel-0:1.2.7-68.ia64",
"3Desktop:krb5-devel-0:1.2.7-68.ppc",
"3Desktop:krb5-devel-0:1.2.7-68.s390",
"3Desktop:krb5-devel-0:1.2.7-68.s390x",
"3Desktop:krb5-devel-0:1.2.7-68.x86_64",
"3Desktop:krb5-libs-0:1.2.7-68.i386",
"3Desktop:krb5-libs-0:1.2.7-68.ia64",
"3Desktop:krb5-libs-0:1.2.7-68.ppc",
"3Desktop:krb5-libs-0:1.2.7-68.ppc64",
"3Desktop:krb5-libs-0:1.2.7-68.s390",
"3Desktop:krb5-libs-0:1.2.7-68.s390x",
"3Desktop:krb5-libs-0:1.2.7-68.x86_64",
"3Desktop:krb5-server-0:1.2.7-68.i386",
"3Desktop:krb5-server-0:1.2.7-68.ia64",
"3Desktop:krb5-server-0:1.2.7-68.ppc",
"3Desktop:krb5-server-0:1.2.7-68.s390",
"3Desktop:krb5-server-0:1.2.7-68.s390x",
"3Desktop:krb5-server-0:1.2.7-68.x86_64",
"3Desktop:krb5-workstation-0:1.2.7-68.i386",
"3Desktop:krb5-workstation-0:1.2.7-68.ia64",
"3Desktop:krb5-workstation-0:1.2.7-68.ppc",
"3Desktop:krb5-workstation-0:1.2.7-68.s390",
"3Desktop:krb5-workstation-0:1.2.7-68.s390x",
"3Desktop:krb5-workstation-0:1.2.7-68.x86_64",
"3ES:krb5-0:1.2.7-68.src",
"3ES:krb5-debuginfo-0:1.2.7-68.i386",
"3ES:krb5-debuginfo-0:1.2.7-68.ia64",
"3ES:krb5-debuginfo-0:1.2.7-68.ppc",
"3ES:krb5-debuginfo-0:1.2.7-68.ppc64",
"3ES:krb5-debuginfo-0:1.2.7-68.s390",
"3ES:krb5-debuginfo-0:1.2.7-68.s390x",
"3ES:krb5-debuginfo-0:1.2.7-68.x86_64",
"3ES:krb5-devel-0:1.2.7-68.i386",
"3ES:krb5-devel-0:1.2.7-68.ia64",
"3ES:krb5-devel-0:1.2.7-68.ppc",
"3ES:krb5-devel-0:1.2.7-68.s390",
"3ES:krb5-devel-0:1.2.7-68.s390x",
"3ES:krb5-devel-0:1.2.7-68.x86_64",
"3ES:krb5-libs-0:1.2.7-68.i386",
"3ES:krb5-libs-0:1.2.7-68.ia64",
"3ES:krb5-libs-0:1.2.7-68.ppc",
"3ES:krb5-libs-0:1.2.7-68.ppc64",
"3ES:krb5-libs-0:1.2.7-68.s390",
"3ES:krb5-libs-0:1.2.7-68.s390x",
"3ES:krb5-libs-0:1.2.7-68.x86_64",
"3ES:krb5-server-0:1.2.7-68.i386",
"3ES:krb5-server-0:1.2.7-68.ia64",
"3ES:krb5-server-0:1.2.7-68.ppc",
"3ES:krb5-server-0:1.2.7-68.s390",
"3ES:krb5-server-0:1.2.7-68.s390x",
"3ES:krb5-server-0:1.2.7-68.x86_64",
"3ES:krb5-workstation-0:1.2.7-68.i386",
"3ES:krb5-workstation-0:1.2.7-68.ia64",
"3ES:krb5-workstation-0:1.2.7-68.ppc",
"3ES:krb5-workstation-0:1.2.7-68.s390",
"3ES:krb5-workstation-0:1.2.7-68.s390x",
"3ES:krb5-workstation-0:1.2.7-68.x86_64",
"3WS:krb5-0:1.2.7-68.src",
"3WS:krb5-debuginfo-0:1.2.7-68.i386",
"3WS:krb5-debuginfo-0:1.2.7-68.ia64",
"3WS:krb5-debuginfo-0:1.2.7-68.ppc",
"3WS:krb5-debuginfo-0:1.2.7-68.ppc64",
"3WS:krb5-debuginfo-0:1.2.7-68.s390",
"3WS:krb5-debuginfo-0:1.2.7-68.s390x",
"3WS:krb5-debuginfo-0:1.2.7-68.x86_64",
"3WS:krb5-devel-0:1.2.7-68.i386",
"3WS:krb5-devel-0:1.2.7-68.ia64",
"3WS:krb5-devel-0:1.2.7-68.ppc",
"3WS:krb5-devel-0:1.2.7-68.s390",
"3WS:krb5-devel-0:1.2.7-68.s390x",
"3WS:krb5-devel-0:1.2.7-68.x86_64",
"3WS:krb5-libs-0:1.2.7-68.i386",
"3WS:krb5-libs-0:1.2.7-68.ia64",
"3WS:krb5-libs-0:1.2.7-68.ppc",
"3WS:krb5-libs-0:1.2.7-68.ppc64",
"3WS:krb5-libs-0:1.2.7-68.s390",
"3WS:krb5-libs-0:1.2.7-68.s390x",
"3WS:krb5-libs-0:1.2.7-68.x86_64",
"3WS:krb5-server-0:1.2.7-68.i386",
"3WS:krb5-server-0:1.2.7-68.ia64",
"3WS:krb5-server-0:1.2.7-68.ppc",
"3WS:krb5-server-0:1.2.7-68.s390",
"3WS:krb5-server-0:1.2.7-68.s390x",
"3WS:krb5-server-0:1.2.7-68.x86_64",
"3WS:krb5-workstation-0:1.2.7-68.i386",
"3WS:krb5-workstation-0:1.2.7-68.ia64",
"3WS:krb5-workstation-0:1.2.7-68.ppc",
"3WS:krb5-workstation-0:1.2.7-68.s390",
"3WS:krb5-workstation-0:1.2.7-68.s390x",
"3WS:krb5-workstation-0:1.2.7-68.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0063"
},
{
"category": "external",
"summary": "RHBZ#432621",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432621"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0063",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0063"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0063",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0063"
}
],
"release_date": "2008-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-03-18T18:54:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"2.1AS:krb5-0:1.2.2-48.src",
"2.1AS:krb5-devel-0:1.2.2-48.i386",
"2.1AS:krb5-devel-0:1.2.2-48.ia64",
"2.1AS:krb5-libs-0:1.2.2-48.i386",
"2.1AS:krb5-libs-0:1.2.2-48.ia64",
"2.1AS:krb5-server-0:1.2.2-48.i386",
"2.1AS:krb5-server-0:1.2.2-48.ia64",
"2.1AS:krb5-workstation-0:1.2.2-48.i386",
"2.1AS:krb5-workstation-0:1.2.2-48.ia64",
"2.1AW:krb5-0:1.2.2-48.src",
"2.1AW:krb5-devel-0:1.2.2-48.i386",
"2.1AW:krb5-devel-0:1.2.2-48.ia64",
"2.1AW:krb5-libs-0:1.2.2-48.i386",
"2.1AW:krb5-libs-0:1.2.2-48.ia64",
"2.1AW:krb5-server-0:1.2.2-48.i386",
"2.1AW:krb5-server-0:1.2.2-48.ia64",
"2.1AW:krb5-workstation-0:1.2.2-48.i386",
"2.1AW:krb5-workstation-0:1.2.2-48.ia64",
"2.1ES:krb5-0:1.2.2-48.src",
"2.1ES:krb5-devel-0:1.2.2-48.i386",
"2.1ES:krb5-devel-0:1.2.2-48.ia64",
"2.1ES:krb5-libs-0:1.2.2-48.i386",
"2.1ES:krb5-libs-0:1.2.2-48.ia64",
"2.1ES:krb5-server-0:1.2.2-48.i386",
"2.1ES:krb5-server-0:1.2.2-48.ia64",
"2.1ES:krb5-workstation-0:1.2.2-48.i386",
"2.1ES:krb5-workstation-0:1.2.2-48.ia64",
"2.1WS:krb5-0:1.2.2-48.src",
"2.1WS:krb5-devel-0:1.2.2-48.i386",
"2.1WS:krb5-devel-0:1.2.2-48.ia64",
"2.1WS:krb5-libs-0:1.2.2-48.i386",
"2.1WS:krb5-libs-0:1.2.2-48.ia64",
"2.1WS:krb5-server-0:1.2.2-48.i386",
"2.1WS:krb5-server-0:1.2.2-48.ia64",
"2.1WS:krb5-workstation-0:1.2.2-48.i386",
"2.1WS:krb5-workstation-0:1.2.2-48.ia64",
"3AS:krb5-0:1.2.7-68.src",
"3AS:krb5-debuginfo-0:1.2.7-68.i386",
"3AS:krb5-debuginfo-0:1.2.7-68.ia64",
"3AS:krb5-debuginfo-0:1.2.7-68.ppc",
"3AS:krb5-debuginfo-0:1.2.7-68.ppc64",
"3AS:krb5-debuginfo-0:1.2.7-68.s390",
"3AS:krb5-debuginfo-0:1.2.7-68.s390x",
"3AS:krb5-debuginfo-0:1.2.7-68.x86_64",
"3AS:krb5-devel-0:1.2.7-68.i386",
"3AS:krb5-devel-0:1.2.7-68.ia64",
"3AS:krb5-devel-0:1.2.7-68.ppc",
"3AS:krb5-devel-0:1.2.7-68.s390",
"3AS:krb5-devel-0:1.2.7-68.s390x",
"3AS:krb5-devel-0:1.2.7-68.x86_64",
"3AS:krb5-libs-0:1.2.7-68.i386",
"3AS:krb5-libs-0:1.2.7-68.ia64",
"3AS:krb5-libs-0:1.2.7-68.ppc",
"3AS:krb5-libs-0:1.2.7-68.ppc64",
"3AS:krb5-libs-0:1.2.7-68.s390",
"3AS:krb5-libs-0:1.2.7-68.s390x",
"3AS:krb5-libs-0:1.2.7-68.x86_64",
"3AS:krb5-server-0:1.2.7-68.i386",
"3AS:krb5-server-0:1.2.7-68.ia64",
"3AS:krb5-server-0:1.2.7-68.ppc",
"3AS:krb5-server-0:1.2.7-68.s390",
"3AS:krb5-server-0:1.2.7-68.s390x",
"3AS:krb5-server-0:1.2.7-68.x86_64",
"3AS:krb5-workstation-0:1.2.7-68.i386",
"3AS:krb5-workstation-0:1.2.7-68.ia64",
"3AS:krb5-workstation-0:1.2.7-68.ppc",
"3AS:krb5-workstation-0:1.2.7-68.s390",
"3AS:krb5-workstation-0:1.2.7-68.s390x",
"3AS:krb5-workstation-0:1.2.7-68.x86_64",
"3Desktop:krb5-0:1.2.7-68.src",
"3Desktop:krb5-debuginfo-0:1.2.7-68.i386",
"3Desktop:krb5-debuginfo-0:1.2.7-68.ia64",
"3Desktop:krb5-debuginfo-0:1.2.7-68.ppc",
"3Desktop:krb5-debuginfo-0:1.2.7-68.ppc64",
"3Desktop:krb5-debuginfo-0:1.2.7-68.s390",
"3Desktop:krb5-debuginfo-0:1.2.7-68.s390x",
"3Desktop:krb5-debuginfo-0:1.2.7-68.x86_64",
"3Desktop:krb5-devel-0:1.2.7-68.i386",
"3Desktop:krb5-devel-0:1.2.7-68.ia64",
"3Desktop:krb5-devel-0:1.2.7-68.ppc",
"3Desktop:krb5-devel-0:1.2.7-68.s390",
"3Desktop:krb5-devel-0:1.2.7-68.s390x",
"3Desktop:krb5-devel-0:1.2.7-68.x86_64",
"3Desktop:krb5-libs-0:1.2.7-68.i386",
"3Desktop:krb5-libs-0:1.2.7-68.ia64",
"3Desktop:krb5-libs-0:1.2.7-68.ppc",
"3Desktop:krb5-libs-0:1.2.7-68.ppc64",
"3Desktop:krb5-libs-0:1.2.7-68.s390",
"3Desktop:krb5-libs-0:1.2.7-68.s390x",
"3Desktop:krb5-libs-0:1.2.7-68.x86_64",
"3Desktop:krb5-server-0:1.2.7-68.i386",
"3Desktop:krb5-server-0:1.2.7-68.ia64",
"3Desktop:krb5-server-0:1.2.7-68.ppc",
"3Desktop:krb5-server-0:1.2.7-68.s390",
"3Desktop:krb5-server-0:1.2.7-68.s390x",
"3Desktop:krb5-server-0:1.2.7-68.x86_64",
"3Desktop:krb5-workstation-0:1.2.7-68.i386",
"3Desktop:krb5-workstation-0:1.2.7-68.ia64",
"3Desktop:krb5-workstation-0:1.2.7-68.ppc",
"3Desktop:krb5-workstation-0:1.2.7-68.s390",
"3Desktop:krb5-workstation-0:1.2.7-68.s390x",
"3Desktop:krb5-workstation-0:1.2.7-68.x86_64",
"3ES:krb5-0:1.2.7-68.src",
"3ES:krb5-debuginfo-0:1.2.7-68.i386",
"3ES:krb5-debuginfo-0:1.2.7-68.ia64",
"3ES:krb5-debuginfo-0:1.2.7-68.ppc",
"3ES:krb5-debuginfo-0:1.2.7-68.ppc64",
"3ES:krb5-debuginfo-0:1.2.7-68.s390",
"3ES:krb5-debuginfo-0:1.2.7-68.s390x",
"3ES:krb5-debuginfo-0:1.2.7-68.x86_64",
"3ES:krb5-devel-0:1.2.7-68.i386",
"3ES:krb5-devel-0:1.2.7-68.ia64",
"3ES:krb5-devel-0:1.2.7-68.ppc",
"3ES:krb5-devel-0:1.2.7-68.s390",
"3ES:krb5-devel-0:1.2.7-68.s390x",
"3ES:krb5-devel-0:1.2.7-68.x86_64",
"3ES:krb5-libs-0:1.2.7-68.i386",
"3ES:krb5-libs-0:1.2.7-68.ia64",
"3ES:krb5-libs-0:1.2.7-68.ppc",
"3ES:krb5-libs-0:1.2.7-68.ppc64",
"3ES:krb5-libs-0:1.2.7-68.s390",
"3ES:krb5-libs-0:1.2.7-68.s390x",
"3ES:krb5-libs-0:1.2.7-68.x86_64",
"3ES:krb5-server-0:1.2.7-68.i386",
"3ES:krb5-server-0:1.2.7-68.ia64",
"3ES:krb5-server-0:1.2.7-68.ppc",
"3ES:krb5-server-0:1.2.7-68.s390",
"3ES:krb5-server-0:1.2.7-68.s390x",
"3ES:krb5-server-0:1.2.7-68.x86_64",
"3ES:krb5-workstation-0:1.2.7-68.i386",
"3ES:krb5-workstation-0:1.2.7-68.ia64",
"3ES:krb5-workstation-0:1.2.7-68.ppc",
"3ES:krb5-workstation-0:1.2.7-68.s390",
"3ES:krb5-workstation-0:1.2.7-68.s390x",
"3ES:krb5-workstation-0:1.2.7-68.x86_64",
"3WS:krb5-0:1.2.7-68.src",
"3WS:krb5-debuginfo-0:1.2.7-68.i386",
"3WS:krb5-debuginfo-0:1.2.7-68.ia64",
"3WS:krb5-debuginfo-0:1.2.7-68.ppc",
"3WS:krb5-debuginfo-0:1.2.7-68.ppc64",
"3WS:krb5-debuginfo-0:1.2.7-68.s390",
"3WS:krb5-debuginfo-0:1.2.7-68.s390x",
"3WS:krb5-debuginfo-0:1.2.7-68.x86_64",
"3WS:krb5-devel-0:1.2.7-68.i386",
"3WS:krb5-devel-0:1.2.7-68.ia64",
"3WS:krb5-devel-0:1.2.7-68.ppc",
"3WS:krb5-devel-0:1.2.7-68.s390",
"3WS:krb5-devel-0:1.2.7-68.s390x",
"3WS:krb5-devel-0:1.2.7-68.x86_64",
"3WS:krb5-libs-0:1.2.7-68.i386",
"3WS:krb5-libs-0:1.2.7-68.ia64",
"3WS:krb5-libs-0:1.2.7-68.ppc",
"3WS:krb5-libs-0:1.2.7-68.ppc64",
"3WS:krb5-libs-0:1.2.7-68.s390",
"3WS:krb5-libs-0:1.2.7-68.s390x",
"3WS:krb5-libs-0:1.2.7-68.x86_64",
"3WS:krb5-server-0:1.2.7-68.i386",
"3WS:krb5-server-0:1.2.7-68.ia64",
"3WS:krb5-server-0:1.2.7-68.ppc",
"3WS:krb5-server-0:1.2.7-68.s390",
"3WS:krb5-server-0:1.2.7-68.s390x",
"3WS:krb5-server-0:1.2.7-68.x86_64",
"3WS:krb5-workstation-0:1.2.7-68.i386",
"3WS:krb5-workstation-0:1.2.7-68.ia64",
"3WS:krb5-workstation-0:1.2.7-68.ppc",
"3WS:krb5-workstation-0:1.2.7-68.s390",
"3WS:krb5-workstation-0:1.2.7-68.s390x",
"3WS:krb5-workstation-0:1.2.7-68.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0181"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "krb5: possible leak of sensitive data from krb5kdc using krb4 request"
},
{
"acknowledgments": [
{
"names": [
"MIT"
]
}
],
"cve": "CVE-2008-0948",
"discovery_date": "2008-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "435087"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: incorrect handling of high-numbered file descriptors in RPC library",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"2.1AS:krb5-0:1.2.2-48.src",
"2.1AS:krb5-devel-0:1.2.2-48.i386",
"2.1AS:krb5-devel-0:1.2.2-48.ia64",
"2.1AS:krb5-libs-0:1.2.2-48.i386",
"2.1AS:krb5-libs-0:1.2.2-48.ia64",
"2.1AS:krb5-server-0:1.2.2-48.i386",
"2.1AS:krb5-server-0:1.2.2-48.ia64",
"2.1AS:krb5-workstation-0:1.2.2-48.i386",
"2.1AS:krb5-workstation-0:1.2.2-48.ia64",
"2.1AW:krb5-0:1.2.2-48.src",
"2.1AW:krb5-devel-0:1.2.2-48.i386",
"2.1AW:krb5-devel-0:1.2.2-48.ia64",
"2.1AW:krb5-libs-0:1.2.2-48.i386",
"2.1AW:krb5-libs-0:1.2.2-48.ia64",
"2.1AW:krb5-server-0:1.2.2-48.i386",
"2.1AW:krb5-server-0:1.2.2-48.ia64",
"2.1AW:krb5-workstation-0:1.2.2-48.i386",
"2.1AW:krb5-workstation-0:1.2.2-48.ia64",
"2.1ES:krb5-0:1.2.2-48.src",
"2.1ES:krb5-devel-0:1.2.2-48.i386",
"2.1ES:krb5-devel-0:1.2.2-48.ia64",
"2.1ES:krb5-libs-0:1.2.2-48.i386",
"2.1ES:krb5-libs-0:1.2.2-48.ia64",
"2.1ES:krb5-server-0:1.2.2-48.i386",
"2.1ES:krb5-server-0:1.2.2-48.ia64",
"2.1ES:krb5-workstation-0:1.2.2-48.i386",
"2.1ES:krb5-workstation-0:1.2.2-48.ia64",
"2.1WS:krb5-0:1.2.2-48.src",
"2.1WS:krb5-devel-0:1.2.2-48.i386",
"2.1WS:krb5-devel-0:1.2.2-48.ia64",
"2.1WS:krb5-libs-0:1.2.2-48.i386",
"2.1WS:krb5-libs-0:1.2.2-48.ia64",
"2.1WS:krb5-server-0:1.2.2-48.i386",
"2.1WS:krb5-server-0:1.2.2-48.ia64",
"2.1WS:krb5-workstation-0:1.2.2-48.i386",
"2.1WS:krb5-workstation-0:1.2.2-48.ia64",
"3AS:krb5-0:1.2.7-68.src",
"3AS:krb5-debuginfo-0:1.2.7-68.i386",
"3AS:krb5-debuginfo-0:1.2.7-68.ia64",
"3AS:krb5-debuginfo-0:1.2.7-68.ppc",
"3AS:krb5-debuginfo-0:1.2.7-68.ppc64",
"3AS:krb5-debuginfo-0:1.2.7-68.s390",
"3AS:krb5-debuginfo-0:1.2.7-68.s390x",
"3AS:krb5-debuginfo-0:1.2.7-68.x86_64",
"3AS:krb5-devel-0:1.2.7-68.i386",
"3AS:krb5-devel-0:1.2.7-68.ia64",
"3AS:krb5-devel-0:1.2.7-68.ppc",
"3AS:krb5-devel-0:1.2.7-68.s390",
"3AS:krb5-devel-0:1.2.7-68.s390x",
"3AS:krb5-devel-0:1.2.7-68.x86_64",
"3AS:krb5-libs-0:1.2.7-68.i386",
"3AS:krb5-libs-0:1.2.7-68.ia64",
"3AS:krb5-libs-0:1.2.7-68.ppc",
"3AS:krb5-libs-0:1.2.7-68.ppc64",
"3AS:krb5-libs-0:1.2.7-68.s390",
"3AS:krb5-libs-0:1.2.7-68.s390x",
"3AS:krb5-libs-0:1.2.7-68.x86_64",
"3AS:krb5-server-0:1.2.7-68.i386",
"3AS:krb5-server-0:1.2.7-68.ia64",
"3AS:krb5-server-0:1.2.7-68.ppc",
"3AS:krb5-server-0:1.2.7-68.s390",
"3AS:krb5-server-0:1.2.7-68.s390x",
"3AS:krb5-server-0:1.2.7-68.x86_64",
"3AS:krb5-workstation-0:1.2.7-68.i386",
"3AS:krb5-workstation-0:1.2.7-68.ia64",
"3AS:krb5-workstation-0:1.2.7-68.ppc",
"3AS:krb5-workstation-0:1.2.7-68.s390",
"3AS:krb5-workstation-0:1.2.7-68.s390x",
"3AS:krb5-workstation-0:1.2.7-68.x86_64",
"3Desktop:krb5-0:1.2.7-68.src",
"3Desktop:krb5-debuginfo-0:1.2.7-68.i386",
"3Desktop:krb5-debuginfo-0:1.2.7-68.ia64",
"3Desktop:krb5-debuginfo-0:1.2.7-68.ppc",
"3Desktop:krb5-debuginfo-0:1.2.7-68.ppc64",
"3Desktop:krb5-debuginfo-0:1.2.7-68.s390",
"3Desktop:krb5-debuginfo-0:1.2.7-68.s390x",
"3Desktop:krb5-debuginfo-0:1.2.7-68.x86_64",
"3Desktop:krb5-devel-0:1.2.7-68.i386",
"3Desktop:krb5-devel-0:1.2.7-68.ia64",
"3Desktop:krb5-devel-0:1.2.7-68.ppc",
"3Desktop:krb5-devel-0:1.2.7-68.s390",
"3Desktop:krb5-devel-0:1.2.7-68.s390x",
"3Desktop:krb5-devel-0:1.2.7-68.x86_64",
"3Desktop:krb5-libs-0:1.2.7-68.i386",
"3Desktop:krb5-libs-0:1.2.7-68.ia64",
"3Desktop:krb5-libs-0:1.2.7-68.ppc",
"3Desktop:krb5-libs-0:1.2.7-68.ppc64",
"3Desktop:krb5-libs-0:1.2.7-68.s390",
"3Desktop:krb5-libs-0:1.2.7-68.s390x",
"3Desktop:krb5-libs-0:1.2.7-68.x86_64",
"3Desktop:krb5-server-0:1.2.7-68.i386",
"3Desktop:krb5-server-0:1.2.7-68.ia64",
"3Desktop:krb5-server-0:1.2.7-68.ppc",
"3Desktop:krb5-server-0:1.2.7-68.s390",
"3Desktop:krb5-server-0:1.2.7-68.s390x",
"3Desktop:krb5-server-0:1.2.7-68.x86_64",
"3Desktop:krb5-workstation-0:1.2.7-68.i386",
"3Desktop:krb5-workstation-0:1.2.7-68.ia64",
"3Desktop:krb5-workstation-0:1.2.7-68.ppc",
"3Desktop:krb5-workstation-0:1.2.7-68.s390",
"3Desktop:krb5-workstation-0:1.2.7-68.s390x",
"3Desktop:krb5-workstation-0:1.2.7-68.x86_64",
"3ES:krb5-0:1.2.7-68.src",
"3ES:krb5-debuginfo-0:1.2.7-68.i386",
"3ES:krb5-debuginfo-0:1.2.7-68.ia64",
"3ES:krb5-debuginfo-0:1.2.7-68.ppc",
"3ES:krb5-debuginfo-0:1.2.7-68.ppc64",
"3ES:krb5-debuginfo-0:1.2.7-68.s390",
"3ES:krb5-debuginfo-0:1.2.7-68.s390x",
"3ES:krb5-debuginfo-0:1.2.7-68.x86_64",
"3ES:krb5-devel-0:1.2.7-68.i386",
"3ES:krb5-devel-0:1.2.7-68.ia64",
"3ES:krb5-devel-0:1.2.7-68.ppc",
"3ES:krb5-devel-0:1.2.7-68.s390",
"3ES:krb5-devel-0:1.2.7-68.s390x",
"3ES:krb5-devel-0:1.2.7-68.x86_64",
"3ES:krb5-libs-0:1.2.7-68.i386",
"3ES:krb5-libs-0:1.2.7-68.ia64",
"3ES:krb5-libs-0:1.2.7-68.ppc",
"3ES:krb5-libs-0:1.2.7-68.ppc64",
"3ES:krb5-libs-0:1.2.7-68.s390",
"3ES:krb5-libs-0:1.2.7-68.s390x",
"3ES:krb5-libs-0:1.2.7-68.x86_64",
"3ES:krb5-server-0:1.2.7-68.i386",
"3ES:krb5-server-0:1.2.7-68.ia64",
"3ES:krb5-server-0:1.2.7-68.ppc",
"3ES:krb5-server-0:1.2.7-68.s390",
"3ES:krb5-server-0:1.2.7-68.s390x",
"3ES:krb5-server-0:1.2.7-68.x86_64",
"3ES:krb5-workstation-0:1.2.7-68.i386",
"3ES:krb5-workstation-0:1.2.7-68.ia64",
"3ES:krb5-workstation-0:1.2.7-68.ppc",
"3ES:krb5-workstation-0:1.2.7-68.s390",
"3ES:krb5-workstation-0:1.2.7-68.s390x",
"3ES:krb5-workstation-0:1.2.7-68.x86_64",
"3WS:krb5-0:1.2.7-68.src",
"3WS:krb5-debuginfo-0:1.2.7-68.i386",
"3WS:krb5-debuginfo-0:1.2.7-68.ia64",
"3WS:krb5-debuginfo-0:1.2.7-68.ppc",
"3WS:krb5-debuginfo-0:1.2.7-68.ppc64",
"3WS:krb5-debuginfo-0:1.2.7-68.s390",
"3WS:krb5-debuginfo-0:1.2.7-68.s390x",
"3WS:krb5-debuginfo-0:1.2.7-68.x86_64",
"3WS:krb5-devel-0:1.2.7-68.i386",
"3WS:krb5-devel-0:1.2.7-68.ia64",
"3WS:krb5-devel-0:1.2.7-68.ppc",
"3WS:krb5-devel-0:1.2.7-68.s390",
"3WS:krb5-devel-0:1.2.7-68.s390x",
"3WS:krb5-devel-0:1.2.7-68.x86_64",
"3WS:krb5-libs-0:1.2.7-68.i386",
"3WS:krb5-libs-0:1.2.7-68.ia64",
"3WS:krb5-libs-0:1.2.7-68.ppc",
"3WS:krb5-libs-0:1.2.7-68.ppc64",
"3WS:krb5-libs-0:1.2.7-68.s390",
"3WS:krb5-libs-0:1.2.7-68.s390x",
"3WS:krb5-libs-0:1.2.7-68.x86_64",
"3WS:krb5-server-0:1.2.7-68.i386",
"3WS:krb5-server-0:1.2.7-68.ia64",
"3WS:krb5-server-0:1.2.7-68.ppc",
"3WS:krb5-server-0:1.2.7-68.s390",
"3WS:krb5-server-0:1.2.7-68.s390x",
"3WS:krb5-server-0:1.2.7-68.x86_64",
"3WS:krb5-workstation-0:1.2.7-68.i386",
"3WS:krb5-workstation-0:1.2.7-68.ia64",
"3WS:krb5-workstation-0:1.2.7-68.ppc",
"3WS:krb5-workstation-0:1.2.7-68.s390",
"3WS:krb5-workstation-0:1.2.7-68.s390x",
"3WS:krb5-workstation-0:1.2.7-68.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0948"
},
{
"category": "external",
"summary": "RHBZ#435087",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=435087"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0948",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0948"
}
],
"release_date": "2008-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-03-18T18:54:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"2.1AS:krb5-0:1.2.2-48.src",
"2.1AS:krb5-devel-0:1.2.2-48.i386",
"2.1AS:krb5-devel-0:1.2.2-48.ia64",
"2.1AS:krb5-libs-0:1.2.2-48.i386",
"2.1AS:krb5-libs-0:1.2.2-48.ia64",
"2.1AS:krb5-server-0:1.2.2-48.i386",
"2.1AS:krb5-server-0:1.2.2-48.ia64",
"2.1AS:krb5-workstation-0:1.2.2-48.i386",
"2.1AS:krb5-workstation-0:1.2.2-48.ia64",
"2.1AW:krb5-0:1.2.2-48.src",
"2.1AW:krb5-devel-0:1.2.2-48.i386",
"2.1AW:krb5-devel-0:1.2.2-48.ia64",
"2.1AW:krb5-libs-0:1.2.2-48.i386",
"2.1AW:krb5-libs-0:1.2.2-48.ia64",
"2.1AW:krb5-server-0:1.2.2-48.i386",
"2.1AW:krb5-server-0:1.2.2-48.ia64",
"2.1AW:krb5-workstation-0:1.2.2-48.i386",
"2.1AW:krb5-workstation-0:1.2.2-48.ia64",
"2.1ES:krb5-0:1.2.2-48.src",
"2.1ES:krb5-devel-0:1.2.2-48.i386",
"2.1ES:krb5-devel-0:1.2.2-48.ia64",
"2.1ES:krb5-libs-0:1.2.2-48.i386",
"2.1ES:krb5-libs-0:1.2.2-48.ia64",
"2.1ES:krb5-server-0:1.2.2-48.i386",
"2.1ES:krb5-server-0:1.2.2-48.ia64",
"2.1ES:krb5-workstation-0:1.2.2-48.i386",
"2.1ES:krb5-workstation-0:1.2.2-48.ia64",
"2.1WS:krb5-0:1.2.2-48.src",
"2.1WS:krb5-devel-0:1.2.2-48.i386",
"2.1WS:krb5-devel-0:1.2.2-48.ia64",
"2.1WS:krb5-libs-0:1.2.2-48.i386",
"2.1WS:krb5-libs-0:1.2.2-48.ia64",
"2.1WS:krb5-server-0:1.2.2-48.i386",
"2.1WS:krb5-server-0:1.2.2-48.ia64",
"2.1WS:krb5-workstation-0:1.2.2-48.i386",
"2.1WS:krb5-workstation-0:1.2.2-48.ia64",
"3AS:krb5-0:1.2.7-68.src",
"3AS:krb5-debuginfo-0:1.2.7-68.i386",
"3AS:krb5-debuginfo-0:1.2.7-68.ia64",
"3AS:krb5-debuginfo-0:1.2.7-68.ppc",
"3AS:krb5-debuginfo-0:1.2.7-68.ppc64",
"3AS:krb5-debuginfo-0:1.2.7-68.s390",
"3AS:krb5-debuginfo-0:1.2.7-68.s390x",
"3AS:krb5-debuginfo-0:1.2.7-68.x86_64",
"3AS:krb5-devel-0:1.2.7-68.i386",
"3AS:krb5-devel-0:1.2.7-68.ia64",
"3AS:krb5-devel-0:1.2.7-68.ppc",
"3AS:krb5-devel-0:1.2.7-68.s390",
"3AS:krb5-devel-0:1.2.7-68.s390x",
"3AS:krb5-devel-0:1.2.7-68.x86_64",
"3AS:krb5-libs-0:1.2.7-68.i386",
"3AS:krb5-libs-0:1.2.7-68.ia64",
"3AS:krb5-libs-0:1.2.7-68.ppc",
"3AS:krb5-libs-0:1.2.7-68.ppc64",
"3AS:krb5-libs-0:1.2.7-68.s390",
"3AS:krb5-libs-0:1.2.7-68.s390x",
"3AS:krb5-libs-0:1.2.7-68.x86_64",
"3AS:krb5-server-0:1.2.7-68.i386",
"3AS:krb5-server-0:1.2.7-68.ia64",
"3AS:krb5-server-0:1.2.7-68.ppc",
"3AS:krb5-server-0:1.2.7-68.s390",
"3AS:krb5-server-0:1.2.7-68.s390x",
"3AS:krb5-server-0:1.2.7-68.x86_64",
"3AS:krb5-workstation-0:1.2.7-68.i386",
"3AS:krb5-workstation-0:1.2.7-68.ia64",
"3AS:krb5-workstation-0:1.2.7-68.ppc",
"3AS:krb5-workstation-0:1.2.7-68.s390",
"3AS:krb5-workstation-0:1.2.7-68.s390x",
"3AS:krb5-workstation-0:1.2.7-68.x86_64",
"3Desktop:krb5-0:1.2.7-68.src",
"3Desktop:krb5-debuginfo-0:1.2.7-68.i386",
"3Desktop:krb5-debuginfo-0:1.2.7-68.ia64",
"3Desktop:krb5-debuginfo-0:1.2.7-68.ppc",
"3Desktop:krb5-debuginfo-0:1.2.7-68.ppc64",
"3Desktop:krb5-debuginfo-0:1.2.7-68.s390",
"3Desktop:krb5-debuginfo-0:1.2.7-68.s390x",
"3Desktop:krb5-debuginfo-0:1.2.7-68.x86_64",
"3Desktop:krb5-devel-0:1.2.7-68.i386",
"3Desktop:krb5-devel-0:1.2.7-68.ia64",
"3Desktop:krb5-devel-0:1.2.7-68.ppc",
"3Desktop:krb5-devel-0:1.2.7-68.s390",
"3Desktop:krb5-devel-0:1.2.7-68.s390x",
"3Desktop:krb5-devel-0:1.2.7-68.x86_64",
"3Desktop:krb5-libs-0:1.2.7-68.i386",
"3Desktop:krb5-libs-0:1.2.7-68.ia64",
"3Desktop:krb5-libs-0:1.2.7-68.ppc",
"3Desktop:krb5-libs-0:1.2.7-68.ppc64",
"3Desktop:krb5-libs-0:1.2.7-68.s390",
"3Desktop:krb5-libs-0:1.2.7-68.s390x",
"3Desktop:krb5-libs-0:1.2.7-68.x86_64",
"3Desktop:krb5-server-0:1.2.7-68.i386",
"3Desktop:krb5-server-0:1.2.7-68.ia64",
"3Desktop:krb5-server-0:1.2.7-68.ppc",
"3Desktop:krb5-server-0:1.2.7-68.s390",
"3Desktop:krb5-server-0:1.2.7-68.s390x",
"3Desktop:krb5-server-0:1.2.7-68.x86_64",
"3Desktop:krb5-workstation-0:1.2.7-68.i386",
"3Desktop:krb5-workstation-0:1.2.7-68.ia64",
"3Desktop:krb5-workstation-0:1.2.7-68.ppc",
"3Desktop:krb5-workstation-0:1.2.7-68.s390",
"3Desktop:krb5-workstation-0:1.2.7-68.s390x",
"3Desktop:krb5-workstation-0:1.2.7-68.x86_64",
"3ES:krb5-0:1.2.7-68.src",
"3ES:krb5-debuginfo-0:1.2.7-68.i386",
"3ES:krb5-debuginfo-0:1.2.7-68.ia64",
"3ES:krb5-debuginfo-0:1.2.7-68.ppc",
"3ES:krb5-debuginfo-0:1.2.7-68.ppc64",
"3ES:krb5-debuginfo-0:1.2.7-68.s390",
"3ES:krb5-debuginfo-0:1.2.7-68.s390x",
"3ES:krb5-debuginfo-0:1.2.7-68.x86_64",
"3ES:krb5-devel-0:1.2.7-68.i386",
"3ES:krb5-devel-0:1.2.7-68.ia64",
"3ES:krb5-devel-0:1.2.7-68.ppc",
"3ES:krb5-devel-0:1.2.7-68.s390",
"3ES:krb5-devel-0:1.2.7-68.s390x",
"3ES:krb5-devel-0:1.2.7-68.x86_64",
"3ES:krb5-libs-0:1.2.7-68.i386",
"3ES:krb5-libs-0:1.2.7-68.ia64",
"3ES:krb5-libs-0:1.2.7-68.ppc",
"3ES:krb5-libs-0:1.2.7-68.ppc64",
"3ES:krb5-libs-0:1.2.7-68.s390",
"3ES:krb5-libs-0:1.2.7-68.s390x",
"3ES:krb5-libs-0:1.2.7-68.x86_64",
"3ES:krb5-server-0:1.2.7-68.i386",
"3ES:krb5-server-0:1.2.7-68.ia64",
"3ES:krb5-server-0:1.2.7-68.ppc",
"3ES:krb5-server-0:1.2.7-68.s390",
"3ES:krb5-server-0:1.2.7-68.s390x",
"3ES:krb5-server-0:1.2.7-68.x86_64",
"3ES:krb5-workstation-0:1.2.7-68.i386",
"3ES:krb5-workstation-0:1.2.7-68.ia64",
"3ES:krb5-workstation-0:1.2.7-68.ppc",
"3ES:krb5-workstation-0:1.2.7-68.s390",
"3ES:krb5-workstation-0:1.2.7-68.s390x",
"3ES:krb5-workstation-0:1.2.7-68.x86_64",
"3WS:krb5-0:1.2.7-68.src",
"3WS:krb5-debuginfo-0:1.2.7-68.i386",
"3WS:krb5-debuginfo-0:1.2.7-68.ia64",
"3WS:krb5-debuginfo-0:1.2.7-68.ppc",
"3WS:krb5-debuginfo-0:1.2.7-68.ppc64",
"3WS:krb5-debuginfo-0:1.2.7-68.s390",
"3WS:krb5-debuginfo-0:1.2.7-68.s390x",
"3WS:krb5-debuginfo-0:1.2.7-68.x86_64",
"3WS:krb5-devel-0:1.2.7-68.i386",
"3WS:krb5-devel-0:1.2.7-68.ia64",
"3WS:krb5-devel-0:1.2.7-68.ppc",
"3WS:krb5-devel-0:1.2.7-68.s390",
"3WS:krb5-devel-0:1.2.7-68.s390x",
"3WS:krb5-devel-0:1.2.7-68.x86_64",
"3WS:krb5-libs-0:1.2.7-68.i386",
"3WS:krb5-libs-0:1.2.7-68.ia64",
"3WS:krb5-libs-0:1.2.7-68.ppc",
"3WS:krb5-libs-0:1.2.7-68.ppc64",
"3WS:krb5-libs-0:1.2.7-68.s390",
"3WS:krb5-libs-0:1.2.7-68.s390x",
"3WS:krb5-libs-0:1.2.7-68.x86_64",
"3WS:krb5-server-0:1.2.7-68.i386",
"3WS:krb5-server-0:1.2.7-68.ia64",
"3WS:krb5-server-0:1.2.7-68.ppc",
"3WS:krb5-server-0:1.2.7-68.s390",
"3WS:krb5-server-0:1.2.7-68.s390x",
"3WS:krb5-server-0:1.2.7-68.x86_64",
"3WS:krb5-workstation-0:1.2.7-68.i386",
"3WS:krb5-workstation-0:1.2.7-68.ia64",
"3WS:krb5-workstation-0:1.2.7-68.ppc",
"3WS:krb5-workstation-0:1.2.7-68.s390",
"3WS:krb5-workstation-0:1.2.7-68.s390x",
"3WS:krb5-workstation-0:1.2.7-68.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0181"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "krb5: incorrect handling of high-numbered file descriptors in RPC library"
}
]
}
RHSA-2008:0164
Vulnerability from csaf_redhat - Published: 2008-03-18 19:26 - Updated: 2025-11-21 17:33Summary
Red Hat Security Advisory: krb5 security and bugfix update
Severity
Critical
Notes
Topic: Updated krb5 packages that resolve several issues and fix multiple bugs are
now available for Red Hat Enterprise Linux 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details: Kerberos is a network authentication system which allows clients and
servers to authenticate to each other through use of symmetric encryption
and a trusted third party, the KDC.
A flaw was found in the way the MIT Kerberos Authentication Service and Key
Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets.
An unauthenticated remote attacker could use this flaw to crash the
krb5kdc daemon, disclose portions of its memory, or possibly execute
arbitrary code using malformed or truncated Kerberos v4 protocol requests.
(CVE-2008-0062, CVE-2008-0063)
This issue only affected krb5kdc with Kerberos v4 protocol compatibility
enabled, which is the default setting on Red Hat Enterprise Linux 4.
Kerberos v4 protocol support can be disabled by adding "v4_mode=none"
(without the quotes) to the "[kdcdefaults]" section of
/var/kerberos/krb5kdc/kdc.conf.
Jeff Altman of Secure Endpoints discovered a flaw in the RPC library as
used by MIT Kerberos kadmind server. An unauthenticated remote attacker
could use this flaw to crash kadmind or possibly execute arbitrary code.
This issue only affected systems with certain resource limits configured
and did not affect systems using default resource limits used by Red Hat
Enterprise Linux 5. (CVE-2008-0947)
Red Hat would like to thank MIT for reporting these issues.
Multiple memory management flaws were discovered in the GSSAPI library used
by MIT Kerberos. These flaws could possibly result in use of already freed
memory or an attempt to free already freed memory blocks (double-free
flaw), possibly causing a crash or arbitrary code execution.
(CVE-2007-5901, CVE-2007-5971)
In addition to the security issues resolved above, the following bugs were
also fixed:
* delegated krb5 credentials were not properly stored when SPNEGO was the
underlying mechanism during GSSAPI authentication. Consequently,
applications attempting to copy delegated Kerberos 5 credentials into a
credential cache received an "Invalid credential was supplied" message
rather than a copy of the delegated credentials. With this update, SPNEGO
credentials can be properly searched, allowing applications to copy
delegated credentials as expected.
* applications can initiate context acceptance (via gss_accept_sec_context)
without passing a ret_flags value that would indicate that credentials were
delegated. A delegated credential handle should have been returned in such
instances. This updated package adds a temp_ret_flag that stores the
credential status in the event no other ret_flags value is passed by an
application calling gss_accept_sec_context.
* kpasswd did not fallback to TCP on receipt of certain errors, or when a
packet was too big for UDP. This update corrects this.
* when the libkrb5 password-routine generated a set-password or
change-password request, incorrect sequence numbers were generated for all
requests subsequent to the first request. This caused password change
requests to fail if the primary server was unavailable. This updated
package corrects this by saving the sequence number value after the AP-REQ
data is built and restoring this value before the request is generated.
* when a user's password expired, kinit would not prompt that user to
change the password, instead simply informing the user their password had
expired. This update corrects this behavior: kinit now prompts for a new
password to be set when a password has expired.
All krb5 users are advised to upgrade to these updated packages, which
contain backported fixes to address these vulnerabilities and fix these
bugs.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.
CWE-416 - Use After Free
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
https://access.redhat.com/errata/RHSA-2008:0164
Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
https://access.redhat.com/errata/RHSA-2008:0164
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
https://access.redhat.com/errata/RHSA-2008:0164
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
https://access.redhat.com/errata/RHSA-2008:0164
Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
https://access.redhat.com/errata/RHSA-2008:0164
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
MIT
Secure Endpoints
Jeff Altman
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated krb5 packages that resolve several issues and fix multiple bugs are\nnow available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Kerberos is a network authentication system which allows clients and\nservers to authenticate to each other through use of symmetric encryption\nand a trusted third party, the KDC.\n\nA flaw was found in the way the MIT Kerberos Authentication Service and Key\nDistribution Center server (krb5kdc) handled Kerberos v4 protocol packets.\nAn unauthenticated remote attacker could use this flaw to crash the\nkrb5kdc daemon, disclose portions of its memory, or possibly execute\narbitrary code using malformed or truncated Kerberos v4 protocol requests.\n(CVE-2008-0062, CVE-2008-0063)\n\nThis issue only affected krb5kdc with Kerberos v4 protocol compatibility\nenabled, which is the default setting on Red Hat Enterprise Linux 4.\nKerberos v4 protocol support can be disabled by adding \"v4_mode=none\"\n(without the quotes) to the \"[kdcdefaults]\" section of\n/var/kerberos/krb5kdc/kdc.conf.\n\nJeff Altman of Secure Endpoints discovered a flaw in the RPC library as\nused by MIT Kerberos kadmind server. An unauthenticated remote attacker\ncould use this flaw to crash kadmind or possibly execute arbitrary code.\nThis issue only affected systems with certain resource limits configured\nand did not affect systems using default resource limits used by Red Hat\nEnterprise Linux 5. (CVE-2008-0947)\n\nRed Hat would like to thank MIT for reporting these issues.\n\nMultiple memory management flaws were discovered in the GSSAPI library used\nby MIT Kerberos. These flaws could possibly result in use of already freed\nmemory or an attempt to free already freed memory blocks (double-free\nflaw), possibly causing a crash or arbitrary code execution.\n(CVE-2007-5901, CVE-2007-5971)\n\nIn addition to the security issues resolved above, the following bugs were\nalso fixed:\n\n* delegated krb5 credentials were not properly stored when SPNEGO was the\nunderlying mechanism during GSSAPI authentication. Consequently,\napplications attempting to copy delegated Kerberos 5 credentials into a\ncredential cache received an \"Invalid credential was supplied\" message\nrather than a copy of the delegated credentials. With this update, SPNEGO\ncredentials can be properly searched, allowing applications to copy\ndelegated credentials as expected.\n\n* applications can initiate context acceptance (via gss_accept_sec_context)\nwithout passing a ret_flags value that would indicate that credentials were\ndelegated. A delegated credential handle should have been returned in such\ninstances. This updated package adds a temp_ret_flag that stores the\ncredential status in the event no other ret_flags value is passed by an\napplication calling gss_accept_sec_context.\n\n* kpasswd did not fallback to TCP on receipt of certain errors, or when a\npacket was too big for UDP. This update corrects this.\n\n* when the libkrb5 password-routine generated a set-password or\nchange-password request, incorrect sequence numbers were generated for all\nrequests subsequent to the first request. This caused password change\nrequests to fail if the primary server was unavailable. This updated\npackage corrects this by saving the sequence number value after the AP-REQ\ndata is built and restoring this value before the request is generated.\n\n* when a user\u0027s password expired, kinit would not prompt that user to\nchange the password, instead simply informing the user their password had\nexpired. This update corrects this behavior: kinit now prompts for a new\npassword to be set when a password has expired.\n\nAll krb5 users are advised to upgrade to these updated packages, which\ncontain backported fixes to address these vulnerabilities and fix these\nbugs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0164",
"url": "https://access.redhat.com/errata/RHSA-2008:0164"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "415321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=415321"
},
{
"category": "external",
"summary": "415351",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=415351"
},
{
"category": "external",
"summary": "432620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432620"
},
{
"category": "external",
"summary": "432621",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432621"
},
{
"category": "external",
"summary": "433596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=433596"
},
{
"category": "external",
"summary": "436460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=436460"
},
{
"category": "external",
"summary": "436465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=436465"
},
{
"category": "external",
"summary": "436467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=436467"
},
{
"category": "external",
"summary": "436468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=436468"
},
{
"category": "external",
"summary": "436470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=436470"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0164.json"
}
],
"title": "Red Hat Security Advisory: krb5 security and bugfix update",
"tracking": {
"current_release_date": "2025-11-21T17:33:00+00:00",
"generator": {
"date": "2025-11-21T17:33:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2008:0164",
"initial_release_date": "2008-03-18T19:26:00+00:00",
"revision_history": [
{
"date": "2008-03-18T19:26:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-03-18T15:26:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:33:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-0:1.6.1-17.el5_1.1.src",
"product": {
"name": "krb5-0:1.6.1-17.el5_1.1.src",
"product_id": "krb5-0:1.6.1-17.el5_1.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5@1.6.1-17.el5_1.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"product": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"product_id": "krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.6.1-17.el5_1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"product": {
"name": "krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"product_id": "krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.6.1-17.el5_1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"product": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"product_id": "krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.6.1-17.el5_1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"product": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"product_id": "krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.6.1-17.el5_1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"product": {
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"product_id": "krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.6.1-17.el5_1.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"product": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"product_id": "krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.6.1-17.el5_1.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "krb5-devel-0:1.6.1-17.el5_1.1.i386",
"product": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.i386",
"product_id": "krb5-devel-0:1.6.1-17.el5_1.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.6.1-17.el5_1.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "krb5-server-0:1.6.1-17.el5_1.1.i386",
"product": {
"name": "krb5-server-0:1.6.1-17.el5_1.1.i386",
"product_id": "krb5-server-0:1.6.1-17.el5_1.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.6.1-17.el5_1.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "krb5-libs-0:1.6.1-17.el5_1.1.i386",
"product": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.i386",
"product_id": "krb5-libs-0:1.6.1-17.el5_1.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.6.1-17.el5_1.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"product": {
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"product_id": "krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.6.1-17.el5_1.1?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"product": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"product_id": "krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.6.1-17.el5_1.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"product": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"product_id": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.6.1-17.el5_1.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "krb5-server-0:1.6.1-17.el5_1.1.ia64",
"product": {
"name": "krb5-server-0:1.6.1-17.el5_1.1.ia64",
"product_id": "krb5-server-0:1.6.1-17.el5_1.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.6.1-17.el5_1.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"product": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"product_id": "krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.6.1-17.el5_1.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"product": {
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"product_id": "krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.6.1-17.el5_1.1?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"product": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"product_id": "krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.6.1-17.el5_1.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"product": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"product_id": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.6.1-17.el5_1.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"product": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"product_id": "krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.6.1-17.el5_1.1?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"product": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"product_id": "krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.6.1-17.el5_1.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"product": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"product_id": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.6.1-17.el5_1.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "krb5-server-0:1.6.1-17.el5_1.1.ppc",
"product": {
"name": "krb5-server-0:1.6.1-17.el5_1.1.ppc",
"product_id": "krb5-server-0:1.6.1-17.el5_1.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.6.1-17.el5_1.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"product": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"product_id": "krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.6.1-17.el5_1.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"product": {
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"product_id": "krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.6.1-17.el5_1.1?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"product": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"product_id": "krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.6.1-17.el5_1.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"product": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"product_id": "krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.6.1-17.el5_1.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "krb5-server-0:1.6.1-17.el5_1.1.s390x",
"product": {
"name": "krb5-server-0:1.6.1-17.el5_1.1.s390x",
"product_id": "krb5-server-0:1.6.1-17.el5_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.6.1-17.el5_1.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"product": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"product_id": "krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.6.1-17.el5_1.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"product": {
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"product_id": "krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.6.1-17.el5_1.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-libs-0:1.6.1-17.el5_1.1.s390",
"product": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.s390",
"product_id": "krb5-libs-0:1.6.1-17.el5_1.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.6.1-17.el5_1.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"product": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"product_id": "krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.6.1-17.el5_1.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "krb5-devel-0:1.6.1-17.el5_1.1.s390",
"product": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.s390",
"product_id": "krb5-devel-0:1.6.1-17.el5_1.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.6.1-17.el5_1.1?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-0:1.6.1-17.el5_1.1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-0:1.6.1-17.el5_1.1.src"
},
"product_reference": "krb5-0:1.6.1-17.el5_1.1.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386"
},
"product_reference": "krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64"
},
"product_reference": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc"
},
"product_reference": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64"
},
"product_reference": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390"
},
"product_reference": "krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x"
},
"product_reference": "krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64"
},
"product_reference": "krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.i386"
},
"product_reference": "krb5-devel-0:1.6.1-17.el5_1.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ia64"
},
"product_reference": "krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ppc"
},
"product_reference": "krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ppc64"
},
"product_reference": "krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.s390"
},
"product_reference": "krb5-devel-0:1.6.1-17.el5_1.1.s390",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.s390x"
},
"product_reference": "krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.x86_64"
},
"product_reference": "krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.i386"
},
"product_reference": "krb5-libs-0:1.6.1-17.el5_1.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ia64"
},
"product_reference": "krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ppc"
},
"product_reference": "krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ppc64"
},
"product_reference": "krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.s390"
},
"product_reference": "krb5-libs-0:1.6.1-17.el5_1.1.s390",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.s390x"
},
"product_reference": "krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.x86_64"
},
"product_reference": "krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.6.1-17.el5_1.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.i386"
},
"product_reference": "krb5-server-0:1.6.1-17.el5_1.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.6.1-17.el5_1.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.ia64"
},
"product_reference": "krb5-server-0:1.6.1-17.el5_1.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.6.1-17.el5_1.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.ppc"
},
"product_reference": "krb5-server-0:1.6.1-17.el5_1.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.6.1-17.el5_1.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.s390x"
},
"product_reference": "krb5-server-0:1.6.1-17.el5_1.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.6.1-17.el5_1.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.x86_64"
},
"product_reference": "krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.i386"
},
"product_reference": "krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.ia64"
},
"product_reference": "krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.ppc"
},
"product_reference": "krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.s390x"
},
"product_reference": "krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64"
},
"product_reference": "krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-0:1.6.1-17.el5_1.1.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-0:1.6.1-17.el5_1.1.src"
},
"product_reference": "krb5-0:1.6.1-17.el5_1.1.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386"
},
"product_reference": "krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64"
},
"product_reference": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc"
},
"product_reference": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64"
},
"product_reference": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390"
},
"product_reference": "krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x"
},
"product_reference": "krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64"
},
"product_reference": "krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-devel-0:1.6.1-17.el5_1.1.i386"
},
"product_reference": "krb5-devel-0:1.6.1-17.el5_1.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-devel-0:1.6.1-17.el5_1.1.ia64"
},
"product_reference": "krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-devel-0:1.6.1-17.el5_1.1.ppc"
},
"product_reference": "krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-devel-0:1.6.1-17.el5_1.1.ppc64"
},
"product_reference": "krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-devel-0:1.6.1-17.el5_1.1.s390"
},
"product_reference": "krb5-devel-0:1.6.1-17.el5_1.1.s390",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-devel-0:1.6.1-17.el5_1.1.s390x"
},
"product_reference": "krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-devel-0:1.6.1-17.el5_1.1.x86_64"
},
"product_reference": "krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-libs-0:1.6.1-17.el5_1.1.i386"
},
"product_reference": "krb5-libs-0:1.6.1-17.el5_1.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-libs-0:1.6.1-17.el5_1.1.ia64"
},
"product_reference": "krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-libs-0:1.6.1-17.el5_1.1.ppc"
},
"product_reference": "krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-libs-0:1.6.1-17.el5_1.1.ppc64"
},
"product_reference": "krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-libs-0:1.6.1-17.el5_1.1.s390"
},
"product_reference": "krb5-libs-0:1.6.1-17.el5_1.1.s390",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-libs-0:1.6.1-17.el5_1.1.s390x"
},
"product_reference": "krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-libs-0:1.6.1-17.el5_1.1.x86_64"
},
"product_reference": "krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.6.1-17.el5_1.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-server-0:1.6.1-17.el5_1.1.i386"
},
"product_reference": "krb5-server-0:1.6.1-17.el5_1.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.6.1-17.el5_1.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-server-0:1.6.1-17.el5_1.1.ia64"
},
"product_reference": "krb5-server-0:1.6.1-17.el5_1.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.6.1-17.el5_1.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-server-0:1.6.1-17.el5_1.1.ppc"
},
"product_reference": "krb5-server-0:1.6.1-17.el5_1.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.6.1-17.el5_1.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-server-0:1.6.1-17.el5_1.1.s390x"
},
"product_reference": "krb5-server-0:1.6.1-17.el5_1.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.6.1-17.el5_1.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-server-0:1.6.1-17.el5_1.1.x86_64"
},
"product_reference": "krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-workstation-0:1.6.1-17.el5_1.1.i386"
},
"product_reference": "krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-workstation-0:1.6.1-17.el5_1.1.ia64"
},
"product_reference": "krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-workstation-0:1.6.1-17.el5_1.1.ppc"
},
"product_reference": "krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-workstation-0:1.6.1-17.el5_1.1.s390x"
},
"product_reference": "krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64"
},
"product_reference": "krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-0:1.6.1-17.el5_1.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-0:1.6.1-17.el5_1.1.src"
},
"product_reference": "krb5-0:1.6.1-17.el5_1.1.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386"
},
"product_reference": "krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64"
},
"product_reference": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc"
},
"product_reference": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64"
},
"product_reference": "krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390"
},
"product_reference": "krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x"
},
"product_reference": "krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64"
},
"product_reference": "krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-devel-0:1.6.1-17.el5_1.1.i386"
},
"product_reference": "krb5-devel-0:1.6.1-17.el5_1.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-devel-0:1.6.1-17.el5_1.1.ia64"
},
"product_reference": "krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-devel-0:1.6.1-17.el5_1.1.ppc"
},
"product_reference": "krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-devel-0:1.6.1-17.el5_1.1.ppc64"
},
"product_reference": "krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-devel-0:1.6.1-17.el5_1.1.s390"
},
"product_reference": "krb5-devel-0:1.6.1-17.el5_1.1.s390",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-devel-0:1.6.1-17.el5_1.1.s390x"
},
"product_reference": "krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.6.1-17.el5_1.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-devel-0:1.6.1-17.el5_1.1.x86_64"
},
"product_reference": "krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-libs-0:1.6.1-17.el5_1.1.i386"
},
"product_reference": "krb5-libs-0:1.6.1-17.el5_1.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-libs-0:1.6.1-17.el5_1.1.ia64"
},
"product_reference": "krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-libs-0:1.6.1-17.el5_1.1.ppc"
},
"product_reference": "krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-libs-0:1.6.1-17.el5_1.1.ppc64"
},
"product_reference": "krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.s390 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-libs-0:1.6.1-17.el5_1.1.s390"
},
"product_reference": "krb5-libs-0:1.6.1-17.el5_1.1.s390",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-libs-0:1.6.1-17.el5_1.1.s390x"
},
"product_reference": "krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.6.1-17.el5_1.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-libs-0:1.6.1-17.el5_1.1.x86_64"
},
"product_reference": "krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.6.1-17.el5_1.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-server-0:1.6.1-17.el5_1.1.i386"
},
"product_reference": "krb5-server-0:1.6.1-17.el5_1.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.6.1-17.el5_1.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-server-0:1.6.1-17.el5_1.1.ia64"
},
"product_reference": "krb5-server-0:1.6.1-17.el5_1.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.6.1-17.el5_1.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-server-0:1.6.1-17.el5_1.1.ppc"
},
"product_reference": "krb5-server-0:1.6.1-17.el5_1.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.6.1-17.el5_1.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-server-0:1.6.1-17.el5_1.1.s390x"
},
"product_reference": "krb5-server-0:1.6.1-17.el5_1.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.6.1-17.el5_1.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-server-0:1.6.1-17.el5_1.1.x86_64"
},
"product_reference": "krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-workstation-0:1.6.1-17.el5_1.1.i386"
},
"product_reference": "krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-workstation-0:1.6.1-17.el5_1.1.ia64"
},
"product_reference": "krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-workstation-0:1.6.1-17.el5_1.1.ppc"
},
"product_reference": "krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-workstation-0:1.6.1-17.el5_1.1.s390x"
},
"product_reference": "krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.6.1-17.el5_1.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64"
},
"product_reference": "krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2007-5901",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2007-11-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "415321"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: use-after-free in gssapi lib",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5901\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:krb5-0:1.6.1-17.el5_1.1.src",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-0:1.6.1-17.el5_1.1.src",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-0:1.6.1-17.el5_1.1.src",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5901"
},
{
"category": "external",
"summary": "RHBZ#415321",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=415321"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5901",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5901"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5901",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5901"
}
],
"release_date": "2007-11-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-03-18T19:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Workstation:krb5-0:1.6.1-17.el5_1.1.src",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-0:1.6.1-17.el5_1.1.src",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-0:1.6.1-17.el5_1.1.src",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0164"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "krb5: use-after-free in gssapi lib"
},
{
"cve": "CVE-2007-5971",
"discovery_date": "2007-11-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "415351"
}
],
"notes": [
{
"category": "description",
"text": "Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: double free in gssapi lib",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5971\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. See https://marc.info/?m=119743235325151",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:krb5-0:1.6.1-17.el5_1.1.src",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-0:1.6.1-17.el5_1.1.src",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-0:1.6.1-17.el5_1.1.src",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5971"
},
{
"category": "external",
"summary": "RHBZ#415351",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=415351"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5971",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5971"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5971",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5971"
}
],
"release_date": "2007-11-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-03-18T19:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Workstation:krb5-0:1.6.1-17.el5_1.1.src",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-0:1.6.1-17.el5_1.1.src",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-0:1.6.1-17.el5_1.1.src",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0164"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "krb5: double free in gssapi lib"
},
{
"acknowledgments": [
{
"names": [
"MIT"
]
}
],
"cve": "CVE-2008-0062",
"discovery_date": "2008-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "432620"
}
],
"notes": [
{
"category": "description",
"text": "KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: uninitialized pointer use in krb5kdc",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:krb5-0:1.6.1-17.el5_1.1.src",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-0:1.6.1-17.el5_1.1.src",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-0:1.6.1-17.el5_1.1.src",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0062"
},
{
"category": "external",
"summary": "RHBZ#432620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432620"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0062",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0062"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0062",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0062"
}
],
"release_date": "2008-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-03-18T19:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Workstation:krb5-0:1.6.1-17.el5_1.1.src",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-0:1.6.1-17.el5_1.1.src",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-0:1.6.1-17.el5_1.1.src",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0164"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "krb5: uninitialized pointer use in krb5kdc"
},
{
"acknowledgments": [
{
"names": [
"MIT"
]
}
],
"cve": "CVE-2008-0063",
"discovery_date": "2008-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "432621"
}
],
"notes": [
{
"category": "description",
"text": "The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka \"Uninitialized stack values.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: possible leak of sensitive data from krb5kdc using krb4 request",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:krb5-0:1.6.1-17.el5_1.1.src",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-0:1.6.1-17.el5_1.1.src",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-0:1.6.1-17.el5_1.1.src",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0063"
},
{
"category": "external",
"summary": "RHBZ#432621",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432621"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0063",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0063"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0063",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0063"
}
],
"release_date": "2008-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-03-18T19:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Workstation:krb5-0:1.6.1-17.el5_1.1.src",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-0:1.6.1-17.el5_1.1.src",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-0:1.6.1-17.el5_1.1.src",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0164"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "krb5: possible leak of sensitive data from krb5kdc using krb4 request"
},
{
"acknowledgments": [
{
"names": [
"MIT"
]
},
{
"names": [
"Jeff Altman"
],
"organization": "Secure Endpoints"
}
],
"cve": "CVE-2008-0947",
"discovery_date": "2008-02-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "433596"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: file descriptor array overflow in RPC library",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:krb5-0:1.6.1-17.el5_1.1.src",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-0:1.6.1-17.el5_1.1.src",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-0:1.6.1-17.el5_1.1.src",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0947"
},
{
"category": "external",
"summary": "RHBZ#433596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=433596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0947",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0947"
}
],
"release_date": "2008-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-03-18T19:26:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Workstation:krb5-0:1.6.1-17.el5_1.1.src",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Client-Workstation:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-0:1.6.1-17.el5_1.1.src",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Client:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-0:1.6.1-17.el5_1.1.src",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-debuginfo-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-devel-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.ppc64",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.s390",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-libs-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-server-0:1.6.1-17.el5_1.1.x86_64",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.i386",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.ia64",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.ppc",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.s390x",
"5Server:krb5-workstation-0:1.6.1-17.el5_1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0164"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "krb5: file descriptor array overflow in RPC library"
}
]
}
RHSA-2008:0182
Vulnerability from csaf_redhat - Published: 2008-03-18 19:22 - Updated: 2025-11-21 17:33Summary
Red Hat Security Advisory: krb5 security update
Severity
Critical
Notes
Topic: Updated krb5 packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 4.5 Extended Update Support.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details: Kerberos is a network authentication system which allows clients and
servers to authenticate to each other through use of symmetric encryption
and a trusted third party, the KDC.
A flaw was found in the way the MIT Kerberos Authentication Service and Key
Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets.
An unauthenticated remote attacker could use this flaw to crash the
krb5kdc daemon, disclose portions of its memory, or possibly execute
arbitrary code using malformed or truncated Kerberos v4 protocol
requests. (CVE-2008-0062, CVE-2008-0063)
This issue only affected krb5kdc with Kerberos v4 protocol compatibility
enabled, which is the default setting on Red Hat Enterprise Linux 4.
Kerberos v4 protocol support can be disabled by adding "v4_mode=none"
(without the quotes) to the "[kdcdefaults]" section of
/var/kerberos/krb5kdc/kdc.conf.
Red Hat would like to thank MIT for reporting these issues.
All krb5 users are advised to update to these erratum packages which
contain backported fixes to correct these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
https://access.redhat.com/errata/RHSA-2008:0182
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
https://access.redhat.com/errata/RHSA-2008:0182
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Acknowledgments
MIT
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated krb5 packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 4.5 Extended Update Support.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Kerberos is a network authentication system which allows clients and\nservers to authenticate to each other through use of symmetric encryption\nand a trusted third party, the KDC.\n\nA flaw was found in the way the MIT Kerberos Authentication Service and Key\nDistribution Center server (krb5kdc) handled Kerberos v4 protocol packets.\nAn unauthenticated remote attacker could use this flaw to crash the\nkrb5kdc daemon, disclose portions of its memory, or possibly execute\narbitrary code using malformed or truncated Kerberos v4 protocol\nrequests. (CVE-2008-0062, CVE-2008-0063)\n\nThis issue only affected krb5kdc with Kerberos v4 protocol compatibility\nenabled, which is the default setting on Red Hat Enterprise Linux 4.\nKerberos v4 protocol support can be disabled by adding \"v4_mode=none\"\n(without the quotes) to the \"[kdcdefaults]\" section of\n/var/kerberos/krb5kdc/kdc.conf.\n\nRed Hat would like to thank MIT for reporting these issues.\n\nAll krb5 users are advised to update to these erratum packages which\ncontain backported fixes to correct these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0182",
"url": "https://access.redhat.com/errata/RHSA-2008:0182"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "432620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432620"
},
{
"category": "external",
"summary": "432621",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432621"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0182.json"
}
],
"title": "Red Hat Security Advisory: krb5 security update",
"tracking": {
"current_release_date": "2025-11-21T17:33:03+00:00",
"generator": {
"date": "2025-11-21T17:33:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2008:0182",
"initial_release_date": "2008-03-18T19:22:00+00:00",
"revision_history": [
{
"date": "2008-03-18T19:22:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-03-18T15:22:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:33:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product": {
"name": "Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:4.5::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product": {
"name": "Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:4.5::es"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-devel-0:1.3.4-49.el4_5.1.ia64",
"product": {
"name": "krb5-devel-0:1.3.4-49.el4_5.1.ia64",
"product_id": "krb5-devel-0:1.3.4-49.el4_5.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.3.4-49.el4_5.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "krb5-workstation-0:1.3.4-49.el4_5.1.ia64",
"product": {
"name": "krb5-workstation-0:1.3.4-49.el4_5.1.ia64",
"product_id": "krb5-workstation-0:1.3.4-49.el4_5.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.3.4-49.el4_5.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.ia64",
"product": {
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.ia64",
"product_id": "krb5-debuginfo-0:1.3.4-49.el4_5.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.3.4-49.el4_5.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "krb5-libs-0:1.3.4-49.el4_5.1.ia64",
"product": {
"name": "krb5-libs-0:1.3.4-49.el4_5.1.ia64",
"product_id": "krb5-libs-0:1.3.4-49.el4_5.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.3.4-49.el4_5.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "krb5-server-0:1.3.4-49.el4_5.1.ia64",
"product": {
"name": "krb5-server-0:1.3.4-49.el4_5.1.ia64",
"product_id": "krb5-server-0:1.3.4-49.el4_5.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.3.4-49.el4_5.1?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.i386",
"product": {
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.i386",
"product_id": "krb5-debuginfo-0:1.3.4-49.el4_5.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.3.4-49.el4_5.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "krb5-libs-0:1.3.4-49.el4_5.1.i386",
"product": {
"name": "krb5-libs-0:1.3.4-49.el4_5.1.i386",
"product_id": "krb5-libs-0:1.3.4-49.el4_5.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.3.4-49.el4_5.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "krb5-devel-0:1.3.4-49.el4_5.1.i386",
"product": {
"name": "krb5-devel-0:1.3.4-49.el4_5.1.i386",
"product_id": "krb5-devel-0:1.3.4-49.el4_5.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.3.4-49.el4_5.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "krb5-workstation-0:1.3.4-49.el4_5.1.i386",
"product": {
"name": "krb5-workstation-0:1.3.4-49.el4_5.1.i386",
"product_id": "krb5-workstation-0:1.3.4-49.el4_5.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.3.4-49.el4_5.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "krb5-server-0:1.3.4-49.el4_5.1.i386",
"product": {
"name": "krb5-server-0:1.3.4-49.el4_5.1.i386",
"product_id": "krb5-server-0:1.3.4-49.el4_5.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.3.4-49.el4_5.1?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-devel-0:1.3.4-49.el4_5.1.x86_64",
"product": {
"name": "krb5-devel-0:1.3.4-49.el4_5.1.x86_64",
"product_id": "krb5-devel-0:1.3.4-49.el4_5.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.3.4-49.el4_5.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "krb5-workstation-0:1.3.4-49.el4_5.1.x86_64",
"product": {
"name": "krb5-workstation-0:1.3.4-49.el4_5.1.x86_64",
"product_id": "krb5-workstation-0:1.3.4-49.el4_5.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.3.4-49.el4_5.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.x86_64",
"product": {
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.x86_64",
"product_id": "krb5-debuginfo-0:1.3.4-49.el4_5.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.3.4-49.el4_5.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "krb5-libs-0:1.3.4-49.el4_5.1.x86_64",
"product": {
"name": "krb5-libs-0:1.3.4-49.el4_5.1.x86_64",
"product_id": "krb5-libs-0:1.3.4-49.el4_5.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.3.4-49.el4_5.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "krb5-server-0:1.3.4-49.el4_5.1.x86_64",
"product": {
"name": "krb5-server-0:1.3.4-49.el4_5.1.x86_64",
"product_id": "krb5-server-0:1.3.4-49.el4_5.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.3.4-49.el4_5.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-0:1.3.4-49.el4_5.1.src",
"product": {
"name": "krb5-0:1.3.4-49.el4_5.1.src",
"product_id": "krb5-0:1.3.4-49.el4_5.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5@1.3.4-49.el4_5.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-devel-0:1.3.4-49.el4_5.1.ppc",
"product": {
"name": "krb5-devel-0:1.3.4-49.el4_5.1.ppc",
"product_id": "krb5-devel-0:1.3.4-49.el4_5.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.3.4-49.el4_5.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "krb5-workstation-0:1.3.4-49.el4_5.1.ppc",
"product": {
"name": "krb5-workstation-0:1.3.4-49.el4_5.1.ppc",
"product_id": "krb5-workstation-0:1.3.4-49.el4_5.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.3.4-49.el4_5.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc",
"product": {
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc",
"product_id": "krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.3.4-49.el4_5.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "krb5-libs-0:1.3.4-49.el4_5.1.ppc",
"product": {
"name": "krb5-libs-0:1.3.4-49.el4_5.1.ppc",
"product_id": "krb5-libs-0:1.3.4-49.el4_5.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.3.4-49.el4_5.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "krb5-server-0:1.3.4-49.el4_5.1.ppc",
"product": {
"name": "krb5-server-0:1.3.4-49.el4_5.1.ppc",
"product_id": "krb5-server-0:1.3.4-49.el4_5.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.3.4-49.el4_5.1?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc64",
"product": {
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc64",
"product_id": "krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.3.4-49.el4_5.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "krb5-libs-0:1.3.4-49.el4_5.1.ppc64",
"product": {
"name": "krb5-libs-0:1.3.4-49.el4_5.1.ppc64",
"product_id": "krb5-libs-0:1.3.4-49.el4_5.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.3.4-49.el4_5.1?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-devel-0:1.3.4-49.el4_5.1.s390x",
"product": {
"name": "krb5-devel-0:1.3.4-49.el4_5.1.s390x",
"product_id": "krb5-devel-0:1.3.4-49.el4_5.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.3.4-49.el4_5.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "krb5-workstation-0:1.3.4-49.el4_5.1.s390x",
"product": {
"name": "krb5-workstation-0:1.3.4-49.el4_5.1.s390x",
"product_id": "krb5-workstation-0:1.3.4-49.el4_5.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.3.4-49.el4_5.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.s390x",
"product": {
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.s390x",
"product_id": "krb5-debuginfo-0:1.3.4-49.el4_5.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.3.4-49.el4_5.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "krb5-libs-0:1.3.4-49.el4_5.1.s390x",
"product": {
"name": "krb5-libs-0:1.3.4-49.el4_5.1.s390x",
"product_id": "krb5-libs-0:1.3.4-49.el4_5.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.3.4-49.el4_5.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "krb5-server-0:1.3.4-49.el4_5.1.s390x",
"product": {
"name": "krb5-server-0:1.3.4-49.el4_5.1.s390x",
"product_id": "krb5-server-0:1.3.4-49.el4_5.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.3.4-49.el4_5.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.s390",
"product": {
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.s390",
"product_id": "krb5-debuginfo-0:1.3.4-49.el4_5.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-debuginfo@1.3.4-49.el4_5.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "krb5-libs-0:1.3.4-49.el4_5.1.s390",
"product": {
"name": "krb5-libs-0:1.3.4-49.el4_5.1.s390",
"product_id": "krb5-libs-0:1.3.4-49.el4_5.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-libs@1.3.4-49.el4_5.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "krb5-devel-0:1.3.4-49.el4_5.1.s390",
"product": {
"name": "krb5-devel-0:1.3.4-49.el4_5.1.s390",
"product_id": "krb5-devel-0:1.3.4-49.el4_5.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-devel@1.3.4-49.el4_5.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "krb5-workstation-0:1.3.4-49.el4_5.1.s390",
"product": {
"name": "krb5-workstation-0:1.3.4-49.el4_5.1.s390",
"product_id": "krb5-workstation-0:1.3.4-49.el4_5.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-workstation@1.3.4-49.el4_5.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "krb5-server-0:1.3.4-49.el4_5.1.s390",
"product": {
"name": "krb5-server-0:1.3.4-49.el4_5.1.s390",
"product_id": "krb5-server-0:1.3.4-49.el4_5.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/krb5-server@1.3.4-49.el4_5.1?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-0:1.3.4-49.el4_5.1.src as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-0:1.3.4-49.el4_5.1.src"
},
"product_reference": "krb5-0:1.3.4-49.el4_5.1.src",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.i386 as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.i386"
},
"product_reference": "krb5-debuginfo-0:1.3.4-49.el4_5.1.i386",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.ia64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ia64"
},
"product_reference": "krb5-debuginfo-0:1.3.4-49.el4_5.1.ia64",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc"
},
"product_reference": "krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc64"
},
"product_reference": "krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc64",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.s390 as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.s390"
},
"product_reference": "krb5-debuginfo-0:1.3.4-49.el4_5.1.s390",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.s390x as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.s390x"
},
"product_reference": "krb5-debuginfo-0:1.3.4-49.el4_5.1.s390x",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.x86_64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.x86_64"
},
"product_reference": "krb5-debuginfo-0:1.3.4-49.el4_5.1.x86_64",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-49.el4_5.1.i386 as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.i386"
},
"product_reference": "krb5-devel-0:1.3.4-49.el4_5.1.i386",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-49.el4_5.1.ia64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.ia64"
},
"product_reference": "krb5-devel-0:1.3.4-49.el4_5.1.ia64",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-49.el4_5.1.ppc as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.ppc"
},
"product_reference": "krb5-devel-0:1.3.4-49.el4_5.1.ppc",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-49.el4_5.1.s390 as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.s390"
},
"product_reference": "krb5-devel-0:1.3.4-49.el4_5.1.s390",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-49.el4_5.1.s390x as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.s390x"
},
"product_reference": "krb5-devel-0:1.3.4-49.el4_5.1.s390x",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-49.el4_5.1.x86_64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.x86_64"
},
"product_reference": "krb5-devel-0:1.3.4-49.el4_5.1.x86_64",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-49.el4_5.1.i386 as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.i386"
},
"product_reference": "krb5-libs-0:1.3.4-49.el4_5.1.i386",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-49.el4_5.1.ia64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ia64"
},
"product_reference": "krb5-libs-0:1.3.4-49.el4_5.1.ia64",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-49.el4_5.1.ppc as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ppc"
},
"product_reference": "krb5-libs-0:1.3.4-49.el4_5.1.ppc",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-49.el4_5.1.ppc64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ppc64"
},
"product_reference": "krb5-libs-0:1.3.4-49.el4_5.1.ppc64",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-49.el4_5.1.s390 as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.s390"
},
"product_reference": "krb5-libs-0:1.3.4-49.el4_5.1.s390",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-49.el4_5.1.s390x as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.s390x"
},
"product_reference": "krb5-libs-0:1.3.4-49.el4_5.1.s390x",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-49.el4_5.1.x86_64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.x86_64"
},
"product_reference": "krb5-libs-0:1.3.4-49.el4_5.1.x86_64",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-49.el4_5.1.i386 as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.i386"
},
"product_reference": "krb5-server-0:1.3.4-49.el4_5.1.i386",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-49.el4_5.1.ia64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.ia64"
},
"product_reference": "krb5-server-0:1.3.4-49.el4_5.1.ia64",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-49.el4_5.1.ppc as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.ppc"
},
"product_reference": "krb5-server-0:1.3.4-49.el4_5.1.ppc",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-49.el4_5.1.s390 as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.s390"
},
"product_reference": "krb5-server-0:1.3.4-49.el4_5.1.s390",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-49.el4_5.1.s390x as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.s390x"
},
"product_reference": "krb5-server-0:1.3.4-49.el4_5.1.s390x",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-49.el4_5.1.x86_64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.x86_64"
},
"product_reference": "krb5-server-0:1.3.4-49.el4_5.1.x86_64",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-49.el4_5.1.i386 as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.i386"
},
"product_reference": "krb5-workstation-0:1.3.4-49.el4_5.1.i386",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-49.el4_5.1.ia64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.ia64"
},
"product_reference": "krb5-workstation-0:1.3.4-49.el4_5.1.ia64",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-49.el4_5.1.ppc as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.ppc"
},
"product_reference": "krb5-workstation-0:1.3.4-49.el4_5.1.ppc",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-49.el4_5.1.s390 as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.s390"
},
"product_reference": "krb5-workstation-0:1.3.4-49.el4_5.1.s390",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-49.el4_5.1.s390x as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.s390x"
},
"product_reference": "krb5-workstation-0:1.3.4-49.el4_5.1.s390x",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-49.el4_5.1.x86_64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.5)",
"product_id": "4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.x86_64"
},
"product_reference": "krb5-workstation-0:1.3.4-49.el4_5.1.x86_64",
"relates_to_product_reference": "4AS-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-0:1.3.4-49.el4_5.1.src as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-0:1.3.4-49.el4_5.1.src"
},
"product_reference": "krb5-0:1.3.4-49.el4_5.1.src",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.i386 as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.i386"
},
"product_reference": "krb5-debuginfo-0:1.3.4-49.el4_5.1.i386",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.ia64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ia64"
},
"product_reference": "krb5-debuginfo-0:1.3.4-49.el4_5.1.ia64",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc"
},
"product_reference": "krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc64"
},
"product_reference": "krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc64",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.s390 as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.s390"
},
"product_reference": "krb5-debuginfo-0:1.3.4-49.el4_5.1.s390",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.s390x as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.s390x"
},
"product_reference": "krb5-debuginfo-0:1.3.4-49.el4_5.1.s390x",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-debuginfo-0:1.3.4-49.el4_5.1.x86_64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.x86_64"
},
"product_reference": "krb5-debuginfo-0:1.3.4-49.el4_5.1.x86_64",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-49.el4_5.1.i386 as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.i386"
},
"product_reference": "krb5-devel-0:1.3.4-49.el4_5.1.i386",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-49.el4_5.1.ia64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.ia64"
},
"product_reference": "krb5-devel-0:1.3.4-49.el4_5.1.ia64",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-49.el4_5.1.ppc as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.ppc"
},
"product_reference": "krb5-devel-0:1.3.4-49.el4_5.1.ppc",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-49.el4_5.1.s390 as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.s390"
},
"product_reference": "krb5-devel-0:1.3.4-49.el4_5.1.s390",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-49.el4_5.1.s390x as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.s390x"
},
"product_reference": "krb5-devel-0:1.3.4-49.el4_5.1.s390x",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-0:1.3.4-49.el4_5.1.x86_64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.x86_64"
},
"product_reference": "krb5-devel-0:1.3.4-49.el4_5.1.x86_64",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-49.el4_5.1.i386 as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.i386"
},
"product_reference": "krb5-libs-0:1.3.4-49.el4_5.1.i386",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-49.el4_5.1.ia64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ia64"
},
"product_reference": "krb5-libs-0:1.3.4-49.el4_5.1.ia64",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-49.el4_5.1.ppc as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ppc"
},
"product_reference": "krb5-libs-0:1.3.4-49.el4_5.1.ppc",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-49.el4_5.1.ppc64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ppc64"
},
"product_reference": "krb5-libs-0:1.3.4-49.el4_5.1.ppc64",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-49.el4_5.1.s390 as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.s390"
},
"product_reference": "krb5-libs-0:1.3.4-49.el4_5.1.s390",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-49.el4_5.1.s390x as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.s390x"
},
"product_reference": "krb5-libs-0:1.3.4-49.el4_5.1.s390x",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-libs-0:1.3.4-49.el4_5.1.x86_64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.x86_64"
},
"product_reference": "krb5-libs-0:1.3.4-49.el4_5.1.x86_64",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-49.el4_5.1.i386 as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.i386"
},
"product_reference": "krb5-server-0:1.3.4-49.el4_5.1.i386",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-49.el4_5.1.ia64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.ia64"
},
"product_reference": "krb5-server-0:1.3.4-49.el4_5.1.ia64",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-49.el4_5.1.ppc as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.ppc"
},
"product_reference": "krb5-server-0:1.3.4-49.el4_5.1.ppc",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-49.el4_5.1.s390 as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.s390"
},
"product_reference": "krb5-server-0:1.3.4-49.el4_5.1.s390",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-49.el4_5.1.s390x as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.s390x"
},
"product_reference": "krb5-server-0:1.3.4-49.el4_5.1.s390x",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-0:1.3.4-49.el4_5.1.x86_64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.x86_64"
},
"product_reference": "krb5-server-0:1.3.4-49.el4_5.1.x86_64",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-49.el4_5.1.i386 as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.i386"
},
"product_reference": "krb5-workstation-0:1.3.4-49.el4_5.1.i386",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-49.el4_5.1.ia64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.ia64"
},
"product_reference": "krb5-workstation-0:1.3.4-49.el4_5.1.ia64",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-49.el4_5.1.ppc as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.ppc"
},
"product_reference": "krb5-workstation-0:1.3.4-49.el4_5.1.ppc",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-49.el4_5.1.s390 as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.s390"
},
"product_reference": "krb5-workstation-0:1.3.4-49.el4_5.1.s390",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-49.el4_5.1.s390x as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.s390x"
},
"product_reference": "krb5-workstation-0:1.3.4-49.el4_5.1.s390x",
"relates_to_product_reference": "4ES-4.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-workstation-0:1.3.4-49.el4_5.1.x86_64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.5)",
"product_id": "4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.x86_64"
},
"product_reference": "krb5-workstation-0:1.3.4-49.el4_5.1.x86_64",
"relates_to_product_reference": "4ES-4.5.z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"MIT"
]
}
],
"cve": "CVE-2008-0062",
"discovery_date": "2008-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "432620"
}
],
"notes": [
{
"category": "description",
"text": "KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: uninitialized pointer use in krb5kdc",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-4.5.z:krb5-0:1.3.4-49.el4_5.1.src",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.i386",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ia64",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc64",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.s390",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.s390x",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.x86_64",
"4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.i386",
"4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.ia64",
"4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.ppc",
"4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.s390",
"4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.s390x",
"4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.x86_64",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.i386",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ia64",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ppc",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ppc64",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.s390",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.s390x",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.x86_64",
"4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.i386",
"4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.ia64",
"4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.ppc",
"4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.s390",
"4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.s390x",
"4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.x86_64",
"4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.i386",
"4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.ia64",
"4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.ppc",
"4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.s390",
"4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.s390x",
"4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.x86_64",
"4ES-4.5.z:krb5-0:1.3.4-49.el4_5.1.src",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.i386",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ia64",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc64",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.s390",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.s390x",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.x86_64",
"4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.i386",
"4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.ia64",
"4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.ppc",
"4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.s390",
"4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.s390x",
"4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.x86_64",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.i386",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ia64",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ppc",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ppc64",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.s390",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.s390x",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.x86_64",
"4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.i386",
"4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.ia64",
"4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.ppc",
"4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.s390",
"4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.s390x",
"4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.x86_64",
"4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.i386",
"4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.ia64",
"4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.ppc",
"4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.s390",
"4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.s390x",
"4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0062"
},
{
"category": "external",
"summary": "RHBZ#432620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432620"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0062",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0062"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0062",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0062"
}
],
"release_date": "2008-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-03-18T19:22:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-4.5.z:krb5-0:1.3.4-49.el4_5.1.src",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.i386",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ia64",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc64",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.s390",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.s390x",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.x86_64",
"4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.i386",
"4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.ia64",
"4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.ppc",
"4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.s390",
"4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.s390x",
"4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.x86_64",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.i386",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ia64",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ppc",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ppc64",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.s390",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.s390x",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.x86_64",
"4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.i386",
"4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.ia64",
"4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.ppc",
"4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.s390",
"4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.s390x",
"4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.x86_64",
"4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.i386",
"4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.ia64",
"4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.ppc",
"4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.s390",
"4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.s390x",
"4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.x86_64",
"4ES-4.5.z:krb5-0:1.3.4-49.el4_5.1.src",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.i386",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ia64",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc64",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.s390",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.s390x",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.x86_64",
"4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.i386",
"4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.ia64",
"4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.ppc",
"4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.s390",
"4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.s390x",
"4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.x86_64",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.i386",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ia64",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ppc",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ppc64",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.s390",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.s390x",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.x86_64",
"4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.i386",
"4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.ia64",
"4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.ppc",
"4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.s390",
"4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.s390x",
"4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.x86_64",
"4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.i386",
"4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.ia64",
"4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.ppc",
"4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.s390",
"4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.s390x",
"4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0182"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "krb5: uninitialized pointer use in krb5kdc"
},
{
"acknowledgments": [
{
"names": [
"MIT"
]
}
],
"cve": "CVE-2008-0063",
"discovery_date": "2008-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "432621"
}
],
"notes": [
{
"category": "description",
"text": "The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka \"Uninitialized stack values.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: possible leak of sensitive data from krb5kdc using krb4 request",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-4.5.z:krb5-0:1.3.4-49.el4_5.1.src",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.i386",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ia64",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc64",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.s390",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.s390x",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.x86_64",
"4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.i386",
"4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.ia64",
"4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.ppc",
"4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.s390",
"4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.s390x",
"4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.x86_64",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.i386",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ia64",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ppc",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ppc64",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.s390",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.s390x",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.x86_64",
"4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.i386",
"4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.ia64",
"4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.ppc",
"4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.s390",
"4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.s390x",
"4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.x86_64",
"4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.i386",
"4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.ia64",
"4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.ppc",
"4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.s390",
"4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.s390x",
"4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.x86_64",
"4ES-4.5.z:krb5-0:1.3.4-49.el4_5.1.src",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.i386",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ia64",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc64",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.s390",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.s390x",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.x86_64",
"4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.i386",
"4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.ia64",
"4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.ppc",
"4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.s390",
"4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.s390x",
"4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.x86_64",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.i386",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ia64",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ppc",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ppc64",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.s390",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.s390x",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.x86_64",
"4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.i386",
"4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.ia64",
"4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.ppc",
"4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.s390",
"4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.s390x",
"4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.x86_64",
"4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.i386",
"4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.ia64",
"4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.ppc",
"4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.s390",
"4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.s390x",
"4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0063"
},
{
"category": "external",
"summary": "RHBZ#432621",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432621"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0063",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0063"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0063",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0063"
}
],
"release_date": "2008-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-03-18T19:22:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-4.5.z:krb5-0:1.3.4-49.el4_5.1.src",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.i386",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ia64",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc64",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.s390",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.s390x",
"4AS-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.x86_64",
"4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.i386",
"4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.ia64",
"4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.ppc",
"4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.s390",
"4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.s390x",
"4AS-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.x86_64",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.i386",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ia64",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ppc",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ppc64",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.s390",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.s390x",
"4AS-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.x86_64",
"4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.i386",
"4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.ia64",
"4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.ppc",
"4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.s390",
"4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.s390x",
"4AS-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.x86_64",
"4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.i386",
"4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.ia64",
"4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.ppc",
"4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.s390",
"4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.s390x",
"4AS-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.x86_64",
"4ES-4.5.z:krb5-0:1.3.4-49.el4_5.1.src",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.i386",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ia64",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.ppc64",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.s390",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.s390x",
"4ES-4.5.z:krb5-debuginfo-0:1.3.4-49.el4_5.1.x86_64",
"4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.i386",
"4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.ia64",
"4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.ppc",
"4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.s390",
"4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.s390x",
"4ES-4.5.z:krb5-devel-0:1.3.4-49.el4_5.1.x86_64",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.i386",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ia64",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ppc",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.ppc64",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.s390",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.s390x",
"4ES-4.5.z:krb5-libs-0:1.3.4-49.el4_5.1.x86_64",
"4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.i386",
"4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.ia64",
"4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.ppc",
"4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.s390",
"4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.s390x",
"4ES-4.5.z:krb5-server-0:1.3.4-49.el4_5.1.x86_64",
"4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.i386",
"4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.ia64",
"4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.ppc",
"4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.s390",
"4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.s390x",
"4ES-4.5.z:krb5-workstation-0:1.3.4-49.el4_5.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0182"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "krb5: possible leak of sensitive data from krb5kdc using krb4 request"
}
]
}
GHSA-F6C2-J3P8-VXVV
Vulnerability from github – Published: 2022-05-01 23:27 – Updated: 2023-12-28 18:30
VLAI?
Details
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2008-0062"
],
"database_specific": {
"cwe_ids": [
"CWE-665"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-03-19T10:44:00Z",
"severity": "HIGH"
},
"details": "KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.",
"id": "GHSA-f6c2-j3p8-vxvv",
"modified": "2023-12-28T18:30:29Z",
"published": "2022-05-01T23:27:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0062"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41275"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html"
},
{
"type": "WEB",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29420"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29423"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29424"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29428"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29435"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29438"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29450"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29451"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29457"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29462"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29464"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29516"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29663"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/30535"
},
{
"type": "WEB",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html"
},
{
"type": "WEB",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html"
},
{
"type": "WEB",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt"
},
{
"type": "WEB",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0112"
},
{
"type": "WEB",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2008/dsa-1524"
},
{
"type": "WEB",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/895609"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:069"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:070"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:071"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0164.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0180.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0181.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0182.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/489761"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/489883/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/28303"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1019626"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-587-1"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/0922/references"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/1102/references"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/1744"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
VAR-200803-0027
Vulnerability from variot - Updated: 2026-04-10 22:10KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. Vulnerabilities in the MIT Kerberos Key Distribution Center server could allow a remote attacker to compromise the key database, gain access to sensitive information, or cause a denial of service. MIT Kerberos 5 KDC is prone to multiple information-disclosure vulnerabilities resulting from memory corruption. These issues occur when KDC is configured to support Kerberos 4 and processes malformed krb4 messages. An attacker can exploit these issues to obtain potentially sensitive information that will aid in further attacks. Failed exploit attempts will likely result in denial-of-service conditions. Given the nature of these vulnerabilities, the attacker could leverage these issues to execute arbitrary code, but this has not been confirmed. MIT Kerberos 5 version 1.6.3 KDC is vulnerable; other versions may also be affected. It adopts a client/server structure, and both the client and the server can authenticate each other (that is, double verification), which can prevent eavesdropping and replay attack, etc. MIT Kerberos 5 (also known as krb5) is a set of network authentication protocols developed by the Massachusetts Institute of Technology (MIT). ), which can prevent eavesdropping, prevent replay attacks, etc. If the KDC receives a malformed Kerberos 4 message, and there was no previous Kerberos 4 communication, a null pointer dereference will be triggered, causing the KDC to crash. If there is valid Kerberos 4 communication, messages sent to the client are locked using a null pointer; the pointer may resend a previously generated response, send some arbitrary block of process memory (which may contain key data), or due to an attempt to Accessing an invalid address crashes the process. If the process does not crash, a random address is passed to free(), which may corrupt the release pool, causing a crash, data corruption, or a jump to an arbitrary address in process memory. =========================================================== Ubuntu Security Notice USN-587-1 March 19, 2008 krb5 vulnerabilities CVE-2008-0062, CVE-2008-0063, CVE-2008-0947 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: libkadm55 1.4.3-5ubuntu0.7 libkrb53 1.4.3-5ubuntu0.7
Ubuntu 6.10: libkadm55 1.4.3-9ubuntu1.6 libkrb53 1.4.3-9ubuntu1.6
Ubuntu 7.04: libkadm55 1.4.4-5ubuntu3.4 libkrb53 1.4.4-5ubuntu3.4
Ubuntu 7.10: libkadm55 1.6.dfsg.1-7ubuntu0.1 libkrb53 1.6.dfsg.1-7ubuntu0.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
It was discovered that krb5 did not correctly handle certain krb4 requests. (CVE-2008-0947)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-5ubuntu0.7.diff.gz
Size/MD5: 1460317 0090e30287f3448ed9babac78c39d5ca
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-5ubuntu0.7.dsc
Size/MD5: 848 237125b6b35a1a059e5573d10fd7c18e
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3.orig.tar.gz
Size/MD5: 7279788 43fe621ecb849a83ee014dfb856c54af
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.3-5ubuntu0.7_all.deb
Size/MD5: 853222 dfd657a08b13ce0f3916e49ab8e3ce28
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.7_amd64.deb
Size/MD5: 190904 e9e05267f551177f3c7cae46fdda9565
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.7_amd64.deb
Size/MD5: 768706 79270ab27ac164fc4c76822e1dc0be2c
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.7_amd64.deb
Size/MD5: 425714 d8467d288bf46cdfa35ba74e6aa0ff02
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.7_amd64.deb
Size/MD5: 80378 b2d795bc82f8f962ceff0afdd11060da
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.7_amd64.deb
Size/MD5: 223230 73161771034af58dc6d0cd0c4be72fa8
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.7_amd64.deb
Size/MD5: 60376 f0712ab86caf1d9d9e52ff3750afeddd
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.7_amd64.deb
Size/MD5: 135158 34b51b738a69c2aeb9df20e0af93e9bc
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.7_amd64.deb
Size/MD5: 85274 265b8ad9968001e5c984743650d635ac
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.7_amd64.deb
Size/MD5: 67600 bd5c7020310f1bd70f8dc98864c2961c
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.7_amd64.deb
Size/MD5: 129906 0f0383de4d51d8581a260021c3332f72
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.7_i386.deb
Size/MD5: 165730 8128a78d17cd98c4ccfa086b390af167
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.7_i386.deb
Size/MD5: 647222 96672590753337d39b1aadc24dac0531
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.7_i386.deb
Size/MD5: 381120 af9c45400c55b68778f3b769c238548d
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.7_i386.deb
Size/MD5: 72298 754b91046e7e47bb0f2aa58cd2ca3797
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.7_i386.deb
Size/MD5: 187240 d7e5a8b1a077776309282bc328aab885
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.7_i386.deb
Size/MD5: 54326 1137dd0e4209cf7edb38ff327feb342d
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.7_i386.deb
Size/MD5: 121564 9e36fe3a9567176b2e224a45e55017a0
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.7_i386.deb
Size/MD5: 75920 cd8854a9ae911eaa1c82eaa945b3d175
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.7_i386.deb
Size/MD5: 58720 eaf05e05f40183c066e294bec431bc61
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.7_i386.deb
Size/MD5: 119078 67a73b248bf33afee23ffb885f5d2e18
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.7_powerpc.deb
Size/MD5: 177716 b834ad9d37a2e3dfa44d086c6dcbfbc9
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.7_powerpc.deb
Size/MD5: 752002 22dd063609b942c4996c56a3f74b266c
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.7_powerpc.deb
Size/MD5: 395914 b4fde9f81a08aa112f48b38f1d7faf9c
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.7_powerpc.deb
Size/MD5: 80530 7e55073ee6b67ba12f0ed48d0137e73c
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.7_powerpc.deb
Size/MD5: 220582 482d21e5007a1876bf6af64e434b4942
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.7_powerpc.deb
Size/MD5: 59574 4f47514f7992a292c162f40f8a174ee6
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.7_powerpc.deb
Size/MD5: 135962 0e23ea255a84c3a580e0d7e6b0da9546
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.7_powerpc.deb
Size/MD5: 85120 e07cf29268ba053833122cca9ed79d8d
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.7_powerpc.deb
Size/MD5: 65990 3c4f25017e0760f4dd10404e604087a8
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.7_powerpc.deb
Size/MD5: 134952 7096226ce8ce15dd20c6ed933888d56e
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.7_sparc.deb
Size/MD5: 165278 5c8580725c8a200f24173d38dfce388e
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.7_sparc.deb
Size/MD5: 678538 4002d8655a43f5784d5e9c95bc5b4f76
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.7_sparc.deb
Size/MD5: 368726 5ee45e24f0ac54d79a55c20674b2887f
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.7_sparc.deb
Size/MD5: 73042 672530bb7218c04a67e23d1053757050
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.7_sparc.deb
Size/MD5: 197404 ea257178102f6b7732ef12538ead3e24
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.7_sparc.deb
Size/MD5: 56304 855c59021874c714bd4e2605de10d5a6
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.7_sparc.deb
Size/MD5: 124374 7d8f7f84b2c1648b63129ba342389d75
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.7_sparc.deb
Size/MD5: 76922 142ed0e2c119d596c5437ac8f9042064
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.7_sparc.deb
Size/MD5: 62350 db681a03624a21a34425fea9f6fa9ade
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.7_sparc.deb
Size/MD5: 120620 ebe2ddf8dc131cf6e3322e1cb125f2f3
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-9ubuntu1.6.diff.gz
Size/MD5: 1481707 dc6dd5cd6d4a125e2fa70b9ebc3f8b12
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-9ubuntu1.6.dsc
Size/MD5: 883 8fdcf0af1cc631c882a44ae0214e0b6f
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3.orig.tar.gz
Size/MD5: 7279788 43fe621ecb849a83ee014dfb856c54af
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.3-9ubuntu1.6_all.deb
Size/MD5: 853934 f3a7a044bedb974b32a46708774ec894
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.6_amd64.deb
Size/MD5: 190826 7772b734a889ea97cf052de39072cead
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.6_amd64.deb
Size/MD5: 1073390 bedf0987fe159bc38c30663ad966d0ac
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.6_amd64.deb
Size/MD5: 772708 5cc8e489a0f6fcca17c3e0d8b9588879
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.6_amd64.deb
Size/MD5: 428050 11b4c2211b18453bd2a662a297569f49
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.6_amd64.deb
Size/MD5: 81790 06f349106755cc19cfb3f29fcc7228f8
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.6_amd64.deb
Size/MD5: 224408 59491e595a544a84463a6deec8305f66
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.6_amd64.deb
Size/MD5: 61620 f58dcb4c09e4c96f3db5bfc8172fdffa
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.6_amd64.deb
Size/MD5: 139116 31943a9766f657fd47ac1aded48d49d6
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.6_amd64.deb
Size/MD5: 87426 1033408d2692b38926947f8ae85e1515
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.6_amd64.deb
Size/MD5: 68116 291db335b868748c933a7c67e6add6a7
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.6_amd64.deb
Size/MD5: 130628 a2cb3cd3ee9ede8c3c10e695fd8148af
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.6_i386.deb
Size/MD5: 173062 e15aa9368fc4e4ef4562a23cc1780484
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.6_i386.deb
Size/MD5: 1024998 798f81a00c59842cbc2c8ea8cd4b9a5e
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.6_i386.deb
Size/MD5: 673152 671e72c1eb7645dfda924c77949610dd
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.6_i386.deb
Size/MD5: 404172 445f952e23f810f6de10773a01fd68ae
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.6_i386.deb
Size/MD5: 75380 0b3cd4b087f56ebdd527d61194cf7fc0
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.6_i386.deb
Size/MD5: 196506 bff3435e0da9aecff7a26d73e712937f
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.6_i386.deb
Size/MD5: 57136 3fafa3cd2cd2792e740c4d6976a881de
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.6_i386.deb
Size/MD5: 129352 7e190df154981717bf711697c5042cd4
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.6_i386.deb
Size/MD5: 80102 94a76cc7807e9d6598b4a452a7fbb738
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.6_i386.deb
Size/MD5: 61928 b7fdd344e683ce45be88f8fa43290175
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.6_i386.deb
Size/MD5: 122208 eb1ec6653d6d790e23dbcc14cd98f5f7
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.6_powerpc.deb
Size/MD5: 180126 f8e5d077ee06234bbb9881beb9d49f36
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.6_powerpc.deb
Size/MD5: 1076974 4752e5e87fdcd67fcb0f1ee2c35ddf80
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.6_powerpc.deb
Size/MD5: 758400 73ed6c35fbdcf1866a65a6198df8ca82
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.6_powerpc.deb
Size/MD5: 399112 1fdd3a0a2a45bd410a1f4e72713a0e1e
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.6_powerpc.deb
Size/MD5: 82420 446cda40d1590c088e2fc83118a58e13
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.6_powerpc.deb
Size/MD5: 223182 8e6f5f3062fe3cfb113db73bc8a1a89e
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.6_powerpc.deb
Size/MD5: 61826 b4ad931a1a1d48b668a972893502cd67
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.6_powerpc.deb
Size/MD5: 141210 8892626a667e0010a0cba8fe19df958f
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.6_powerpc.deb
Size/MD5: 87318 c7306114bbb195c221962abc469a1d42
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.6_powerpc.deb
Size/MD5: 67222 b99ea3def960bdc849376c508e263f0d
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.6_powerpc.deb
Size/MD5: 136888 1c651e27011fa9c25ea87960b40ffe1b
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.6_sparc.deb
Size/MD5: 167176 0f2f57754f3e012257a6fef890a23767
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.6_sparc.deb
Size/MD5: 957816 2ef6010c70801e7b0dd5e633a08e3fac
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.6_sparc.deb
Size/MD5: 685238 a68016ffc9abcd0eab3f7f1ae323e83e
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.6_sparc.deb
Size/MD5: 374074 d5ff62adb392f5be8b29c2e1056f6f92
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.6_sparc.deb
Size/MD5: 75210 9611a07b489b518605a9550b27b3dd7c
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.6_sparc.deb
Size/MD5: 203684 89d989c5db437eba6e9e56fc9bf7dc93
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.6_sparc.deb
Size/MD5: 58980 b9d7f11d5c491595c90006ae7c039935
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.6_sparc.deb
Size/MD5: 129664 acf15ad70331066092154952cbd7754a
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.6_sparc.deb
Size/MD5: 80428 8409c34ee32612d48e8936618118bab7
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.6_sparc.deb
Size/MD5: 63612 64b2987c2aee57159bc092c5fe37a25b
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.6_sparc.deb
Size/MD5: 122730 95db549e03f3bc30995d566f8ea7edac
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.4-5ubuntu3.4.diff.gz
Size/MD5: 1589880 e20eef948656a29a255b557af6e7817b
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.4-5ubuntu3.4.dsc
Size/MD5: 968 971223b33ae8631f013c20a3c8867805
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.4.orig.tar.gz
Size/MD5: 11017910 a675e5953bb8a29b5c6eb6f4ab0bb32a
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.4-5ubuntu3.4_all.deb
Size/MD5: 1806176 c34d13b6877a21c426a85719a6ecf6a0
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.4-5ubuntu3.4_amd64.deb
Size/MD5: 194368 2b6345b614c38e353a3ec4abd2957e6d
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.4-5ubuntu3.4_amd64.deb
Size/MD5: 1076886 d4e2d9d77afd78df99d96a6541730527
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.4-5ubuntu3.4_amd64.deb
Size/MD5: 772608 c3f93d5b94e84df6faac86b701f9836c
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.4-5ubuntu3.4_amd64.deb
Size/MD5: 436580 f7e6430bf6f628592596b44e7341af30
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.4-5ubuntu3.4_amd64.deb
Size/MD5: 83772 ad232225b5bbc88f1e0f5bd55916de24
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.4-5ubuntu3.4_amd64.deb
Size/MD5: 226770 34e47342c392be9006254e15fc0258e3
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.4-5ubuntu3.4_amd64.deb
Size/MD5: 62258 c71fecc4d7bd6e3191c08a19cbf07aa5
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.4-5ubuntu3.4_amd64.deb
Size/MD5: 141840 33ec180078e9b8e1f80fca5f26c1d558
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.4-5ubuntu3.4_amd64.deb
Size/MD5: 88380 64572d633f1a84999b2205bd6958206c
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.4-5ubuntu3.4_amd64.deb
Size/MD5: 68890 dcabc2bcaac75b7e226c9090a82207a0
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.4-5ubuntu3.4_amd64.deb
Size/MD5: 132614 f129069e4dd68ccf7801c717603713ef
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.4-5ubuntu3.4_i386.deb
Size/MD5: 176870 9e0e200bdff3119ef8488f9a5bf62e7c
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.4-5ubuntu3.4_i386.deb
Size/MD5: 1031008 8a80209f195b2eb787236e0dcd8aaa23
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.4-5ubuntu3.4_i386.deb
Size/MD5: 672020 7b5b4e1643b5802b2bbfab006d0e6d7a
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.4-5ubuntu3.4_i386.deb
Size/MD5: 412036 213c308bef9eaa6762ab755da6e7442a
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.4-5ubuntu3.4_i386.deb
Size/MD5: 77328 295e5ed2c0c2366fc6b3d343607ae431
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.4-5ubuntu3.4_i386.deb
Size/MD5: 199040 1b0a50f1bf8e421d9838acea254c6c26
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.4-5ubuntu3.4_i386.deb
Size/MD5: 57780 96ae66401532d513b4333c3429f6e2eb
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.4-5ubuntu3.4_i386.deb
Size/MD5: 131900 fc29493488e6311a94cfa5ec2c5ac7a8
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.4-5ubuntu3.4_i386.deb
Size/MD5: 81008 0c2bd14ee6534cad097d5d80200cc94a
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.4-5ubuntu3.4_i386.deb
Size/MD5: 62650 8d1f1316f52fe066626f0fde07f8b990
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.4-5ubuntu3.4_i386.deb
Size/MD5: 124088 de985ccf04486e2043c2324affbb18af
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.4-5ubuntu3.4_powerpc.deb
Size/MD5: 194590 f63db5ccc5825220d5014b1d7eda0ebe
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.4-5ubuntu3.4_powerpc.deb
Size/MD5: 1082008 3501eca4bc0d14b39fbc662ee20ab7cb
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.4-5ubuntu3.4_powerpc.deb
Size/MD5: 757006 169816425e730c69266d39518fb718f8
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.4-5ubuntu3.4_powerpc.deb
Size/MD5: 429982 24a79674c75e6f9731d34468ad86e27c
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.4-5ubuntu3.4_powerpc.deb
Size/MD5: 90254 936f19b572498c2de200fd3e323657de
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.4-5ubuntu3.4_powerpc.deb
Size/MD5: 240274 eb844e20839937a3ccad330429ba1840
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.4-5ubuntu3.4_powerpc.deb
Size/MD5: 65452 dffc482a088d83a0100e78e69f332bb8
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.4-5ubuntu3.4_powerpc.deb
Size/MD5: 153794 308fc25b452cb374f7b45a472784761b
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.4-5ubuntu3.4_powerpc.deb
Size/MD5: 96692 9566a692d6f8a6d47e9f60e25d13927d
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.4-5ubuntu3.4_powerpc.deb
Size/MD5: 70680 4949b60728fc08134113f744738a293c
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.4-5ubuntu3.4_powerpc.deb
Size/MD5: 150262 dbf317c0added0c3faae6710b8026fc8
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.4-5ubuntu3.4_sparc.deb
Size/MD5: 170940 967a1344994914065dc904da571a2aef
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.4-5ubuntu3.4_sparc.deb
Size/MD5: 965784 bd503df54b8c9afcb4e5a6a375ce7fa8
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.4-5ubuntu3.4_sparc.deb
Size/MD5: 683396 939cb2731116dc8718ea4ebc996b5c7e
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.4-5ubuntu3.4_sparc.deb
Size/MD5: 380910 5b46d8169ecc2409caad5dd4feacdc2b
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.4-5ubuntu3.4_sparc.deb
Size/MD5: 79084 e3da961bcea67ff2c217008d141075cf
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.4-5ubuntu3.4_sparc.deb
Size/MD5: 210904 688aeb4162f4dcf86768ddd299cf6625
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.4-5ubuntu3.4_sparc.deb
Size/MD5: 60996 e20fcf5e2b4bab548fe8e0836aff86eb
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.4-5ubuntu3.4_sparc.deb
Size/MD5: 135846 55612458a19bd82331991bbb672f74e9
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.4-5ubuntu3.4_sparc.deb
Size/MD5: 84546 f1fc527ed376549516113ae94ca7d0fb
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.4-5ubuntu3.4_sparc.deb
Size/MD5: 65282 7726043628cc103faccb839be0def042
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.4-5ubuntu3.4_sparc.deb
Size/MD5: 127130 edddba0066c5bab862847c750a231a51
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.1-7ubuntu0.1.diff.gz
Size/MD5: 1674637 40fa0c4bdf307c7e5d9509be9870434e
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.1-7ubuntu0.1.dsc
Size/MD5: 1044 2c6766c8721cf2e3caa259cdb5badf10
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.1.orig.tar.gz
Size/MD5: 14474321 8f8d6a494380f01a7a0a9236162afa52
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.6.dfsg.1-7ubuntu0.1_all.deb
Size/MD5: 2076606 1c021446b5f479717a4998df0f87f205
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.1-7ubuntu0.1_amd64.deb
Size/MD5: 165034 78f040deebe1683f8966347e9896fce8
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.1-7ubuntu0.1_amd64.deb
Size/MD5: 1308970 04db0004a99e7e0d01b37d922f47df1e
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.1-7ubuntu0.1_amd64.deb
Size/MD5: 88606 6509d222135bfaa05ebf79db1f63c2a7
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.1-7ubuntu0.1_amd64.deb
Size/MD5: 493016 54a329e5f8464d5f519ac225f4d5d778
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.1-7ubuntu0.1_amd64.deb
Size/MD5: 87824 cac8d5d1297bb71c52a877cf0b85c393
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.1-7ubuntu0.1_amd64.deb
Size/MD5: 228534 d6c15467cf49d74831ac0ea494eec6f9
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.1-7ubuntu0.1_amd64.deb
Size/MD5: 65864 563aaa90bffe6ff07ff8db56cff826f8
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.1-7ubuntu0.1_amd64.deb
Size/MD5: 185182 e1f4910f7b6fca6655696a0bb7169d7b
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.1-7ubuntu0.1_amd64.deb
Size/MD5: 91334 c1c20f704f98f19212cfa70ac9edf193
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.1-7ubuntu0.1_amd64.deb
Size/MD5: 72950 de7748ddb5f7cd3f0744eb77770fa3e0
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.6.dfsg.1-7ubuntu0.1_amd64.deb
Size/MD5: 137592 99c3b6d671ae7f0439f379d5b2688659
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.1-7ubuntu0.1_i386.deb
Size/MD5: 148364 a3e27e81c7e81f627d05c708faae402d
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.1-7ubuntu0.1_i386.deb
Size/MD5: 1266912 2696e89ea8cf6e857e36ee740fb65ea0
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.1-7ubuntu0.1_i386.deb
Size/MD5: 88624 9970f2076c76427dd0cbf217b6a6bba0
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.1-7ubuntu0.1_i386.deb
Size/MD5: 462068 bd3623332d7737858d0fe5918ef8838d
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.1-7ubuntu0.1_i386.deb
Size/MD5: 81192 d4a4e0e7358f626abc0dbb81575071f6
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.1-7ubuntu0.1_i386.deb
Size/MD5: 199624 5a24164123aaea818f2d40c41186fdf7
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.1-7ubuntu0.1_i386.deb
Size/MD5: 61098 8cc21c42ff5dd534f7158c4c750a498e
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.1-7ubuntu0.1_i386.deb
Size/MD5: 172178 319f2ba5ea41bb97a125049f17154ac4
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.1-7ubuntu0.1_i386.deb
Size/MD5: 83634 049a305ea62a45ec23b65dbcd04e85fb
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.1-7ubuntu0.1_i386.deb
Size/MD5: 66538 a0c51897ca2c55ee7ec2447465121f5e
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.6.dfsg.1-7ubuntu0.1_i386.deb
Size/MD5: 128624 df48b843cf7ab20fc4696d36bba2fe6e
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.1-7ubuntu0.1_powerpc.deb
Size/MD5: 162676 0c11613a3d49190eb92074c27833f4c6
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.1-7ubuntu0.1_powerpc.deb
Size/MD5: 1320150 c2a537a9acf0ebf7b08764506136d37e
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.1-7ubuntu0.1_powerpc.deb
Size/MD5: 88634 eedc4522ba18dfed6fd2483cf8dd0379
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.1-7ubuntu0.1_powerpc.deb
Size/MD5: 482868 4d015493346726e61cd0cf9525e2b1e5
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.1-7ubuntu0.1_powerpc.deb
Size/MD5: 94492 50526cbb8952316a7b9195edcf148fd3
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.1-7ubuntu0.1_powerpc.deb
Size/MD5: 241802 99608692096cfa0e88372013a1b41517
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.1-7ubuntu0.1_powerpc.deb
Size/MD5: 68960 fc1d60376ba03106488b098f4b5ea624
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.1-7ubuntu0.1_powerpc.deb
Size/MD5: 198522 24b5f7bb74e3d978888dd1cdd065f881
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.1-7ubuntu0.1_powerpc.deb
Size/MD5: 99412 ca441f559a1e11b55c3ef52c54ede8ca
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.1-7ubuntu0.1_powerpc.deb
Size/MD5: 74666 0657bf76d80f969330c5391d65291baa
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.6.dfsg.1-7ubuntu0.1_powerpc.deb
Size/MD5: 155750 967a3ce3bc4fe5383a2a4f6a54ac686a
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.1-7ubuntu0.1_sparc.deb
Size/MD5: 145672 b78635a0dbdb4d4d76c7e6d7ee4cb2fa
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.1-7ubuntu0.1_sparc.deb
Size/MD5: 1200060 c280c5257a62a657ba79ac09ed62e4ff
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.1-7ubuntu0.1_sparc.deb
Size/MD5: 88620 9b75ff80509a5b3435f7d6f30b19ac9b
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.1-7ubuntu0.1_sparc.deb
Size/MD5: 431168 3c7606d6ced441110ab47b16de3542fc
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.1-7ubuntu0.1_sparc.deb
Size/MD5: 83030 cc47e0b9c435c5802a2352cb203c435c
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.1-7ubuntu0.1_sparc.deb
Size/MD5: 211104 bed40b53469b42c5a65a1f0640ae4d2f
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.1-7ubuntu0.1_sparc.deb
Size/MD5: 64404 13877024ad747d0ce0a696210217f170
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.1-7ubuntu0.1_sparc.deb
Size/MD5: 172948 8fd8903c9b1caa12ebe73c7c6f86de98
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.1-7ubuntu0.1_sparc.deb
Size/MD5: 87474 c3f94c62f987a7a6d50f9d5344e59cff
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.1-7ubuntu0.1_sparc.deb
Size/MD5: 69196 97040973c460c004ee83b7ba19ddfc88
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.6.dfsg.1-7ubuntu0.1_sparc.deb
Size/MD5: 131692 c12abe7485457bcd0ebe5cf3ecfcc850
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2008:070 http://www.mandriva.com/security/
Package : krb5 Date : March 19, 2008 Affected: 2007.0, Corporate 4.0
Problem Description:
A memory management flaw was found in the GSSAPI library used by Kerberos that could result in an attempt to free already freed memory, possibly leading to a crash or allowing the execution of arbitrary code (CVE-2007-5971).
A flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4 protocol packets.
This issue only affects krb5kdc when it has Kerberos v4 protocol compatibility enabled, which is a compiled-in default in all Kerberos versions that Mandriva Linux ships prior to Mandriva Linux 2008.0.
The updated packages have been patched to correct these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt
Updated Packages:
Mandriva Linux 2007.0: ef17fea5e296992fb34b0d00540b4190 2007.0/i586/ftp-client-krb5-1.4.3-7.4mdv2007.0.i586.rpm dbc47795968f03dff7eb50ff34a63b8d 2007.0/i586/ftp-server-krb5-1.4.3-7.4mdv2007.0.i586.rpm 36f5b4160b9dc7d4393b8bc5f4f0b6fb 2007.0/i586/krb5-server-1.4.3-7.4mdv2007.0.i586.rpm f76121f223836939aef1f77164a7224d 2007.0/i586/krb5-workstation-1.4.3-7.4mdv2007.0.i586.rpm 65c052a4916406626b3289abdb43e0a6 2007.0/i586/libkrb53-1.4.3-7.4mdv2007.0.i586.rpm e50117c585a8560813bc93704562e726 2007.0/i586/libkrb53-devel-1.4.3-7.4mdv2007.0.i586.rpm 1f99498d879f9343510479f2791245ac 2007.0/i586/telnet-client-krb5-1.4.3-7.4mdv2007.0.i586.rpm 9ed009750d2bcf738ceefce2e4c69512 2007.0/i586/telnet-server-krb5-1.4.3-7.4mdv2007.0.i586.rpm 9e63ac2d698d562ead71d5dd8c7ae315 2007.0/SRPMS/krb5-1.4.3-7.4mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64: 029aad278f01c2baef9f93b86b0bc20d 2007.0/x86_64/ftp-client-krb5-1.4.3-7.4mdv2007.0.x86_64.rpm dae016ff39d8e4d9f517b3197eefd926 2007.0/x86_64/ftp-server-krb5-1.4.3-7.4mdv2007.0.x86_64.rpm 8b3fac7b20798715efdad0d0db6b4472 2007.0/x86_64/krb5-server-1.4.3-7.4mdv2007.0.x86_64.rpm 81f6c05a73c175b581790532aa8572f1 2007.0/x86_64/krb5-workstation-1.4.3-7.4mdv2007.0.x86_64.rpm 41e10d5f06e05ea4cf455a0c3420d09f 2007.0/x86_64/lib64krb53-1.4.3-7.4mdv2007.0.x86_64.rpm eeebf59564375187f01f628be3ac5132 2007.0/x86_64/lib64krb53-devel-1.4.3-7.4mdv2007.0.x86_64.rpm cff3b7303e5d157e4ef246867ba396e8 2007.0/x86_64/telnet-client-krb5-1.4.3-7.4mdv2007.0.x86_64.rpm ee55c784f89a1190efb9ce619ba34227 2007.0/x86_64/telnet-server-krb5-1.4.3-7.4mdv2007.0.x86_64.rpm 9e63ac2d698d562ead71d5dd8c7ae315 2007.0/SRPMS/krb5-1.4.3-7.4mdv2007.0.src.rpm
Corporate 4.0: d4dcc40949ba7e72823de561b2b5b050 corporate/4.0/i586/ftp-client-krb5-1.4.3-5.6.20060mlcs4.i586.rpm 5e8b8cf4c051f235f2b4a3cc2a8c967c corporate/4.0/i586/ftp-server-krb5-1.4.3-5.6.20060mlcs4.i586.rpm 3c5812da62cc9a0cea89306877386ef7 corporate/4.0/i586/krb5-server-1.4.3-5.6.20060mlcs4.i586.rpm 40b114f22d7109a125cdf5243160c5f1 corporate/4.0/i586/krb5-workstation-1.4.3-5.6.20060mlcs4.i586.rpm db7506751e5178556652b74d81b06c6d corporate/4.0/i586/libkrb53-1.4.3-5.6.20060mlcs4.i586.rpm 59ec6c3b207538656f2645eb3c0adf6a corporate/4.0/i586/libkrb53-devel-1.4.3-5.6.20060mlcs4.i586.rpm fe234b5f259def09b88fba24869eba83 corporate/4.0/i586/telnet-client-krb5-1.4.3-5.6.20060mlcs4.i586.rpm e2b51de61c9a91686e98a05ea98ec05f corporate/4.0/i586/telnet-server-krb5-1.4.3-5.6.20060mlcs4.i586.rpm 6a739594760cabeb536550168eefb333 corporate/4.0/SRPMS/krb5-1.4.3-5.6.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 0b23f077db4f274b061f34eb50f47634 corporate/4.0/x86_64/ftp-client-krb5-1.4.3-5.6.20060mlcs4.x86_64.rpm c70ca9de25fa8c9f7504f344b5be613a corporate/4.0/x86_64/ftp-server-krb5-1.4.3-5.6.20060mlcs4.x86_64.rpm ca075a30dfeb617f808d616bbf420c63 corporate/4.0/x86_64/krb5-server-1.4.3-5.6.20060mlcs4.x86_64.rpm 76ec4cd64c814c9cdf44e7c734f66cd9 corporate/4.0/x86_64/krb5-workstation-1.4.3-5.6.20060mlcs4.x86_64.rpm 8eb62cc682d40a65a4b94aedb326cfc0 corporate/4.0/x86_64/lib64krb53-1.4.3-5.6.20060mlcs4.x86_64.rpm 538eb51b88db5d5a368bdbdf74607501 corporate/4.0/x86_64/lib64krb53-devel-1.4.3-5.6.20060mlcs4.x86_64.rpm c22a1ac95f1a15fb65ee0eec60472936 corporate/4.0/x86_64/telnet-client-krb5-1.4.3-5.6.20060mlcs4.x86_64.rpm b64f38875ba0dbf2441b1fd78dbf585d corporate/4.0/x86_64/telnet-server-krb5-1.4.3-5.6.20060mlcs4.x86_64.rpm 6a739594760cabeb536550168eefb333 corporate/4.0/SRPMS/krb5-1.4.3-5.6.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFH4WLsmqjQ0CJFipgRAqPPAKDOpukZQTnwRrBaWSnGspor0gG/LwCg6fPB /jGRkhAI24wO20EBKKpdYF0= =Z6Kl -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
VMware Security Advisory
Advisory ID: VMSA-2008-0009 Synopsis: Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues Issue date: 2008-06-04 Updated on: 2008-06-04 (initial release of advisory) CVE numbers: CVE-2007-5671 CVE-2008-0967 CVE-2008-2097 CVE-2008-2100 CVE-2006-1721 CVE-2008-0553 CVE-2007-5378 CVE-2007-4772 CVE-2008-0888 CVE-2008-0062 CVE-2008-0063 CVE-2008-0948
- Summary:
Several critical security vulnerabilities have been addressed in patches in ESX and in the newest releases of VMware's hosted product line.
- Relevant releases:
VMware Workstation 6.0.3 and earlier, VMware Workstation 5.5.6 and earlier, VMware Player 2.0.3 and earlier, VMware Player 1.0.6 and earlier, VMware ACE 2.0.3 and earlier, VMware ACE 1.0.5 and earlier, VMware Server 1.0.5 and earlier, VMware Fusion 1.1.1 and earlier
VMware ESXi 3.5 without patches ESXe350-200805501-I-SG, ESXe350-200805502-T-SG, ESXe350-200805503-C-SG
VMware ESX 3.5 without patches ESX350-200805515-SG, ESX350-200805508-SG, ESX350-200805501-BG, ESX350-200805504-SG, ESX350-200805506-SG, ESX350-200805505-SG, ESX350-200805507-SG
VMware ESX 3.0.2 without patches ESX-1004727, ESX-1004821, ESX-1004216, ESX-1004726, ESX-1004722, ESX-1004724, ESX-1004719, ESX-1004219
VMware ESX 3.0.1 without patches ESX-1004186, ESX-1004728, ESX-1004725, ESX-1004721, ESX-1004723, ESX-1004190, ESX-1004189
VMware ESX 2.5.5 without update patch 8 VMware ESX 2.5.4 without update patch 19
NOTES: Hosted products VMware Workstation 5.x, VMware Player 1.x, and VMware ACE 1.x will reach end of general support 2008-11-09. Customers should plan to upgrade to the latest version of their respective products.
ESX 3.0.1 is in Extended Support and its end of extended
support (Security and Bug fixes) is 2008-07-31. Users should plan
to upgrade to at least 3.0.2 update 1 and preferably the newest
release available before the end of extended support.
ESX 2.5.4 is in Extended Support and its end of extended support
(Security and Bug fixes) is 2008-10-08. Users should plan to upgrade
to at least 2.5.5 and preferably the newest release available before
the end of extended support.
- Problem description:
a. VMware Tools Local Privilege Escalation on Windows-based guest OS
The VMware Tools Package provides support required for shared folders
(HGFS) and other features.
An input validation error is present in the Windows-based VMware
HGFS.sys driver. Exploitation of this flaw might result in
arbitrary code execution on the guest system by an unprivileged
guest user. It doesn't matter on what host the Windows guest OS
is running, as this is a guest driver vulnerability and not a
vulnerability on the host.
The HGFS.sys driver is present in the guest operating system if the
VMware Tools package is loaded. Even if the host has HGFS disabled
and has no shared folders, Windows-based guests may be affected. This
is regardless if a host supports HGFS.
This issue could be mitigated by removing the VMware Tools package
from Windows based guests. However this is not recommended as it
would impact usability of the product.
NOTE: Installing the new hosted release or ESX patches will not
remediate the issue. The VMware Tools packages will need
to be updated on each Windows-based guest followed by a
reboot of the guest system.
VMware would like to thank iDefense and Stephen Fewer of Harmony
Security for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-5671 to this issue.
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
Workstation 6.x Windows not affected
Workstation 6.x Linux not affected
Workstation 5.x Windows 5.5.6 build 80404 or later
Workstation 5.x Linux 5.5.6 build 80404 or later
Player 2.x Windows not affected
Player 2.x Linux not affected
Player 1.x Windows 1.0.6 build 80404 or later
Player 1.x Linux 1.0.6 build 80404 or later
ACE 2.x Windows not affected
ACE 1.x Windows 1.0.5 build 79846 or later
Server 1.x Windows 1.0.5 build 80187 or later
Server 1.x Linux 1.0.5 build 80187 or later
Fusion 1.x Mac OS/X not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX not affected
ESX 3.0.2 ESX ESX-1004727
ESX 3.0.1 ESX ESX-1004186
ESX 2.5.5 ESX ESX 2.5.5 upgrade patch 5 or later
ESX 2.5.4 ESX ESX 2.5.4 upgrade patch 16 or later
b. Privilege escalation on ESX or Linux based hosted operating systems
This update fixes a security issue related to local exploitation of
an untrusted library path vulnerability in vmware-authd. In order to
exploit this vulnerability, an attacker must have local access and
the ability to execute the set-uid vmware-authd binary on an affected
system. Exploitation of this flaw might result in arbitrary code
execution on the Linux host system by an unprivileged user.
VMware would like to thank iDefense for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-0967 to this issue.
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
Workstation 6.x Windows not affected
Workstation 6.x Linux 6.0.4 build 93057
Workstation 5.x Windows not affected
Workstation 5.x Linux 5.5.7 build 91707
Player 2.x Windows not affected
Player 2.x Linux 2.0.4 build 93057
Player 1.x Windows not affected
Player 1.x Linux 1.0.7 build 91707
ACE 2.x Windows not affected
ACE 1.x Windows not affected
Server 1.x Windows not affected
Server 1.x Linux 1.0.6 build 91891
Fusion 1.x Mac OS/X not affected
ESXi 3.5 ESXi ESXe350-200805501-I-SG
ESX 3.5 ESX ESX350-200805515-SG
ESX 3.0.2 ESX ESX-1004821
ESX 3.0.1 ESX ESX-1004728
ESX 2.5.5 ESX ESX 2.5.5 update patch 8
ESX 2.5.4 ESX ESX 2.5.4 update patch 19
c. Openwsman Invalid Content-Length Vulnerability
Openwsman is a system management platform that implements the Web
Services Management protocol (WS-Management). It is installed and
running by default. It is used in the VMware Management Service
Console and in ESXi.
The openwsman management service on ESX 3.5 and ESXi 3.5 is vulnerable
to a privilege escalation vulnerability, which may allow users with
non-privileged ESX or Virtual Center accounts to gain root privileges.
To exploit this vulnerability, an attacker would need a local ESX
account or a VirtualCenter account with the Host.Cim.CimInteraction
permission.
Systems with no local ESX accounts and no VirtualCenter accounts with
the Host.Cim.CimInteraction permission are not vulnerable.
This vulnerability cannot be exploited by users without valid login
credentials.
Discovery: Alexander Sotirov, VMware Security Research
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-2097 to this issue.
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
hosted any any not affected
ESXi 3.5 ESXi ESXe350-200805501-I-SG
ESX 3.5 ESX ESX350-200805508-SG
ESX 3.0.2 ESX not affected
ESX 3.0.1 ESX not affected
ESX 2.5.5 ESX not affected
ESX 2.5.4 ESX not affected
NOTE: VMware hosted products are not affected by this issue.
d. VMware VIX Application Programming Interface (API) Memory Overflow Vulnerabilities
The VIX API (also known as "Vix") is an API that lets users write scripts
and programs to manipulate virtual machines.
Multiple buffer overflow vulnerabilities are present in the VIX API.
Exploitation of these vulnerabilities might result in code execution on
the host system or on the service console in ESX Server from the guest
operating system.
The VIX API can be enabled and disabled using the "vix.inGuest.enable"
setting in the VMware configuration file. This default value for this
setting is "disabled". This configuration setting is present in the
following products:
VMware Workstation 6.0.2 and higher
VMware ACE 6.0.2 and higher
VMware Server 1.06 and higher
VMware Fusion 1.1.2 and higher
ESX Server 3.0 and higher
ESX Server 3.5 and higher
In previous versions of VMware products where the VIX API was introduced,
the VIX API couldn't be disabled.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-2100 to this issue.
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
VIX API 1.1.x Windows VMware-vix-1.1.4-93057.exe
VIX API 1.1.x Linux VMware-vix-1.1.4-93057.i386.tar.gz
VIX API 1.1.x Linux64 VMware-vix-1.1.4-93057.x86_64.tar.gz
Workstation 6.x Windows 6.0.4 build 93057
Workstation 6.x Linux 6.0.4 build 93057
Workstation 5.x Windows 5.5.7 build 91707
Workstation 5.x Linux 5.5.7 build 91707
Player 2.x Windows 2.0.4 build 93057
Player 2.x Linux 2.0.4 build 93057
Player 1.x Windows 1.0.6 build 91707
Player 1.x Linux 1.0.6 build 91707
ACE 2.x Windows 2.0.4 build 93057
ACE 1.x Windows not affected
Server 1.x Windows 1.0.6 build 91891
Server 1.x Linux 1.0.6 build 91891
Fusion 1.x Mac OS/X 1.1.2 build 87978 or later
ESXi 3.5 ESXi ESXe350-200805501-I-SG,
ESXe350-200805502-T-SG
ESX 3.5 ESX ESX350-200805501-BG
ESX 3.0.2 ESX ESX-1004216, ESX-1004726, ESX-1004727
ESX 3.0.1 ESX ESX-1004186, ESX-1004725
ESX 2.5.5 ESX not affected
ESX 2.5.4 ESX not affected
II Service Console rpm updates
NOTE: ESXi and hosted products are not affected by any service console security updates
a. Security update for cyrus-sasl
Updated cyrus-sasl package for the ESX Service Console corrects a security
issue found in the DIGEST-MD5 authentication mechanism of Cyrus'
implementation of Simple Authentication and Security Layer (SASL). As a
result of this issue in the authentication mechanism, a remote
unauthenticated attacker might be able to cause a denial of service error
on the service console.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2006-1721 to this issue.
RPMs Updated:
cyrus-sasl-2.1.15-15.i386.rpm
cyrus-sasl-md5-2.1.15-1.i386.rpm
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
hosted any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX ESX350-200805504-SG
ESX 3.0.2 ESX ESX-1004722
ESX 3.0.1 ESX ESX-1004721
ESX 2.5.5 ESX not affected
ESX 2.5.4 ESX not affected
b. Security update for tcltk
An input validation flaw was discovered in Tk's GIF image handling. A
code-size value read from a GIF image was not properly validated before
being used, leading to a buffer overflow. A specially crafted GIF file
could use this to cause a crash or, potentially, execute code with the
privileges of the application using the Tk graphical toolkit.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2008-0553 to this issue.
A buffer overflow flaw was discovered in Tk's animated GIF image handling.
An animated GIF containing an initial image smaller than subsequent images
could cause a crash or, potentially, execute code with the privileges of
the application using the Tk library.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2007-5378 to this issue.
A flaw first discovered in the Tcl regular expression engine used in the
PostgreSQL database server, resulted in an infinite loop when processing
certain regular expressions.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2007-4772 to this issue.
RPM Updated:
tcl-8.3.5-92.8.i386.rpm
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
hosted any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX ESX350-200805506-SG
ESX 3.0.2 ESX ESX-1004724
ESX 3.0.1 ESX ESX-1004723
ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8
ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19
c. Security update for unzip
This patch includes a moderate security update to the service console that
fixes a flaw in unzip.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2008-0888 to this issue.
RPM Updated:
Unzip-5.50-36.EL3.i386.rpm
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
hosted any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX ESX350-200805505-SG
ESX 3.0.2 ESX ESX-1004719
ESX 3.0.1 ESX ESX-1004190
ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8
ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19
d.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-0062 to this issue.
NOTE: ESX doesn't contain the krb5kdc binary and is not vulnerable
to this issue.
NOTE: ESX doesn't contain the krb5kdc binary and is not vulnerable
to this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-0948 to this issue.
RPM Updated:
krb5-libs-1.2.7-68.i386.rpm
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
hosted any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX ESX350-200805507-SG
ESX 3.0.2 ESX ESX-1004219
ESX 3.0.1 ESX ESX-1004189
ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8
ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19
- Solution:
Please review the release notes for your product and version and verify the md5sum of your downloaded file.
VMware Workstation 6.0.4
http://www.vmware.com/download/ws/ Release notes: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
Windows binary md5sum: f50a05831e94c19d98f363c752fca5f9
RPM Installation file for 32-bit Linux md5sum: e7793b14b995d3b505f093c84e849421
tar Installation file for 32-bit Linux md5sum: a0a8e1d8188f4be03357872a57a767ab
RPM Installation file for 64-bit Linux md5sum: 960d753038a268b8f101f4b853c0257e
tar Installation file for 64-bit Linux md5sum: 4697ec8a9d6c1152d785f3b77db9d539
VMware Workstation 5.5.7
http://www.vmware.com/download/ws/ws5.html Release notes: http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
Windows binary: md5sum: 4c6a6653b7296240197aac048591c659
Compressed Tar archive for 32-bit Linux md5sum: 8fc15d72031489cf5cd5d47b966787e6
Linux RPM version for 32-bit Linux md5sum: f0872fe447ac654a583af16b2f4bba3f
VMware Player 2.0.4 and 1.0.7
http://www.vmware.com/download/player/ Release notes Player 1.x: http://www.vmware.com/support/player/doc/releasenotes_player.html Release notes Player 2.0 http://www.vmware.com/support/player2/doc/releasenotes_player2.html
2.0.4 Windows binary md5sum: a117664a8bfa7336b846117e5fc048dd
VMware Player 2.0.4 for Linux (.rpm) md5sum: de6ab6364a0966b68eadda2003561cd2
VMware Player 2.0.4 for Linux (.tar) md5sum: 9e1c2bfda6b22a3fc195a86aec11903a
VMware Player 2.0.4 - 64-bit (.rpm) md5sum: 997e5ceffe72f9ce9146071144dacafa
VMware Player 2.0.4 - 64-bit (.tar) md5sum: 18eb4ee49dd7e33ec155ef69d7d259ef
1.0.7 Windows binary md5sum: 51114b3b433dc1b3bf3e434aebbf2b9c
Player 1.0.7 for Linux (.rpm) md5sum: 3b5f97a37df3b984297fa595a5cdba9c
Player 1.0.7 for Linux (.tar) md5sum: b755739144944071492a16fa20f86a51
VMware ACE
http://www.vmware.com/download/ace/ Release notes 2.0: http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
VMware-workstation-6.0.4-93057.exe md5sum: f50a05831e94c19d98f363c752fca5f9
VMware-ACE-Management-Server-Appliance-2.0.4-93057.zip md5sum: d2ae2246f3d87268cf84c1421d94e86c
VMware-ACE-Management-Server-2.0.4-93057.exe md5sum: 41b31b3392d5da2cef77a7bb28654dbf
VMware-ACE-Management-Server-2.0.4-93057.i386-rhel4.rpm md5sum: 9920be4c33773df53a1728b41af4b109
VMware-ACE-Management-Server-2.0.4-93057.i386-sles9.rpm md5sum: 4ec4c37203db863e8844460b5e80920b
Release notes 1.x: http://www.vmware.com/support/ace/doc/releasenotes_ace.html
VMware-ACE-1.0.6-89199.exe md5sum: 110f6e24842a0d154d9ec55ef9225f4f
VMware Server 1.0.6
http://www.vmware.com/download/server/ Release notes: http://www.vmware.com/support/server/doc/releasenotes_server.html
VMware Server for Windows 32-bit and 64-bit md5sum: 3e00d5cfae123d875e4298bddabf12f5
VMware Server Windows client package md5sum: 64f3fc1b4520626ae465237d7ec4773e
VMware Server for Linux md5sum: 46ea876bfb018edb6602a921f6597245
VMware Server for Linux rpm md5sum: 9d2f0af908aba443ef80bec8f7ef3485
Management Interface md5sum: 1b3daabbbb49a036fe49f53f812ef64b
VMware Server Linux client package md5sum: 185e5b174659f366fcb38b1c4ad8d3c6
VMware Fusion 1.1.3
http://www.vmware.com/download/fusion/ Release notes: http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html md5sum: D15A3DFD3E7B11FC37AC684586086D
VMware VIX 1.1.4
http://www.vmware.com/support/developer/vix-api/ Release notes: http://www.vmware.com/support/pubs/vix-api/VIXAPI-1.1.4-Release-Notes.html VMware-vix-1.1.4-93057.exe md5sum: 2efb74618c7ead627ecb3b3033e3f9f6
VMware-vix-1.1.4-93057.i386.tar.gz md5sum: 988df2b2bbc975a6fc11f27ad1519832
VMware-vix-1.1.4-93057.x86_64.tar.gz md5sum: a64f951c6fb5b2795a29a5a7607059c0
ESXi
VMware ESXi 3.5 patch ESXe350-200805501-O-SG (authd, openwsman, VIX) http://download3.vmware.com/software/esx/ESXe350-200805501-O-SG.zip md5sum: 4ce06985d520e94243db1e0504a56d8c http://kb.vmware.com/kb/1005073 http://kb.vmware.com/kb/1004173 http://kb.vmware.com/kb/1004172
NOTE: ESXe350-200805501-O-SG contains the following patch bundles: ESXe350-200805501-I-SG, ESXe350-200805502-T-SG, ESXe350-200805503-C-SG
ESX
VMware ESX 3.5 patch ESX350-200805515-SG (authd) http://download3.vmware.com/software/esx/ESX350-200805515-SG.zip md5sum: 324b50ade230bcd5079a76e3636163c5 http://kb.vmware.com/kb/1004170
VMware ESX 3.5 patch ESX350-200805508-SG (openwsman) http://download3.vmware.com/software/esx/ESX350-200805508-SG.zip md5sum: 3ff8c06d4a9dd406f64f89c51bf26d12 http://kb.vmware.com/kb/1004644
VMware ESX 3.5 patch ESX350-200805501-BG (VIX) http://download3.vmware.com/software/esx/ESX350-200805501-BG.zip md5sum: 31a620aa249c593c30015b5b6f8c8650 http://kb.vmware.com/kb/1004637
VMware ESX 3.5 patch ESX350-200805504-SG (cyrus-sasl) http://download3.vmware.com/software/esx/ESX350-200805504-SG.zip md5sum: 4c1b1a8dcb09a636b55c64c290f7de51 http://kb.vmware.com/kb/1004640
VMware ESX 3.5 patch ESX350-200805506-SG (tcltk) http://download3.vmware.com/software/esx/ESX350-200805506-SG.zip md5sum: af279eef8fdeddb7808630da1ae717b1 http://kb.vmware.com/kb/1004642
VMware ESX 3.5 patch ESX350-200805505-SG (unzip) http://download3.vmware.com/software/esx/ESX350-200805505-SG.zip md5sum: 07af82d9fd97cccb89d9b90c6ecc41c6 http://kb.vmware.com/kb/1004641
VMware ESX 3.5 patch ESX350-200805507-SG (krb5) http://download3.vmware.com/software/esx/ESX350-200805507-SG.zip md5sum: 5d35a1c470daf13c9f4df5bdc9438748 http://kb.vmware.com/kb/1004643
VMware ESX 3.0.2 patch ESX-1004727 (HGFS,VIX) http://download3.vmware.com/software/vi/ESX-1004727.tgz md5sum: 31a67b0fa3449747887945f8d370f19e http://kb.vmware.com/kb/1004727
VMware ESX 3.0.2 patch ESX-1004821 (authd) http://download3.vmware.com/software/vi/ESX-1004821.tgz md5sum: 5c147bedd07245c903d44257522aeba1 http://kb.vmware.com/kb/1004821
VMware ESX 3.0.2 patch ESX-1004216 (VIX) http://download3.vmware.com/software/vi/ESX-1004216.tgz md5sum: 0784ef70420d28a9a5d6113769f6669a http://kb.vmware.com/kb/1004216
VMware ESX 3.0.2 patch ESX-1004726 (VIX) http://download3.vmware.com/software/vi/ESX-1004726.tgz md5sum: 44f03b274867b534cd274ccdf4630b86 http://kb.vmware.com/kb/1004726
VMware ESX 3.0.2 patch ESX-1004722 (cyrus-sasl) http://download3.vmware.com/software/vi/ESX-1004722.tgz md5sum: 99dc71aed5bab7711f573b6d322123d6 http://kb.vmware.com/kb/1004722
VMware ESX 3.0.2 patch ESX-1004724 (tcltk) http://download3.vmware.com/software/vi/ESX-1004724.tgz md5sum: fd9a160ca7baa5fc443f2adc8120ecf7 http://kb.vmware.com/kb/1004724
VMware ESX 3.0.2 patch ESX-1004719 (unzip) http://download3.vmware.com/software/vi/ESX-1004719.tgz md5sum: f0c37b9f6be3399536d60f6c6944de82 http://kb.vmware.com/kb/1004719
VMware ESX 3.0.2 patch ESX-1004219 (krb5) http://download3.vmware.com/software/vi/ESX-1004219.tgz md5sum: 7c68279762f407a7a5ee151a650ebfd4 http://kb.vmware.com/kb/1004219
VMware ESX 3.0.1 patch ESX-1004186 (HGFS,VIX) http://download3.vmware.com/software/vi/ESX-1004186.tgz md5sum: f64389a8b97718eccefadce1a14d1198 http://kb.vmware.com/kb/1004186
VMware ESX 3.0.1 patch ESX-1004728 (authd) http://download3.vmware.com/software/vi/ESX-1004728.tgz md5sum: 1f01bb819805b855ffa2ec1040eff5ca http://kb.vmware.com/kb/1004728
VMware ESX 3.0.1 patch ESX-1004725 (VIX) http://download3.vmware.com/software/vi/ESX-1004725.tgz md5sum: 9fafb04c6d3f6959e623832f539d2dc8 http://kb.vmware.com/kb/1004725
VMware ESX 3.0.1 patch ESX-1004721 (cyrus-sasl) http://download3.vmware.com/software/vi/ESX-1004721.tgz md5sum: 48190819b0f5afddefcb8d209d12b585 http://kb.vmware.com/kb/1004721
VMware ESX 3.0.1 patch ESX-1004723 (tcltk) http://download3.vmware.com/software/vi/ESX-1004723.tgz md5sum: c34ca0a5886e0c0917a93a97c331fd7d http://kb.vmware.com/kb/1004723
VMware ESX 3.0.1 patch ESX-1004190 (unzip) http://download3.vmware.com/software/vi/ESX-1004190.tgz md5sum: 05187b9f534048c79c62741367cc0dd2 http://kb.vmware.com/kb/1004190
VMware ESX 3.0.1 patch ESX-1004189 (krb5) http://download3.vmware.com/software/vi/ESX-1004189.tgz md5sum: 21b620530b99009f469c872e73a439e8 http://kb.vmware.com/kb/1004189
VMware ESX 2.5.5 Upgrade Patch 8 http://download3.vmware.com/software/esx/esx-2.5.5-90521-upgrade.tar.gz md5sum: 392b6947fc3600ca0e8e7788cd5bbb6e http://vmware.com/support/esx25/doc/esx-255-200805-patch.html
VMware ESX 2.5.4 Upgrade Patch 19 http://download3.vmware.com/software/esx/esx-2.5.4-90520-upgrade.tar.gz md5sum: 442788fd0bccb0d994c75b268bd12760 http://vmware.com/support/esx25/doc/esx-254-200805-patch.html
- References:
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5671 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0967 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0948
- Change log:
2008-06-04 VMSA-2008-0009 Initial release
- Contact:
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce@lists.vmware.com
- bugtraq@securityfocus.com
- full-disclosure@lists.grok.org.uk
E-mail: security@vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2008 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFIRs08S2KysvBH1xkRCMxFAJ0WJX76quFzCV+avwupq3Lu72UKigCfRftj CZvxoXw/sZxDCSDjVzYAhrA= =s04s -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-31
http://security.gentoo.org/
Severity: High Title: MIT Kerberos 5: Multiple vulnerabilities Date: March 24, 2008 Bugs: #199205, #212363 ID: 200803-31
Synopsis
Multiple vulnerabilites have been found in MIT Kerberos 5, which could allow a remote unauthenticated user to execute arbitrary code with root privileges.
Background
MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. kadmind is the MIT Kerberos 5 administration daemon, KDC is the Key Distribution Center.
-
Jeff Altman (Secure Endpoints) discovered a buffer overflow in the RPC library server code, used in the kadmin server, caused when too many file descriptors are opened (CVE-2008-0947).
-
Venustech AD-LAB discovered multiple vulnerabilities in the GSSAPI library: usage of a freed variable in the gss_indicate_mechs() function (CVE-2007-5901) and a double free() vulnerability in the gss_krb5int_make_seal_token_v3() function (CVE-2007-5971). These bugs can only be triggered when Kerberos 4 support is enabled.
The RPC related vulnerability can be exploited by a remote unauthenticated attacker to crash kadmind, and theoretically execute arbitrary code with root privileges or cause database corruption. This bug can only be triggered in configurations that allow large numbers of open file descriptors in a process.
Workaround
Kerberos 4 support can be disabled via disabling the "krb4" USE flag and recompiling the ebuild, or setting "v4_mode=none" in the [kdcdefaults] section of /etc/krb5/kdc.conf. This will only work around the KDC related vulnerabilities.
Resolution
All MIT Kerberos 5 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.6.3-r1"
References
[ 1 ] CVE-2007-5901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894 [ 2 ] CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 [ 3 ] CVE-2008-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062 [ 4 ] CVE-2008-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063 [ 5 ] CVE-2008-0947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200803-31.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "3.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "7.04"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "7"
},
{
"_id": null,
"model": "kerberos 5",
"scope": "lte",
"trust": 1.0,
"vendor": "mit",
"version": "1.6.3"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "6.10"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "6.06"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "8"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "7.10"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mit kerberos team",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"_id": null,
"model": "apple mac os x server",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"_id": null,
"model": "red hat enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"_id": null,
"model": "red hat linux advanced workstation",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"_id": null,
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"_id": null,
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": "5 (client)"
},
{
"_id": null,
"model": "turbolinux server",
"scope": null,
"trust": 0.8,
"vendor": "\u30bf\u30fc\u30dc\u30ea\u30ca\u30c3\u30af\u30b9",
"version": null
},
{
"_id": null,
"model": "red hat enterprise linux desktop",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"_id": null,
"model": "kerberos",
"scope": null,
"trust": 0.8,
"vendor": "mit kerberos",
"version": null
},
{
"_id": null,
"model": "asianux server",
"scope": null,
"trust": 0.8,
"vendor": "\u30b5\u30a4\u30d0\u30fc\u30c8\u30e9\u30b9\u30c8\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.4.11"
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.5.2"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.5.2"
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.4.11"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.2"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.1"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0"
},
{
"_id": null,
"model": "esx server patch",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.56"
},
{
"_id": null,
"model": "esx server patch",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.54"
},
{
"_id": null,
"model": "esx server patch",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.52"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.5"
},
{
"_id": null,
"model": "esx server patch",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.45"
},
{
"_id": null,
"model": "esx server patch",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.43"
},
{
"_id": null,
"model": "esx server patch",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.417"
},
{
"_id": null,
"model": "esx server patch",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.416"
},
{
"_id": null,
"model": "esx server patch",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.415"
},
{
"_id": null,
"model": "esx server patch",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.413"
},
{
"_id": null,
"model": "esx server patch",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.410"
},
{
"_id": null,
"model": "esx server patch",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.41"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.4"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.5"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11x64"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise sdk 10.sp1",
"scope": null,
"trust": 0.3,
"vendor": "suse",
"version": null
},
{
"_id": null,
"model": "linux enterprise desktop sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.3"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"_id": null,
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"_id": null,
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"_id": null,
"model": "appliance platform linux service",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"_id": null,
"model": "linux advanced workstation for the ita ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.12.1"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "enterprise linux es 4.5.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux as 4.5.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.0"
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"_id": null,
"model": "open enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "0"
},
{
"_id": null,
"model": "open enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "2"
},
{
"_id": null,
"model": "kerberos",
"scope": "eq",
"trust": 0.3,
"vendor": "mit",
"version": "51.6.3"
},
{
"_id": null,
"model": "kerberos",
"scope": "eq",
"trust": 0.3,
"vendor": "mit",
"version": "51.6.2"
},
{
"_id": null,
"model": "kerberos",
"scope": "eq",
"trust": 0.3,
"vendor": "mit",
"version": "51.5.2"
},
{
"_id": null,
"model": "kerberos",
"scope": "eq",
"trust": 0.3,
"vendor": "mit",
"version": "51.4.3"
},
{
"_id": null,
"model": "kerberos",
"scope": "eq",
"trust": 0.3,
"vendor": "mit",
"version": "51.3"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.0"
},
{
"_id": null,
"model": "multi network firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.0"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "kerberos for openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.1"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"_id": null,
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"_id": null,
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"_id": null,
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"_id": null,
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"_id": null,
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.4"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"_id": null,
"model": "esx server patch",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.58"
},
{
"_id": null,
"model": "esx server patch",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.419"
},
{
"_id": null,
"model": "kerberos for openvms",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "3.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#895609"
},
{
"db": "BID",
"id": "28303"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-309"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001186"
},
{
"db": "NVD",
"id": "CVE-2008-0062"
}
]
},
"credits": {
"_id": null,
"data": "Ken Raeburn",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-309"
}
],
"trust": 0.6
},
"cve": "CVE-2008-0062",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2008-0062",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-30187",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2008-0062",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2008-0062",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-0062",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#895609",
"trust": 0.8,
"value": "10.10"
},
{
"author": "NVD",
"id": "CVE-2008-0062",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-200803-309",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-30187",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#895609"
},
{
"db": "VULHUB",
"id": "VHN-30187"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-309"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001186"
},
{
"db": "NVD",
"id": "CVE-2008-0062"
}
]
},
"description": {
"_id": null,
"data": "KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. Vulnerabilities in the MIT Kerberos Key Distribution Center server could allow a remote attacker to compromise the key database, gain access to sensitive information, or cause a denial of service. MIT Kerberos 5 KDC is prone to multiple information-disclosure vulnerabilities resulting from memory corruption. \nThese issues occur when KDC is configured to support Kerberos 4 and processes malformed krb4 messages. \nAn attacker can exploit these issues to obtain potentially sensitive information that will aid in further attacks. Failed exploit attempts will likely result in denial-of-service conditions. Given the nature of these vulnerabilities, the attacker could leverage these issues to execute arbitrary code, but this has not been confirmed. \nMIT Kerberos 5 version 1.6.3 KDC is vulnerable; other versions may also be affected. It adopts a client/server structure, and both the client and the server can authenticate each other (that is, double verification), which can prevent eavesdropping and replay attack, etc. MIT Kerberos 5 (also known as krb5) is a set of network authentication protocols developed by the Massachusetts Institute of Technology (MIT). ), which can prevent eavesdropping, prevent replay attacks, etc. If the KDC receives a malformed Kerberos 4 message, and there was no previous Kerberos 4 communication, a null pointer dereference will be triggered, causing the KDC to crash. If there is valid Kerberos 4 communication, messages sent to the client are locked using a null pointer; the pointer may resend a previously generated response, send some arbitrary block of process memory (which may contain key data), or due to an attempt to Accessing an invalid address crashes the process. If the process does not crash, a random address is passed to free(), which may corrupt the release pool, causing a crash, data corruption, or a jump to an arbitrary address in process memory. =========================================================== \nUbuntu Security Notice USN-587-1 March 19, 2008\nkrb5 vulnerabilities\nCVE-2008-0062, CVE-2008-0063, CVE-2008-0947\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 6.10\nUbuntu 7.04\nUbuntu 7.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n libkadm55 1.4.3-5ubuntu0.7\n libkrb53 1.4.3-5ubuntu0.7\n\nUbuntu 6.10:\n libkadm55 1.4.3-9ubuntu1.6\n libkrb53 1.4.3-9ubuntu1.6\n\nUbuntu 7.04:\n libkadm55 1.4.4-5ubuntu3.4\n libkrb53 1.4.4-5ubuntu3.4\n\nUbuntu 7.10:\n libkadm55 1.6.dfsg.1-7ubuntu0.1\n libkrb53 1.6.dfsg.1-7ubuntu0.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nIt was discovered that krb5 did not correctly handle certain krb4\nrequests. (CVE-2008-0947)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-5ubuntu0.7.diff.gz\n Size/MD5: 1460317 0090e30287f3448ed9babac78c39d5ca\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-5ubuntu0.7.dsc\n Size/MD5: 848 237125b6b35a1a059e5573d10fd7c18e\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3.orig.tar.gz\n Size/MD5: 7279788 43fe621ecb849a83ee014dfb856c54af\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.3-5ubuntu0.7_all.deb\n Size/MD5: 853222 dfd657a08b13ce0f3916e49ab8e3ce28\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.7_amd64.deb\n Size/MD5: 190904 e9e05267f551177f3c7cae46fdda9565\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.7_amd64.deb\n Size/MD5: 768706 79270ab27ac164fc4c76822e1dc0be2c\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.7_amd64.deb\n Size/MD5: 425714 d8467d288bf46cdfa35ba74e6aa0ff02\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.7_amd64.deb\n Size/MD5: 80378 b2d795bc82f8f962ceff0afdd11060da\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.7_amd64.deb\n Size/MD5: 223230 73161771034af58dc6d0cd0c4be72fa8\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.7_amd64.deb\n Size/MD5: 60376 f0712ab86caf1d9d9e52ff3750afeddd\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.7_amd64.deb\n Size/MD5: 135158 34b51b738a69c2aeb9df20e0af93e9bc\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.7_amd64.deb\n Size/MD5: 85274 265b8ad9968001e5c984743650d635ac\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.7_amd64.deb\n Size/MD5: 67600 bd5c7020310f1bd70f8dc98864c2961c\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.7_amd64.deb\n Size/MD5: 129906 0f0383de4d51d8581a260021c3332f72\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.7_i386.deb\n Size/MD5: 165730 8128a78d17cd98c4ccfa086b390af167\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.7_i386.deb\n Size/MD5: 647222 96672590753337d39b1aadc24dac0531\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.7_i386.deb\n Size/MD5: 381120 af9c45400c55b68778f3b769c238548d\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.7_i386.deb\n Size/MD5: 72298 754b91046e7e47bb0f2aa58cd2ca3797\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.7_i386.deb\n Size/MD5: 187240 d7e5a8b1a077776309282bc328aab885\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.7_i386.deb\n Size/MD5: 54326 1137dd0e4209cf7edb38ff327feb342d\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.7_i386.deb\n Size/MD5: 121564 9e36fe3a9567176b2e224a45e55017a0\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.7_i386.deb\n Size/MD5: 75920 cd8854a9ae911eaa1c82eaa945b3d175\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.7_i386.deb\n Size/MD5: 58720 eaf05e05f40183c066e294bec431bc61\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.7_i386.deb\n Size/MD5: 119078 67a73b248bf33afee23ffb885f5d2e18\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.7_powerpc.deb\n Size/MD5: 177716 b834ad9d37a2e3dfa44d086c6dcbfbc9\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.7_powerpc.deb\n Size/MD5: 752002 22dd063609b942c4996c56a3f74b266c\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.7_powerpc.deb\n Size/MD5: 395914 b4fde9f81a08aa112f48b38f1d7faf9c\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.7_powerpc.deb\n Size/MD5: 80530 7e55073ee6b67ba12f0ed48d0137e73c\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.7_powerpc.deb\n Size/MD5: 220582 482d21e5007a1876bf6af64e434b4942\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.7_powerpc.deb\n Size/MD5: 59574 4f47514f7992a292c162f40f8a174ee6\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.7_powerpc.deb\n Size/MD5: 135962 0e23ea255a84c3a580e0d7e6b0da9546\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.7_powerpc.deb\n Size/MD5: 85120 e07cf29268ba053833122cca9ed79d8d\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.7_powerpc.deb\n Size/MD5: 65990 3c4f25017e0760f4dd10404e604087a8\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.7_powerpc.deb\n Size/MD5: 134952 7096226ce8ce15dd20c6ed933888d56e\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.7_sparc.deb\n Size/MD5: 165278 5c8580725c8a200f24173d38dfce388e\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.7_sparc.deb\n Size/MD5: 678538 4002d8655a43f5784d5e9c95bc5b4f76\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.7_sparc.deb\n Size/MD5: 368726 5ee45e24f0ac54d79a55c20674b2887f\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.7_sparc.deb\n Size/MD5: 73042 672530bb7218c04a67e23d1053757050\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.7_sparc.deb\n Size/MD5: 197404 ea257178102f6b7732ef12538ead3e24\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.7_sparc.deb\n Size/MD5: 56304 855c59021874c714bd4e2605de10d5a6\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.7_sparc.deb\n Size/MD5: 124374 7d8f7f84b2c1648b63129ba342389d75\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.7_sparc.deb\n Size/MD5: 76922 142ed0e2c119d596c5437ac8f9042064\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.7_sparc.deb\n Size/MD5: 62350 db681a03624a21a34425fea9f6fa9ade\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.7_sparc.deb\n Size/MD5: 120620 ebe2ddf8dc131cf6e3322e1cb125f2f3\n\nUpdated packages for Ubuntu 6.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-9ubuntu1.6.diff.gz\n Size/MD5: 1481707 dc6dd5cd6d4a125e2fa70b9ebc3f8b12\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-9ubuntu1.6.dsc\n Size/MD5: 883 8fdcf0af1cc631c882a44ae0214e0b6f\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3.orig.tar.gz\n Size/MD5: 7279788 43fe621ecb849a83ee014dfb856c54af\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.3-9ubuntu1.6_all.deb\n Size/MD5: 853934 f3a7a044bedb974b32a46708774ec894\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.6_amd64.deb\n Size/MD5: 190826 7772b734a889ea97cf052de39072cead\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.6_amd64.deb\n Size/MD5: 1073390 bedf0987fe159bc38c30663ad966d0ac\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.6_amd64.deb\n Size/MD5: 772708 5cc8e489a0f6fcca17c3e0d8b9588879\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.6_amd64.deb\n Size/MD5: 428050 11b4c2211b18453bd2a662a297569f49\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.6_amd64.deb\n Size/MD5: 81790 06f349106755cc19cfb3f29fcc7228f8\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.6_amd64.deb\n Size/MD5: 224408 59491e595a544a84463a6deec8305f66\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.6_amd64.deb\n Size/MD5: 61620 f58dcb4c09e4c96f3db5bfc8172fdffa\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.6_amd64.deb\n Size/MD5: 139116 31943a9766f657fd47ac1aded48d49d6\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.6_amd64.deb\n Size/MD5: 87426 1033408d2692b38926947f8ae85e1515\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.6_amd64.deb\n Size/MD5: 68116 291db335b868748c933a7c67e6add6a7\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.6_amd64.deb\n Size/MD5: 130628 a2cb3cd3ee9ede8c3c10e695fd8148af\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.6_i386.deb\n Size/MD5: 173062 e15aa9368fc4e4ef4562a23cc1780484\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.6_i386.deb\n Size/MD5: 1024998 798f81a00c59842cbc2c8ea8cd4b9a5e\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.6_i386.deb\n Size/MD5: 673152 671e72c1eb7645dfda924c77949610dd\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.6_i386.deb\n Size/MD5: 404172 445f952e23f810f6de10773a01fd68ae\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.6_i386.deb\n Size/MD5: 75380 0b3cd4b087f56ebdd527d61194cf7fc0\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.6_i386.deb\n Size/MD5: 196506 bff3435e0da9aecff7a26d73e712937f\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.6_i386.deb\n Size/MD5: 57136 3fafa3cd2cd2792e740c4d6976a881de\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.6_i386.deb\n Size/MD5: 129352 7e190df154981717bf711697c5042cd4\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.6_i386.deb\n Size/MD5: 80102 94a76cc7807e9d6598b4a452a7fbb738\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.6_i386.deb\n Size/MD5: 61928 b7fdd344e683ce45be88f8fa43290175\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.6_i386.deb\n Size/MD5: 122208 eb1ec6653d6d790e23dbcc14cd98f5f7\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.6_powerpc.deb\n Size/MD5: 180126 f8e5d077ee06234bbb9881beb9d49f36\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.6_powerpc.deb\n Size/MD5: 1076974 4752e5e87fdcd67fcb0f1ee2c35ddf80\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.6_powerpc.deb\n Size/MD5: 758400 73ed6c35fbdcf1866a65a6198df8ca82\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.6_powerpc.deb\n Size/MD5: 399112 1fdd3a0a2a45bd410a1f4e72713a0e1e\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.6_powerpc.deb\n Size/MD5: 82420 446cda40d1590c088e2fc83118a58e13\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.6_powerpc.deb\n Size/MD5: 223182 8e6f5f3062fe3cfb113db73bc8a1a89e\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.6_powerpc.deb\n Size/MD5: 61826 b4ad931a1a1d48b668a972893502cd67\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.6_powerpc.deb\n Size/MD5: 141210 8892626a667e0010a0cba8fe19df958f\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.6_powerpc.deb\n Size/MD5: 87318 c7306114bbb195c221962abc469a1d42\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.6_powerpc.deb\n Size/MD5: 67222 b99ea3def960bdc849376c508e263f0d\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.6_powerpc.deb\n Size/MD5: 136888 1c651e27011fa9c25ea87960b40ffe1b\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.6_sparc.deb\n Size/MD5: 167176 0f2f57754f3e012257a6fef890a23767\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.6_sparc.deb\n Size/MD5: 957816 2ef6010c70801e7b0dd5e633a08e3fac\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.6_sparc.deb\n Size/MD5: 685238 a68016ffc9abcd0eab3f7f1ae323e83e\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.6_sparc.deb\n Size/MD5: 374074 d5ff62adb392f5be8b29c2e1056f6f92\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.6_sparc.deb\n Size/MD5: 75210 9611a07b489b518605a9550b27b3dd7c\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.6_sparc.deb\n Size/MD5: 203684 89d989c5db437eba6e9e56fc9bf7dc93\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.6_sparc.deb\n Size/MD5: 58980 b9d7f11d5c491595c90006ae7c039935\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.6_sparc.deb\n Size/MD5: 129664 acf15ad70331066092154952cbd7754a\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.6_sparc.deb\n Size/MD5: 80428 8409c34ee32612d48e8936618118bab7\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.6_sparc.deb\n Size/MD5: 63612 64b2987c2aee57159bc092c5fe37a25b\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.6_sparc.deb\n Size/MD5: 122730 95db549e03f3bc30995d566f8ea7edac\n\nUpdated packages for Ubuntu 7.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.4-5ubuntu3.4.diff.gz\n Size/MD5: 1589880 e20eef948656a29a255b557af6e7817b\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.4-5ubuntu3.4.dsc\n Size/MD5: 968 971223b33ae8631f013c20a3c8867805\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.4.orig.tar.gz\n Size/MD5: 11017910 a675e5953bb8a29b5c6eb6f4ab0bb32a\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.4-5ubuntu3.4_all.deb\n Size/MD5: 1806176 c34d13b6877a21c426a85719a6ecf6a0\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.4-5ubuntu3.4_amd64.deb\n Size/MD5: 194368 2b6345b614c38e353a3ec4abd2957e6d\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.4-5ubuntu3.4_amd64.deb\n Size/MD5: 1076886 d4e2d9d77afd78df99d96a6541730527\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.4-5ubuntu3.4_amd64.deb\n Size/MD5: 772608 c3f93d5b94e84df6faac86b701f9836c\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.4-5ubuntu3.4_amd64.deb\n Size/MD5: 436580 f7e6430bf6f628592596b44e7341af30\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.4-5ubuntu3.4_amd64.deb\n Size/MD5: 83772 ad232225b5bbc88f1e0f5bd55916de24\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.4-5ubuntu3.4_amd64.deb\n Size/MD5: 226770 34e47342c392be9006254e15fc0258e3\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.4-5ubuntu3.4_amd64.deb\n Size/MD5: 62258 c71fecc4d7bd6e3191c08a19cbf07aa5\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.4-5ubuntu3.4_amd64.deb\n Size/MD5: 141840 33ec180078e9b8e1f80fca5f26c1d558\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.4-5ubuntu3.4_amd64.deb\n Size/MD5: 88380 64572d633f1a84999b2205bd6958206c\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.4-5ubuntu3.4_amd64.deb\n Size/MD5: 68890 dcabc2bcaac75b7e226c9090a82207a0\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.4-5ubuntu3.4_amd64.deb\n Size/MD5: 132614 f129069e4dd68ccf7801c717603713ef\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.4-5ubuntu3.4_i386.deb\n Size/MD5: 176870 9e0e200bdff3119ef8488f9a5bf62e7c\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.4-5ubuntu3.4_i386.deb\n Size/MD5: 1031008 8a80209f195b2eb787236e0dcd8aaa23\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.4-5ubuntu3.4_i386.deb\n Size/MD5: 672020 7b5b4e1643b5802b2bbfab006d0e6d7a\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.4-5ubuntu3.4_i386.deb\n Size/MD5: 412036 213c308bef9eaa6762ab755da6e7442a\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.4-5ubuntu3.4_i386.deb\n Size/MD5: 77328 295e5ed2c0c2366fc6b3d343607ae431\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.4-5ubuntu3.4_i386.deb\n Size/MD5: 199040 1b0a50f1bf8e421d9838acea254c6c26\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.4-5ubuntu3.4_i386.deb\n Size/MD5: 57780 96ae66401532d513b4333c3429f6e2eb\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.4-5ubuntu3.4_i386.deb\n Size/MD5: 131900 fc29493488e6311a94cfa5ec2c5ac7a8\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.4-5ubuntu3.4_i386.deb\n Size/MD5: 81008 0c2bd14ee6534cad097d5d80200cc94a\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.4-5ubuntu3.4_i386.deb\n Size/MD5: 62650 8d1f1316f52fe066626f0fde07f8b990\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.4-5ubuntu3.4_i386.deb\n Size/MD5: 124088 de985ccf04486e2043c2324affbb18af\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.4-5ubuntu3.4_powerpc.deb\n Size/MD5: 194590 f63db5ccc5825220d5014b1d7eda0ebe\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.4-5ubuntu3.4_powerpc.deb\n Size/MD5: 1082008 3501eca4bc0d14b39fbc662ee20ab7cb\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.4-5ubuntu3.4_powerpc.deb\n Size/MD5: 757006 169816425e730c69266d39518fb718f8\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.4-5ubuntu3.4_powerpc.deb\n Size/MD5: 429982 24a79674c75e6f9731d34468ad86e27c\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.4-5ubuntu3.4_powerpc.deb\n Size/MD5: 90254 936f19b572498c2de200fd3e323657de\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.4-5ubuntu3.4_powerpc.deb\n Size/MD5: 240274 eb844e20839937a3ccad330429ba1840\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.4-5ubuntu3.4_powerpc.deb\n Size/MD5: 65452 dffc482a088d83a0100e78e69f332bb8\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.4-5ubuntu3.4_powerpc.deb\n Size/MD5: 153794 308fc25b452cb374f7b45a472784761b\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.4-5ubuntu3.4_powerpc.deb\n Size/MD5: 96692 9566a692d6f8a6d47e9f60e25d13927d\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.4-5ubuntu3.4_powerpc.deb\n Size/MD5: 70680 4949b60728fc08134113f744738a293c\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.4-5ubuntu3.4_powerpc.deb\n Size/MD5: 150262 dbf317c0added0c3faae6710b8026fc8\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.4-5ubuntu3.4_sparc.deb\n Size/MD5: 170940 967a1344994914065dc904da571a2aef\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.4-5ubuntu3.4_sparc.deb\n Size/MD5: 965784 bd503df54b8c9afcb4e5a6a375ce7fa8\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.4-5ubuntu3.4_sparc.deb\n Size/MD5: 683396 939cb2731116dc8718ea4ebc996b5c7e\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.4-5ubuntu3.4_sparc.deb\n Size/MD5: 380910 5b46d8169ecc2409caad5dd4feacdc2b\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.4-5ubuntu3.4_sparc.deb\n Size/MD5: 79084 e3da961bcea67ff2c217008d141075cf\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.4-5ubuntu3.4_sparc.deb\n Size/MD5: 210904 688aeb4162f4dcf86768ddd299cf6625\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.4-5ubuntu3.4_sparc.deb\n Size/MD5: 60996 e20fcf5e2b4bab548fe8e0836aff86eb\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.4-5ubuntu3.4_sparc.deb\n Size/MD5: 135846 55612458a19bd82331991bbb672f74e9\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.4-5ubuntu3.4_sparc.deb\n Size/MD5: 84546 f1fc527ed376549516113ae94ca7d0fb\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.4-5ubuntu3.4_sparc.deb\n Size/MD5: 65282 7726043628cc103faccb839be0def042\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.4-5ubuntu3.4_sparc.deb\n Size/MD5: 127130 edddba0066c5bab862847c750a231a51\n\nUpdated packages for Ubuntu 7.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.1-7ubuntu0.1.diff.gz\n Size/MD5: 1674637 40fa0c4bdf307c7e5d9509be9870434e\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.1-7ubuntu0.1.dsc\n Size/MD5: 1044 2c6766c8721cf2e3caa259cdb5badf10\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.1.orig.tar.gz\n Size/MD5: 14474321 8f8d6a494380f01a7a0a9236162afa52\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.6.dfsg.1-7ubuntu0.1_all.deb\n Size/MD5: 2076606 1c021446b5f479717a4998df0f87f205\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.1-7ubuntu0.1_amd64.deb\n Size/MD5: 165034 78f040deebe1683f8966347e9896fce8\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.1-7ubuntu0.1_amd64.deb\n Size/MD5: 1308970 04db0004a99e7e0d01b37d922f47df1e\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.1-7ubuntu0.1_amd64.deb\n Size/MD5: 88606 6509d222135bfaa05ebf79db1f63c2a7\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.1-7ubuntu0.1_amd64.deb\n Size/MD5: 493016 54a329e5f8464d5f519ac225f4d5d778\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.1-7ubuntu0.1_amd64.deb\n Size/MD5: 87824 cac8d5d1297bb71c52a877cf0b85c393\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.1-7ubuntu0.1_amd64.deb\n Size/MD5: 228534 d6c15467cf49d74831ac0ea494eec6f9\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.1-7ubuntu0.1_amd64.deb\n Size/MD5: 65864 563aaa90bffe6ff07ff8db56cff826f8\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.1-7ubuntu0.1_amd64.deb\n Size/MD5: 185182 e1f4910f7b6fca6655696a0bb7169d7b\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.1-7ubuntu0.1_amd64.deb\n Size/MD5: 91334 c1c20f704f98f19212cfa70ac9edf193\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.1-7ubuntu0.1_amd64.deb\n Size/MD5: 72950 de7748ddb5f7cd3f0744eb77770fa3e0\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.6.dfsg.1-7ubuntu0.1_amd64.deb\n Size/MD5: 137592 99c3b6d671ae7f0439f379d5b2688659\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.1-7ubuntu0.1_i386.deb\n Size/MD5: 148364 a3e27e81c7e81f627d05c708faae402d\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.1-7ubuntu0.1_i386.deb\n Size/MD5: 1266912 2696e89ea8cf6e857e36ee740fb65ea0\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.1-7ubuntu0.1_i386.deb\n Size/MD5: 88624 9970f2076c76427dd0cbf217b6a6bba0\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.1-7ubuntu0.1_i386.deb\n Size/MD5: 462068 bd3623332d7737858d0fe5918ef8838d\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.1-7ubuntu0.1_i386.deb\n Size/MD5: 81192 d4a4e0e7358f626abc0dbb81575071f6\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.1-7ubuntu0.1_i386.deb\n Size/MD5: 199624 5a24164123aaea818f2d40c41186fdf7\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.1-7ubuntu0.1_i386.deb\n Size/MD5: 61098 8cc21c42ff5dd534f7158c4c750a498e\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.1-7ubuntu0.1_i386.deb\n Size/MD5: 172178 319f2ba5ea41bb97a125049f17154ac4\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.1-7ubuntu0.1_i386.deb\n Size/MD5: 83634 049a305ea62a45ec23b65dbcd04e85fb\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.1-7ubuntu0.1_i386.deb\n Size/MD5: 66538 a0c51897ca2c55ee7ec2447465121f5e\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.6.dfsg.1-7ubuntu0.1_i386.deb\n Size/MD5: 128624 df48b843cf7ab20fc4696d36bba2fe6e\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.1-7ubuntu0.1_powerpc.deb\n Size/MD5: 162676 0c11613a3d49190eb92074c27833f4c6\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.1-7ubuntu0.1_powerpc.deb\n Size/MD5: 1320150 c2a537a9acf0ebf7b08764506136d37e\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.1-7ubuntu0.1_powerpc.deb\n Size/MD5: 88634 eedc4522ba18dfed6fd2483cf8dd0379\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.1-7ubuntu0.1_powerpc.deb\n Size/MD5: 482868 4d015493346726e61cd0cf9525e2b1e5\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.1-7ubuntu0.1_powerpc.deb\n Size/MD5: 94492 50526cbb8952316a7b9195edcf148fd3\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.1-7ubuntu0.1_powerpc.deb\n Size/MD5: 241802 99608692096cfa0e88372013a1b41517\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.1-7ubuntu0.1_powerpc.deb\n Size/MD5: 68960 fc1d60376ba03106488b098f4b5ea624\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.1-7ubuntu0.1_powerpc.deb\n Size/MD5: 198522 24b5f7bb74e3d978888dd1cdd065f881\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.1-7ubuntu0.1_powerpc.deb\n Size/MD5: 99412 ca441f559a1e11b55c3ef52c54ede8ca\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.1-7ubuntu0.1_powerpc.deb\n Size/MD5: 74666 0657bf76d80f969330c5391d65291baa\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.6.dfsg.1-7ubuntu0.1_powerpc.deb\n Size/MD5: 155750 967a3ce3bc4fe5383a2a4f6a54ac686a\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.1-7ubuntu0.1_sparc.deb\n Size/MD5: 145672 b78635a0dbdb4d4d76c7e6d7ee4cb2fa\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.1-7ubuntu0.1_sparc.deb\n Size/MD5: 1200060 c280c5257a62a657ba79ac09ed62e4ff\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.1-7ubuntu0.1_sparc.deb\n Size/MD5: 88620 9b75ff80509a5b3435f7d6f30b19ac9b\n http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.1-7ubuntu0.1_sparc.deb\n Size/MD5: 431168 3c7606d6ced441110ab47b16de3542fc\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.1-7ubuntu0.1_sparc.deb\n Size/MD5: 83030 cc47e0b9c435c5802a2352cb203c435c\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.1-7ubuntu0.1_sparc.deb\n Size/MD5: 211104 bed40b53469b42c5a65a1f0640ae4d2f\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.1-7ubuntu0.1_sparc.deb\n Size/MD5: 64404 13877024ad747d0ce0a696210217f170\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.1-7ubuntu0.1_sparc.deb\n Size/MD5: 172948 8fd8903c9b1caa12ebe73c7c6f86de98\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.1-7ubuntu0.1_sparc.deb\n Size/MD5: 87474 c3f94c62f987a7a6d50f9d5344e59cff\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.1-7ubuntu0.1_sparc.deb\n Size/MD5: 69196 97040973c460c004ee83b7ba19ddfc88\n http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.6.dfsg.1-7ubuntu0.1_sparc.deb\n Size/MD5: 131692 c12abe7485457bcd0ebe5cf3ecfcc850\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n \n Mandriva Linux Security Advisory MDVSA-2008:070\n http://www.mandriva.com/security/\n _______________________________________________________________________\n \n Package : krb5\n Date : March 19, 2008\n Affected: 2007.0, Corporate 4.0\n _______________________________________________________________________\n \n Problem Description:\n \n A memory management flaw was found in the GSSAPI library used by\n Kerberos that could result in an attempt to free already freed memory,\n possibly leading to a crash or allowing the execution of arbitrary code\n (CVE-2007-5971). \n \n A flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4\n protocol packets. \n \n This issue only affects krb5kdc when it has Kerberos v4 protocol\n compatibility enabled, which is a compiled-in default in all\n Kerberos versions that Mandriva Linux ships prior to Mandriva\n Linux 2008.0. \n \n The updated packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947\n http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt\n http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2007.0:\n ef17fea5e296992fb34b0d00540b4190 2007.0/i586/ftp-client-krb5-1.4.3-7.4mdv2007.0.i586.rpm\n dbc47795968f03dff7eb50ff34a63b8d 2007.0/i586/ftp-server-krb5-1.4.3-7.4mdv2007.0.i586.rpm\n 36f5b4160b9dc7d4393b8bc5f4f0b6fb 2007.0/i586/krb5-server-1.4.3-7.4mdv2007.0.i586.rpm\n f76121f223836939aef1f77164a7224d 2007.0/i586/krb5-workstation-1.4.3-7.4mdv2007.0.i586.rpm\n 65c052a4916406626b3289abdb43e0a6 2007.0/i586/libkrb53-1.4.3-7.4mdv2007.0.i586.rpm\n e50117c585a8560813bc93704562e726 2007.0/i586/libkrb53-devel-1.4.3-7.4mdv2007.0.i586.rpm\n 1f99498d879f9343510479f2791245ac 2007.0/i586/telnet-client-krb5-1.4.3-7.4mdv2007.0.i586.rpm\n 9ed009750d2bcf738ceefce2e4c69512 2007.0/i586/telnet-server-krb5-1.4.3-7.4mdv2007.0.i586.rpm \n 9e63ac2d698d562ead71d5dd8c7ae315 2007.0/SRPMS/krb5-1.4.3-7.4mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 029aad278f01c2baef9f93b86b0bc20d 2007.0/x86_64/ftp-client-krb5-1.4.3-7.4mdv2007.0.x86_64.rpm\n dae016ff39d8e4d9f517b3197eefd926 2007.0/x86_64/ftp-server-krb5-1.4.3-7.4mdv2007.0.x86_64.rpm\n 8b3fac7b20798715efdad0d0db6b4472 2007.0/x86_64/krb5-server-1.4.3-7.4mdv2007.0.x86_64.rpm\n 81f6c05a73c175b581790532aa8572f1 2007.0/x86_64/krb5-workstation-1.4.3-7.4mdv2007.0.x86_64.rpm\n 41e10d5f06e05ea4cf455a0c3420d09f 2007.0/x86_64/lib64krb53-1.4.3-7.4mdv2007.0.x86_64.rpm\n eeebf59564375187f01f628be3ac5132 2007.0/x86_64/lib64krb53-devel-1.4.3-7.4mdv2007.0.x86_64.rpm\n cff3b7303e5d157e4ef246867ba396e8 2007.0/x86_64/telnet-client-krb5-1.4.3-7.4mdv2007.0.x86_64.rpm\n ee55c784f89a1190efb9ce619ba34227 2007.0/x86_64/telnet-server-krb5-1.4.3-7.4mdv2007.0.x86_64.rpm \n 9e63ac2d698d562ead71d5dd8c7ae315 2007.0/SRPMS/krb5-1.4.3-7.4mdv2007.0.src.rpm\n\n Corporate 4.0:\n d4dcc40949ba7e72823de561b2b5b050 corporate/4.0/i586/ftp-client-krb5-1.4.3-5.6.20060mlcs4.i586.rpm\n 5e8b8cf4c051f235f2b4a3cc2a8c967c corporate/4.0/i586/ftp-server-krb5-1.4.3-5.6.20060mlcs4.i586.rpm\n 3c5812da62cc9a0cea89306877386ef7 corporate/4.0/i586/krb5-server-1.4.3-5.6.20060mlcs4.i586.rpm\n 40b114f22d7109a125cdf5243160c5f1 corporate/4.0/i586/krb5-workstation-1.4.3-5.6.20060mlcs4.i586.rpm\n db7506751e5178556652b74d81b06c6d corporate/4.0/i586/libkrb53-1.4.3-5.6.20060mlcs4.i586.rpm\n 59ec6c3b207538656f2645eb3c0adf6a corporate/4.0/i586/libkrb53-devel-1.4.3-5.6.20060mlcs4.i586.rpm\n fe234b5f259def09b88fba24869eba83 corporate/4.0/i586/telnet-client-krb5-1.4.3-5.6.20060mlcs4.i586.rpm\n e2b51de61c9a91686e98a05ea98ec05f corporate/4.0/i586/telnet-server-krb5-1.4.3-5.6.20060mlcs4.i586.rpm \n 6a739594760cabeb536550168eefb333 corporate/4.0/SRPMS/krb5-1.4.3-5.6.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 0b23f077db4f274b061f34eb50f47634 corporate/4.0/x86_64/ftp-client-krb5-1.4.3-5.6.20060mlcs4.x86_64.rpm\n c70ca9de25fa8c9f7504f344b5be613a corporate/4.0/x86_64/ftp-server-krb5-1.4.3-5.6.20060mlcs4.x86_64.rpm\n ca075a30dfeb617f808d616bbf420c63 corporate/4.0/x86_64/krb5-server-1.4.3-5.6.20060mlcs4.x86_64.rpm\n 76ec4cd64c814c9cdf44e7c734f66cd9 corporate/4.0/x86_64/krb5-workstation-1.4.3-5.6.20060mlcs4.x86_64.rpm\n 8eb62cc682d40a65a4b94aedb326cfc0 corporate/4.0/x86_64/lib64krb53-1.4.3-5.6.20060mlcs4.x86_64.rpm\n 538eb51b88db5d5a368bdbdf74607501 corporate/4.0/x86_64/lib64krb53-devel-1.4.3-5.6.20060mlcs4.x86_64.rpm\n c22a1ac95f1a15fb65ee0eec60472936 corporate/4.0/x86_64/telnet-client-krb5-1.4.3-5.6.20060mlcs4.x86_64.rpm\n b64f38875ba0dbf2441b1fd78dbf585d corporate/4.0/x86_64/telnet-server-krb5-1.4.3-5.6.20060mlcs4.x86_64.rpm \n 6a739594760cabeb536550168eefb333 corporate/4.0/SRPMS/krb5-1.4.3-5.6.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.8 (GNU/Linux)\n\niD8DBQFH4WLsmqjQ0CJFipgRAqPPAKDOpukZQTnwRrBaWSnGspor0gG/LwCg6fPB\n/jGRkhAI24wO20EBKKpdYF0=\n=Z6Kl\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2008-0009\nSynopsis: Updates to VMware Workstation, VMware Player,\n VMware ACE, VMware Fusion, VMware Server, VMware\n VIX API, VMware ESX, VMware ESXi resolve critical\n security issues\nIssue date: 2008-06-04\nUpdated on: 2008-06-04 (initial release of advisory)\nCVE numbers: CVE-2007-5671 CVE-2008-0967 CVE-2008-2097\n CVE-2008-2100 CVE-2006-1721 CVE-2008-0553\n CVE-2007-5378 CVE-2007-4772 CVE-2008-0888\n CVE-2008-0062 CVE-2008-0063 CVE-2008-0948\n- -------------------------------------------------------------------\n\n1. Summary:\n\n Several critical security vulnerabilities have been addressed\n in patches in ESX and in the newest releases of VMware\u0027s hosted\n product line. \n\n2. Relevant releases:\n\n VMware Workstation 6.0.3 and earlier,\n VMware Workstation 5.5.6 and earlier,\n VMware Player 2.0.3 and earlier,\n VMware Player 1.0.6 and earlier,\n VMware ACE 2.0.3 and earlier,\n VMware ACE 1.0.5 and earlier,\n VMware Server 1.0.5 and earlier,\n VMware Fusion 1.1.1 and earlier\n\n VMware ESXi 3.5 without patches ESXe350-200805501-I-SG,\n ESXe350-200805502-T-SG,\n ESXe350-200805503-C-SG\n\n VMware ESX 3.5 without patches ESX350-200805515-SG, ESX350-200805508-SG,\n ESX350-200805501-BG, ESX350-200805504-SG,\n ESX350-200805506-SG, ESX350-200805505-SG,\n ESX350-200805507-SG\n\n VMware ESX 3.0.2 without patches ESX-1004727, ESX-1004821, ESX-1004216,\n ESX-1004726, ESX-1004722, ESX-1004724,\n ESX-1004719, ESX-1004219\n\n VMware ESX 3.0.1 without patches ESX-1004186, ESX-1004728, ESX-1004725,\n ESX-1004721, ESX-1004723, ESX-1004190,\n ESX-1004189\n\n VMware ESX 2.5.5 without update patch 8\n VMware ESX 2.5.4 without update patch 19\n\nNOTES: Hosted products VMware Workstation 5.x, VMware Player 1.x,\n and VMware ACE 1.x will reach end of general support\n 2008-11-09. Customers should plan to upgrade to the latest\n version of their respective products. \n\n ESX 3.0.1 is in Extended Support and its end of extended\n support (Security and Bug fixes) is 2008-07-31. Users should plan\n to upgrade to at least 3.0.2 update 1 and preferably the newest\n release available before the end of extended support. \n\n ESX 2.5.4 is in Extended Support and its end of extended support\n (Security and Bug fixes) is 2008-10-08. Users should plan to upgrade\n to at least 2.5.5 and preferably the newest release available before\n the end of extended support. \n\n3. Problem description:\n\n a. VMware Tools Local Privilege Escalation on Windows-based guest OS\n\n The VMware Tools Package provides support required for shared folders\n (HGFS) and other features. \n\n An input validation error is present in the Windows-based VMware\n HGFS.sys driver. Exploitation of this flaw might result in\n arbitrary code execution on the guest system by an unprivileged\n guest user. It doesn\u0027t matter on what host the Windows guest OS\n is running, as this is a guest driver vulnerability and not a\n vulnerability on the host. \n\n The HGFS.sys driver is present in the guest operating system if the\n VMware Tools package is loaded. Even if the host has HGFS disabled\n and has no shared folders, Windows-based guests may be affected. This\n is regardless if a host supports HGFS. \n\n This issue could be mitigated by removing the VMware Tools package\n from Windows based guests. However this is not recommended as it\n would impact usability of the product. \n\n NOTE: Installing the new hosted release or ESX patches will not\n remediate the issue. The VMware Tools packages will need\n to be updated on each Windows-based guest followed by a\n reboot of the guest system. \n\n VMware would like to thank iDefense and Stephen Fewer of Harmony\n Security for reporting this issue to us. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-5671 to this issue. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============ ======== ======= =================\n Workstation 6.x Windows not affected\n Workstation 6.x Linux not affected\n Workstation 5.x Windows 5.5.6 build 80404 or later\n Workstation 5.x Linux 5.5.6 build 80404 or later\n\n Player 2.x Windows not affected\n Player 2.x Linux not affected\n Player 1.x Windows 1.0.6 build 80404 or later\n Player 1.x Linux 1.0.6 build 80404 or later\n\n ACE 2.x Windows not affected\n ACE 1.x Windows 1.0.5 build 79846 or later\n\n Server 1.x Windows 1.0.5 build 80187 or later\n Server 1.x Linux 1.0.5 build 80187 or later\n\n Fusion 1.x Mac OS/X not affected\n\n ESXi 3.5 ESXi not affected\n\n ESX 3.5 ESX not affected\n ESX 3.0.2 ESX ESX-1004727\n ESX 3.0.1 ESX ESX-1004186\n ESX 2.5.5 ESX ESX 2.5.5 upgrade patch 5 or later\n ESX 2.5.4 ESX ESX 2.5.4 upgrade patch 16 or later\n\n\n b. Privilege escalation on ESX or Linux based hosted operating systems\n\n This update fixes a security issue related to local exploitation of\n an untrusted library path vulnerability in vmware-authd. In order to\n exploit this vulnerability, an attacker must have local access and\n the ability to execute the set-uid vmware-authd binary on an affected\n system. Exploitation of this flaw might result in arbitrary code\n execution on the Linux host system by an unprivileged user. \n\n VMware would like to thank iDefense for reporting this issue to us. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2008-0967 to this issue. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============ ======== ======= =================\n Workstation 6.x Windows not affected\n Workstation 6.x Linux 6.0.4 build 93057\n Workstation 5.x Windows not affected\n Workstation 5.x Linux 5.5.7 build 91707\n\n Player 2.x Windows not affected\n Player 2.x Linux 2.0.4 build 93057\n Player 1.x Windows not affected\n Player 1.x Linux 1.0.7 build 91707\n\n ACE 2.x Windows not affected\n ACE 1.x Windows not affected\n\n Server 1.x Windows not affected\n Server 1.x Linux 1.0.6 build 91891\n\n Fusion 1.x Mac OS/X not affected\n\n ESXi 3.5 ESXi ESXe350-200805501-I-SG\n\n ESX 3.5 ESX ESX350-200805515-SG\n ESX 3.0.2 ESX ESX-1004821\n ESX 3.0.1 ESX ESX-1004728\n ESX 2.5.5 ESX ESX 2.5.5 update patch 8\n ESX 2.5.4 ESX ESX 2.5.4 update patch 19\n\n c. Openwsman Invalid Content-Length Vulnerability\n\n Openwsman is a system management platform that implements the Web\n Services Management protocol (WS-Management). It is installed and\n running by default. It is used in the VMware Management Service\n Console and in ESXi. \n\n The openwsman management service on ESX 3.5 and ESXi 3.5 is vulnerable\n to a privilege escalation vulnerability, which may allow users with\n non-privileged ESX or Virtual Center accounts to gain root privileges. \n\n To exploit this vulnerability, an attacker would need a local ESX\n account or a VirtualCenter account with the Host.Cim.CimInteraction\n permission. \n\n Systems with no local ESX accounts and no VirtualCenter accounts with\n the Host.Cim.CimInteraction permission are not vulnerable. \n\n This vulnerability cannot be exploited by users without valid login\n credentials. \n\n Discovery: Alexander Sotirov, VMware Security Research\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2008-2097 to this issue. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============ ======== ======= =================\n hosted any any not affected\n\n ESXi 3.5 ESXi ESXe350-200805501-I-SG\n\n ESX 3.5 ESX ESX350-200805508-SG\n ESX 3.0.2 ESX not affected\n ESX 3.0.1 ESX not affected\n ESX 2.5.5 ESX not affected\n ESX 2.5.4 ESX not affected\n\n NOTE: VMware hosted products are not affected by this issue. \n\n d. VMware VIX Application Programming Interface (API) Memory Overflow\nVulnerabilities\n\n The VIX API (also known as \"Vix\") is an API that lets users write scripts\n and programs to manipulate virtual machines. \n\n Multiple buffer overflow vulnerabilities are present in the VIX API. \n Exploitation of these vulnerabilities might result in code execution on\n the host system or on the service console in ESX Server from the guest\n operating system. \n\n The VIX API can be enabled and disabled using the \"vix.inGuest.enable\"\n setting in the VMware configuration file. This default value for this\n setting is \"disabled\". This configuration setting is present in the\n following products:\n VMware Workstation 6.0.2 and higher\n VMware ACE 6.0.2 and higher\n VMware Server 1.06 and higher\n VMware Fusion 1.1.2 and higher\n ESX Server 3.0 and higher\n ESX Server 3.5 and higher\n In previous versions of VMware products where the VIX API was introduced,\n the VIX API couldn\u0027t be disabled. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2008-2100 to this issue. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============ ======== ======= =================\n VIX API 1.1.x Windows VMware-vix-1.1.4-93057.exe\n VIX API 1.1.x Linux VMware-vix-1.1.4-93057.i386.tar.gz\n VIX API 1.1.x Linux64 VMware-vix-1.1.4-93057.x86_64.tar.gz\n\n Workstation 6.x Windows 6.0.4 build 93057\n Workstation 6.x Linux 6.0.4 build 93057\n Workstation 5.x Windows 5.5.7 build 91707\n Workstation 5.x Linux 5.5.7 build 91707\n\n Player 2.x Windows 2.0.4 build 93057\n Player 2.x Linux 2.0.4 build 93057\n Player 1.x Windows 1.0.6 build 91707\n Player 1.x Linux 1.0.6 build 91707\n\n ACE 2.x Windows 2.0.4 build 93057\n ACE 1.x Windows not affected\n\n Server 1.x Windows 1.0.6 build 91891\n Server 1.x Linux 1.0.6 build 91891\n\n Fusion 1.x Mac OS/X 1.1.2 build 87978 or later\n\n ESXi 3.5 ESXi ESXe350-200805501-I-SG,\n ESXe350-200805502-T-SG\n\n ESX 3.5 ESX ESX350-200805501-BG\n ESX 3.0.2 ESX ESX-1004216, ESX-1004726, ESX-1004727\n ESX 3.0.1 ESX ESX-1004186, ESX-1004725\n ESX 2.5.5 ESX not affected\n ESX 2.5.4 ESX not affected\n\n\nII Service Console rpm updates\n\n NOTE: ESXi and hosted products are not affected by any service console\n security updates\n\n a. Security update for cyrus-sasl\n\n Updated cyrus-sasl package for the ESX Service Console corrects a security\n issue found in the DIGEST-MD5 authentication mechanism of Cyrus\u0027\n implementation of Simple Authentication and Security Layer (SASL). As a\n result of this issue in the authentication mechanism, a remote\n unauthenticated attacker might be able to cause a denial of service error\n on the service console. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the name CVE-2006-1721 to this issue. \n\n RPMs Updated:\n cyrus-sasl-2.1.15-15.i386.rpm\n cyrus-sasl-md5-2.1.15-1.i386.rpm\n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============ ======== ======= =================\n hosted any any not affected\n\n ESXi 3.5 ESXi not affected\n\n ESX 3.5 ESX ESX350-200805504-SG\n ESX 3.0.2 ESX ESX-1004722\n ESX 3.0.1 ESX ESX-1004721\n ESX 2.5.5 ESX not affected\n ESX 2.5.4 ESX not affected\n\n b. Security update for tcltk\n\n An input validation flaw was discovered in Tk\u0027s GIF image handling. A\n code-size value read from a GIF image was not properly validated before\n being used, leading to a buffer overflow. A specially crafted GIF file\n could use this to cause a crash or, potentially, execute code with the\n privileges of the application using the Tk graphical toolkit. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the name CVE-2008-0553 to this issue. \n\n A buffer overflow flaw was discovered in Tk\u0027s animated GIF image handling. \n An animated GIF containing an initial image smaller than subsequent images\n could cause a crash or, potentially, execute code with the privileges of\n the application using the Tk library. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the name CVE-2007-5378 to this issue. \n\n A flaw first discovered in the Tcl regular expression engine used in the\n PostgreSQL database server, resulted in an infinite loop when processing\n certain regular expressions. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the name CVE-2007-4772 to this issue. \n\n RPM Updated:\n tcl-8.3.5-92.8.i386.rpm\n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============ ======== ======= =================\n hosted any any not affected\n\n ESXi 3.5 ESXi not affected\n\n ESX 3.5 ESX ESX350-200805506-SG\n ESX 3.0.2 ESX ESX-1004724\n ESX 3.0.1 ESX ESX-1004723\n ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8\n ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19\n\n c. Security update for unzip\n\n This patch includes a moderate security update to the service console that\n fixes a flaw in unzip. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the name CVE-2008-0888 to this issue. \n\n RPM Updated:\n Unzip-5.50-36.EL3.i386.rpm\n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============ ======== ======= =================\n hosted any any not affected\n\n ESXi 3.5 ESXi not affected\n\n ESX 3.5 ESX ESX350-200805505-SG\n ESX 3.0.2 ESX ESX-1004719\n ESX 3.0.1 ESX ESX-1004190\n ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8\n ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19\n\n d. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2008-0062 to this issue. \n\n NOTE: ESX doesn\u0027t contain the krb5kdc binary and is not vulnerable\n to this issue. \n\n NOTE: ESX doesn\u0027t contain the krb5kdc binary and is not vulnerable\n to this issue. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2008-0948 to this issue. \n\n RPM Updated:\n krb5-libs-1.2.7-68.i386.rpm\n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============ ======== ======= =================\n hosted any any not affected\n\n ESXi 3.5 ESXi not affected\n\n ESX 3.5 ESX ESX350-200805507-SG\n ESX 3.0.2 ESX ESX-1004219\n ESX 3.0.1 ESX ESX-1004189\n ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8\n ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19\n\n4. Solution:\n\nPlease review the release notes for your product and version and verify the\nmd5sum of your downloaded file. \n\n VMware Workstation 6.0.4\n ------------------------\n http://www.vmware.com/download/ws/\n Release notes:\n http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n\n Windows binary\n md5sum: f50a05831e94c19d98f363c752fca5f9\n\n RPM Installation file for 32-bit Linux\n md5sum: e7793b14b995d3b505f093c84e849421\n\n tar Installation file for 32-bit Linux\n md5sum: a0a8e1d8188f4be03357872a57a767ab\n\n RPM Installation file for 64-bit Linux\n md5sum: 960d753038a268b8f101f4b853c0257e\n\n tar Installation file for 64-bit Linux\n md5sum: 4697ec8a9d6c1152d785f3b77db9d539\n\n VMware Workstation 5.5.7\n ------------------------\n http://www.vmware.com/download/ws/ws5.html\n Release notes:\n http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n\n Windows binary:\n md5sum: 4c6a6653b7296240197aac048591c659\n\n Compressed Tar archive for 32-bit Linux\n md5sum: 8fc15d72031489cf5cd5d47b966787e6\n\n Linux RPM version for 32-bit Linux\n md5sum: f0872fe447ac654a583af16b2f4bba3f\n\n\n VMware Player 2.0.4 and 1.0.7\n -----------------------------\n http://www.vmware.com/download/player/\n Release notes Player 1.x:\n http://www.vmware.com/support/player/doc/releasenotes_player.html\n Release notes Player 2.0\n http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n\n 2.0.4 Windows binary\n md5sum: a117664a8bfa7336b846117e5fc048dd\n\n VMware Player 2.0.4 for Linux (.rpm)\n md5sum: de6ab6364a0966b68eadda2003561cd2\n\n VMware Player 2.0.4 for Linux (.tar)\n md5sum: 9e1c2bfda6b22a3fc195a86aec11903a\n\n VMware Player 2.0.4 - 64-bit (.rpm)\n md5sum: 997e5ceffe72f9ce9146071144dacafa\n\n VMware Player 2.0.4 - 64-bit (.tar)\n md5sum: 18eb4ee49dd7e33ec155ef69d7d259ef\n\n 1.0.7 Windows binary\n md5sum: 51114b3b433dc1b3bf3e434aebbf2b9c\n\n Player 1.0.7 for Linux (.rpm)\n md5sum: 3b5f97a37df3b984297fa595a5cdba9c\n\n Player 1.0.7 for Linux (.tar)\n md5sum: b755739144944071492a16fa20f86a51\n\n\n VMware ACE\n ----------\n http://www.vmware.com/download/ace/\n Release notes 2.0:\n http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n VMware-workstation-6.0.4-93057.exe\n md5sum: f50a05831e94c19d98f363c752fca5f9\n\n VMware-ACE-Management-Server-Appliance-2.0.4-93057.zip\n md5sum: d2ae2246f3d87268cf84c1421d94e86c\n\n VMware-ACE-Management-Server-2.0.4-93057.exe\n md5sum: 41b31b3392d5da2cef77a7bb28654dbf\n\n VMware-ACE-Management-Server-2.0.4-93057.i386-rhel4.rpm\n md5sum: 9920be4c33773df53a1728b41af4b109\n\n VMware-ACE-Management-Server-2.0.4-93057.i386-sles9.rpm\n md5sum: 4ec4c37203db863e8844460b5e80920b\n\n Release notes 1.x:\n http://www.vmware.com/support/ace/doc/releasenotes_ace.html\n\n VMware-ACE-1.0.6-89199.exe\n md5sum: 110f6e24842a0d154d9ec55ef9225f4f\n\n\n VMware Server 1.0.6\n -------------------\n http://www.vmware.com/download/server/\n Release notes:\n http://www.vmware.com/support/server/doc/releasenotes_server.html\n\n VMware Server for Windows 32-bit and 64-bit\n md5sum: 3e00d5cfae123d875e4298bddabf12f5\n\n VMware Server Windows client package\n md5sum: 64f3fc1b4520626ae465237d7ec4773e\n\n VMware Server for Linux\n md5sum: 46ea876bfb018edb6602a921f6597245\n\n VMware Server for Linux rpm\n md5sum: 9d2f0af908aba443ef80bec8f7ef3485\n\n Management Interface\n md5sum: 1b3daabbbb49a036fe49f53f812ef64b\n\n VMware Server Linux client package\n md5sum: 185e5b174659f366fcb38b1c4ad8d3c6\n\n\n VMware Fusion 1.1.3\n --------------\n http://www.vmware.com/download/fusion/\n Release notes:\n http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n md5sum: D15A3DFD3E7B11FC37AC684586086D\n\n\n VMware VIX 1.1.4\n ----------------\n http://www.vmware.com/support/developer/vix-api/\n Release notes:\n http://www.vmware.com/support/pubs/vix-api/VIXAPI-1.1.4-Release-Notes.html\n VMware-vix-1.1.4-93057.exe\n md5sum: 2efb74618c7ead627ecb3b3033e3f9f6\n\n VMware-vix-1.1.4-93057.i386.tar.gz\n md5sum: 988df2b2bbc975a6fc11f27ad1519832\n\n VMware-vix-1.1.4-93057.x86_64.tar.gz\n md5sum: a64f951c6fb5b2795a29a5a7607059c0\n\n\n ESXi\n ----\n VMware ESXi 3.5 patch ESXe350-200805501-O-SG (authd, openwsman, VIX)\n http://download3.vmware.com/software/esx/ESXe350-200805501-O-SG.zip\n md5sum: 4ce06985d520e94243db1e0504a56d8c\n http://kb.vmware.com/kb/1005073\n http://kb.vmware.com/kb/1004173\n http://kb.vmware.com/kb/1004172\n\n NOTE: ESXe350-200805501-O-SG contains the following patch bundles:\n ESXe350-200805501-I-SG, ESXe350-200805502-T-SG,\n ESXe350-200805503-C-SG\n\n\n ESX\n ---\n VMware ESX 3.5 patch ESX350-200805515-SG (authd)\n http://download3.vmware.com/software/esx/ESX350-200805515-SG.zip\n md5sum: 324b50ade230bcd5079a76e3636163c5\n http://kb.vmware.com/kb/1004170\n\n VMware ESX 3.5 patch ESX350-200805508-SG (openwsman)\n http://download3.vmware.com/software/esx/ESX350-200805508-SG.zip\n md5sum: 3ff8c06d4a9dd406f64f89c51bf26d12\n http://kb.vmware.com/kb/1004644\n\n VMware ESX 3.5 patch ESX350-200805501-BG (VIX)\n http://download3.vmware.com/software/esx/ESX350-200805501-BG.zip\n md5sum: 31a620aa249c593c30015b5b6f8c8650\n http://kb.vmware.com/kb/1004637\n\n VMware ESX 3.5 patch ESX350-200805504-SG (cyrus-sasl)\n http://download3.vmware.com/software/esx/ESX350-200805504-SG.zip\n md5sum: 4c1b1a8dcb09a636b55c64c290f7de51\n http://kb.vmware.com/kb/1004640\n\n VMware ESX 3.5 patch ESX350-200805506-SG (tcltk)\n http://download3.vmware.com/software/esx/ESX350-200805506-SG.zip\n md5sum: af279eef8fdeddb7808630da1ae717b1\n http://kb.vmware.com/kb/1004642\n\n VMware ESX 3.5 patch ESX350-200805505-SG (unzip)\n http://download3.vmware.com/software/esx/ESX350-200805505-SG.zip\n md5sum: 07af82d9fd97cccb89d9b90c6ecc41c6\n http://kb.vmware.com/kb/1004641\n\n VMware ESX 3.5 patch ESX350-200805507-SG (krb5)\n http://download3.vmware.com/software/esx/ESX350-200805507-SG.zip\n md5sum: 5d35a1c470daf13c9f4df5bdc9438748\n http://kb.vmware.com/kb/1004643\n\n VMware ESX 3.0.2 patch ESX-1004727 (HGFS,VIX)\n http://download3.vmware.com/software/vi/ESX-1004727.tgz\n md5sum: 31a67b0fa3449747887945f8d370f19e\n http://kb.vmware.com/kb/1004727\n\n VMware ESX 3.0.2 patch ESX-1004821 (authd)\n http://download3.vmware.com/software/vi/ESX-1004821.tgz\n md5sum: 5c147bedd07245c903d44257522aeba1\n http://kb.vmware.com/kb/1004821\n\n VMware ESX 3.0.2 patch ESX-1004216 (VIX)\n http://download3.vmware.com/software/vi/ESX-1004216.tgz\n md5sum: 0784ef70420d28a9a5d6113769f6669a\n http://kb.vmware.com/kb/1004216\n\n VMware ESX 3.0.2 patch ESX-1004726 (VIX)\n http://download3.vmware.com/software/vi/ESX-1004726.tgz\n md5sum: 44f03b274867b534cd274ccdf4630b86\n http://kb.vmware.com/kb/1004726\n\n VMware ESX 3.0.2 patch ESX-1004722 (cyrus-sasl)\n http://download3.vmware.com/software/vi/ESX-1004722.tgz\n md5sum: 99dc71aed5bab7711f573b6d322123d6\n http://kb.vmware.com/kb/1004722\n\n VMware ESX 3.0.2 patch ESX-1004724 (tcltk)\n http://download3.vmware.com/software/vi/ESX-1004724.tgz\n md5sum: fd9a160ca7baa5fc443f2adc8120ecf7\n http://kb.vmware.com/kb/1004724\n\n VMware ESX 3.0.2 patch ESX-1004719 (unzip)\n http://download3.vmware.com/software/vi/ESX-1004719.tgz\n md5sum: f0c37b9f6be3399536d60f6c6944de82\n http://kb.vmware.com/kb/1004719\n\n VMware ESX 3.0.2 patch ESX-1004219 (krb5)\n http://download3.vmware.com/software/vi/ESX-1004219.tgz\n md5sum: 7c68279762f407a7a5ee151a650ebfd4\n http://kb.vmware.com/kb/1004219\n\n VMware ESX 3.0.1 patch ESX-1004186 (HGFS,VIX)\n http://download3.vmware.com/software/vi/ESX-1004186.tgz\n md5sum: f64389a8b97718eccefadce1a14d1198\n http://kb.vmware.com/kb/1004186\n\n VMware ESX 3.0.1 patch ESX-1004728 (authd)\n http://download3.vmware.com/software/vi/ESX-1004728.tgz\n md5sum: 1f01bb819805b855ffa2ec1040eff5ca\n http://kb.vmware.com/kb/1004728\n\n VMware ESX 3.0.1 patch ESX-1004725 (VIX)\n http://download3.vmware.com/software/vi/ESX-1004725.tgz\n md5sum: 9fafb04c6d3f6959e623832f539d2dc8\n http://kb.vmware.com/kb/1004725\n\n VMware ESX 3.0.1 patch ESX-1004721 (cyrus-sasl)\n http://download3.vmware.com/software/vi/ESX-1004721.tgz\n md5sum: 48190819b0f5afddefcb8d209d12b585\n http://kb.vmware.com/kb/1004721\n\n VMware ESX 3.0.1 patch ESX-1004723 (tcltk)\n http://download3.vmware.com/software/vi/ESX-1004723.tgz\n md5sum: c34ca0a5886e0c0917a93a97c331fd7d\n http://kb.vmware.com/kb/1004723\n\n VMware ESX 3.0.1 patch ESX-1004190 (unzip)\n http://download3.vmware.com/software/vi/ESX-1004190.tgz\n md5sum: 05187b9f534048c79c62741367cc0dd2\n http://kb.vmware.com/kb/1004190\n\n VMware ESX 3.0.1 patch ESX-1004189 (krb5)\n http://download3.vmware.com/software/vi/ESX-1004189.tgz\n md5sum: 21b620530b99009f469c872e73a439e8\n http://kb.vmware.com/kb/1004189\n\n VMware ESX 2.5.5 Upgrade Patch 8\n http://download3.vmware.com/software/esx/esx-2.5.5-90521-upgrade.tar.gz\n md5sum: 392b6947fc3600ca0e8e7788cd5bbb6e\n http://vmware.com/support/esx25/doc/esx-255-200805-patch.html\n\n VMware ESX 2.5.4 Upgrade Patch 19\n http://download3.vmware.com/software/esx/esx-2.5.4-90520-upgrade.tar.gz\n md5sum: 442788fd0bccb0d994c75b268bd12760\n http://vmware.com/support/esx25/doc/esx-254-200805-patch.html\n\n5. References:\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5671\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0967\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2097\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2100\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0553\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0948\n\n6. Change log:\n\n2008-06-04 VMSA-2008-0009 Initial release\n\n- -------------------------------------------------------------------\n7. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce@lists.vmware.com\n * bugtraq@securityfocus.com\n * full-disclosure@lists.grok.org.uk\n\nE-mail: security@vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc. All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFIRs08S2KysvBH1xkRCMxFAJ0WJX76quFzCV+avwupq3Lu72UKigCfRftj\nCZvxoXw/sZxDCSDjVzYAhrA=\n=s04s\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200803-31\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: MIT Kerberos 5: Multiple vulnerabilities\n Date: March 24, 2008\n Bugs: #199205, #212363\n ID: 200803-31\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilites have been found in MIT Kerberos 5, which could\nallow a remote unauthenticated user to execute arbitrary code with root\nprivileges. \n\nBackground\n==========\n\nMIT Kerberos 5 is a suite of applications that implement the Kerberos\nnetwork protocol. kadmind is the MIT Kerberos 5 administration daemon,\nKDC is the Key Distribution Center. \n\n* Jeff Altman (Secure Endpoints) discovered a buffer overflow in the\n RPC library server code, used in the kadmin server, caused when too\n many file descriptors are opened (CVE-2008-0947). \n\n* Venustech AD-LAB discovered multiple vulnerabilities in the GSSAPI\n library: usage of a freed variable in the gss_indicate_mechs()\n function (CVE-2007-5901) and a double free() vulnerability in the\n gss_krb5int_make_seal_token_v3() function (CVE-2007-5971). These bugs can only be triggered when Kerberos 4 support is\nenabled. \n\nThe RPC related vulnerability can be exploited by a remote\nunauthenticated attacker to crash kadmind, and theoretically execute\narbitrary code with root privileges or cause database corruption. This\nbug can only be triggered in configurations that allow large numbers of\nopen file descriptors in a process. \n\nWorkaround\n==========\n\nKerberos 4 support can be disabled via disabling the \"krb4\" USE flag\nand recompiling the ebuild, or setting \"v4_mode=none\" in the\n[kdcdefaults] section of /etc/krb5/kdc.conf. This will only work around\nthe KDC related vulnerabilities. \n\nResolution\n==========\n\nAll MIT Kerberos 5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-crypt/mit-krb5-1.6.3-r1\"\n\nReferences\n==========\n\n [ 1 ] CVE-2007-5901\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894\n [ 2 ] CVE-2007-5971\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971\n [ 3 ] CVE-2008-0062\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062\n [ 4 ] CVE-2008-0063\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063\n [ 5 ] CVE-2008-0947\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200803-31.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2008 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-0062"
},
{
"db": "CERT/CC",
"id": "VU#895609"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001186"
},
{
"db": "BID",
"id": "28303"
},
{
"db": "VULHUB",
"id": "VHN-30187"
},
{
"db": "PACKETSTORM",
"id": "64708"
},
{
"db": "PACKETSTORM",
"id": "64730"
},
{
"db": "PACKETSTORM",
"id": "64731"
},
{
"db": "PACKETSTORM",
"id": "67011"
},
{
"db": "PACKETSTORM",
"id": "64848"
}
],
"trust": 3.15
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-30187",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30187"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2008-0062",
"trust": 4.1
},
{
"db": "CERT/CC",
"id": "VU#895609",
"trust": 3.6
},
{
"db": "BID",
"id": "28303",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "29428",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "29457",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "29451",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "29663",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "30535",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "29462",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "29516",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "29450",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "29464",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-0924",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-0922",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-1744",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-1102",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1019626",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "29424",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "29435",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "29423",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "29438",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "29420",
"trust": 1.1
},
{
"db": "USCERT",
"id": "TA08-079A",
"trust": 0.8
},
{
"db": "USCERT",
"id": "TA08-079B",
"trust": 0.8
},
{
"db": "USCERT",
"id": "SA08-079A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001186",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200803-309",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20080318 MITKRB5-SA-2008-001: DOUBLE-FREE, UNINITIALIZED DATA VULNERABILITIES IN KRB5KDC",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080319 RPSA-2008-0112-1 KRB5 KRB5-SERVER KRB5-SERVICES KRB5-TEST KRB5-WORKSTATION",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080604 VMSA-2008-0009 UPDATES TO VMWARE WORKSTATION, VMWARE PLAYER, VMWARE ACE, VMWARE FUSION, VMWARE SERVER, VMWARE VIX API, VMWARE ESX, VMWARE ESXI RESOLVE CRITICAL SECURITY ISSUES",
"trust": 0.6
},
{
"db": "CONFIRM",
"id": "HTTP://WIKI.RPATH.COM/WIKI/ADVISORIES:RPSA-2008-0112",
"trust": 0.6
},
{
"db": "CONFIRM",
"id": "HTTP://SUPPORT.NOVELL.COM/DOCS/READMES/INFODOCUMENT/PATCHBUILDER/README_5022520.HTML",
"trust": 0.6
},
{
"db": "CONFIRM",
"id": "HTTP://SUPPORT.NOVELL.COM/DOCS/READMES/INFODOCUMENT/PATCHBUILDER/README_5022542.HTML",
"trust": 0.6
},
{
"db": "CONFIRM",
"id": "HTTP://WIKI.RPATH.COM/ADVISORIES:RPSA-2008-0112",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2008:0164",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2008:0181",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2008:0180",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2008:0182",
"trust": 0.6
},
{
"db": "MANDRIVA",
"id": "MDVSA-2008:069",
"trust": 0.6
},
{
"db": "MANDRIVA",
"id": "MDVSA-2008:070",
"trust": 0.6
},
{
"db": "MANDRIVA",
"id": "MDVSA-2008:071",
"trust": 0.6
},
{
"db": "XF",
"id": "41275",
"trust": 0.6
},
{
"db": "XF",
"id": "5",
"trust": 0.6
},
{
"db": "FEDORA",
"id": "FEDORA-2008-2637",
"trust": 0.6
},
{
"db": "FEDORA",
"id": "FEDORA-2008-2647",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200803-31",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2008-03-18",
"trust": 0.6
},
{
"db": "UBUNTU",
"id": "USN-587-1",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-1524",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "64708",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "64731",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "64688",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64714",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101247",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-30187",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64730",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "67011",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64848",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#895609"
},
{
"db": "VULHUB",
"id": "VHN-30187"
},
{
"db": "BID",
"id": "28303"
},
{
"db": "PACKETSTORM",
"id": "64708"
},
{
"db": "PACKETSTORM",
"id": "64730"
},
{
"db": "PACKETSTORM",
"id": "64731"
},
{
"db": "PACKETSTORM",
"id": "67011"
},
{
"db": "PACKETSTORM",
"id": "64848"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-309"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001186"
},
{
"db": "NVD",
"id": "CVE-2008-0062"
}
]
},
"id": "VAR-200803-0027",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-30187"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T22:10:14.356000Z",
"patch": {
"_id": null,
"data": [
{
"title": "RHSA-2008",
"trust": 0.8,
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001186"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-665",
"trust": 1.0
},
{
"problemtype": "Improper initialization (CWE-665) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-189",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30187"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001186"
},
{
"db": "NVD",
"id": "CVE-2008-0062"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/895609"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/28303"
},
{
"trust": 2.0,
"url": "http://support.novell.com/docs/readmes/infodocument/patchbuilder/readme_5022520.html"
},
{
"trust": 2.0,
"url": "http://support.novell.com/docs/readmes/infodocument/patchbuilder/readme_5022542.html"
},
{
"trust": 1.9,
"url": "http://web.mit.edu/kerberos/advisories/mitkrb5-sa-2008-001.txt"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2008/mar/msg00001.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/489761"
},
{
"trust": 1.7,
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"trust": 1.7,
"url": "http://wiki.rpath.com/advisories:rpsa-2008-0112"
},
{
"trust": 1.7,
"url": "http://wiki.rpath.com/wiki/advisories:rpsa-2008-0112"
},
{
"trust": 1.7,
"url": "http://www.vmware.com/security/advisories/vmsa-2008-0009.html"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2008/dsa-1524"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-march/msg00537.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-march/msg00544.html"
},
{
"trust": 1.7,
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:069"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:070"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:071"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0164.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0180.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0181.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0182.html"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1019626"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29450"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29451"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29457"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29462"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29464"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29516"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29663"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/30535"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-587-1"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/489883/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9496"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/29420"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/29423"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/29424"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/29428"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/29435"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/29438"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/0922/references"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/1102/references"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41275"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta08-079a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta08-079b/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta08-079a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta08-079b/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0062"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa08-079a.html"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-079a.html"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-079b.html"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/29428/"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2008/0922"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/41275"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/493080/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/489883/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/1744"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/1102/references"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/0924/references"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/0922/references"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0062"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0063"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0062"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0063"
},
{
"trust": 0.3,
"url": "http://web.mit.edu/kerberos/"
},
{
"trust": 0.3,
"url": "/archive/1/489761"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/elmodocs2/security/asa-2008-144.htm"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0164.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0180.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0181.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0182.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0947"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5971"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0947"
},
{
"trust": 0.2,
"url": "http://secunia.com/"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5971"
},
{
"trust": 0.2,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=130497213107107\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.4-5ubuntu3.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.4-5ubuntu3.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.1-7ubuntu0.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.4-5ubuntu3.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.4-5ubuntu3.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.6.dfsg.1-7ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.4-5ubuntu3.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-5ubuntu0.7.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.1.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.1-7ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.4-5ubuntu3.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.4-5ubuntu3.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.1-7ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.1-7ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.4-5ubuntu3.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.1-7ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.1-7ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.4-5ubuntu3.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.4-5ubuntu3.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.4-5ubuntu3.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.4-5ubuntu3.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.1-7ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.1-7ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.1-7ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.4-5ubuntu3.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.4-5ubuntu3.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.1-7ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.6.dfsg.1-7ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.4-5ubuntu3.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.6.dfsg.1-7ubuntu0.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.1-7ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.1-7ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.1-7ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.4-5ubuntu3.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.1-7ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.4-5ubuntu3.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.1-7ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.4-5ubuntu3.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.1-7ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.4-5ubuntu3.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.4-5ubuntu3.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.4-5ubuntu3.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.4-5ubuntu3.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.4-5ubuntu3.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.4-5ubuntu3.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.4-5ubuntu3.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.1-7ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.4-5ubuntu3.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.1-7ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.1-7ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.4-5ubuntu3.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.4-5ubuntu3.4.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.4-5ubuntu3.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.1-7ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.4-5ubuntu3.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-9ubuntu1.6.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.1-7ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.1-7ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-9ubuntu1.6.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.1-7ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.4-5ubuntu3.4.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.4-5ubuntu3.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.1-7ubuntu0.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.1-7ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.4-5ubuntu3.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.1-7ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.1-7ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.4-5ubuntu3.4_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.4-5ubuntu3.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.1-7ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.4-5ubuntu3.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.1-7ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.4-5ubuntu3.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.6.dfsg.1-7ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.4-5ubuntu3.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.1-7ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.1-7ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.4-5ubuntu3.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.4.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.1-7ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.3-5ubuntu0.7_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.1-7ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.6.dfsg.1-7ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.3-9ubuntu1.6_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.1-7ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.1-7ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.1-7ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.4-5ubuntu3.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-5ubuntu0.7.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.4-5ubuntu3.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.1-7ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.1-7ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.1-7ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.1-7ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.4-5ubuntu3.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.4-5ubuntu3.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.1-7ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.4-5ubuntu3.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.1-7ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.4-5ubuntu3.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.4-5ubuntu3.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.4-5ubuntu3.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://web.mit.edu/kerberos/advisories/mitkrb5-sa-2008-002.txt"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1004189"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/esx/esx350-200805515-sg.zip"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1004723"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1004644"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1004642"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1004219"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1004725"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1055"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0553"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vi/esx-1004722.tgz"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vi/esx-1004719.tgz"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vi/esx-1004219.tgz"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0948"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5378"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5378"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vi/esx-1004724.tgz"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0967"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0967"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1004719"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/developer/vix-api/"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1004172"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vi/esx-1004725.tgz"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vi/esx-1004727.tgz"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1004641"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1004724"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos_vi.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5671"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1004170"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vi/esx-1004726.tgz"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/esx/esx350-200805501-bg.zip"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/download/player/"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1004721"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/security"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2097"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1004722"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1004727"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1004821"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/esx/esx-2.5.5-90521-upgrade.tar.gz"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/download/ws/"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1004637"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0888"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vi/esx-1004821.tgz"
},
{
"trust": 0.1,
"url": "http://vmware.com/support/esx25/doc/esx-255-200805-patch.html"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vi/esx-1004721.tgz"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0553"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1005073"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/download/server/"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1004186"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vi/esx-1004186.tgz"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vi/esx-1004723.tgz"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2097"
},
{
"trust": 0.1,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/esx/esx350-200805508-sg.zip"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/esx/esx350-200805505-sg.zip"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-1721"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1004173"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/download/ws/ws5.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/download/fusion/"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/esx/esx-2.5.4-90520-upgrade.tar.gz"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-4772"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1004643"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1721"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0948"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vi/esx-1004216.tgz"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1004728"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vi/esx-1004728.tgz"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vi/esx-1004189.tgz"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/pubs/vix-api/vixapi-1.1.4-release-notes.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/download/ace/"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vi/esx-1004190.tgz"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/esx/esxe350-200805501-o-sg.zip"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2100"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1004216"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1004190"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1004726"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0888"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1004640"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2100"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/esx/esx350-200805506-sg.zip"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/esx/esx350-200805504-sg.zip"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4772"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/esx/esx350-200805507-sg.zip"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"trust": 0.1,
"url": "http://vmware.com/support/esx25/doc/esx-254-200805-patch.html"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5894"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-200803-31.xml"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5901"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#895609"
},
{
"db": "VULHUB",
"id": "VHN-30187"
},
{
"db": "BID",
"id": "28303"
},
{
"db": "PACKETSTORM",
"id": "64708"
},
{
"db": "PACKETSTORM",
"id": "64730"
},
{
"db": "PACKETSTORM",
"id": "64731"
},
{
"db": "PACKETSTORM",
"id": "67011"
},
{
"db": "PACKETSTORM",
"id": "64848"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-309"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001186"
},
{
"db": "NVD",
"id": "CVE-2008-0062"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#895609",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-30187",
"ident": null
},
{
"db": "BID",
"id": "28303",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "64708",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "64730",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "64731",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "67011",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "64848",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200803-309",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001186",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2008-0062",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2008-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#895609",
"ident": null
},
{
"date": "2008-03-19T00:00:00",
"db": "VULHUB",
"id": "VHN-30187",
"ident": null
},
{
"date": "2008-03-18T00:00:00",
"db": "BID",
"id": "28303",
"ident": null
},
{
"date": "2008-03-19T22:47:40",
"db": "PACKETSTORM",
"id": "64708",
"ident": null
},
{
"date": "2008-03-19T23:37:11",
"db": "PACKETSTORM",
"id": "64730",
"ident": null
},
{
"date": "2008-03-19T23:38:22",
"db": "PACKETSTORM",
"id": "64731",
"ident": null
},
{
"date": "2008-06-05T01:56:09",
"db": "PACKETSTORM",
"id": "67011",
"ident": null
},
{
"date": "2008-03-24T22:48:28",
"db": "PACKETSTORM",
"id": "64848",
"ident": null
},
{
"date": "2008-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-309",
"ident": null
},
{
"date": "2008-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001186",
"ident": null
},
{
"date": "2008-03-19T10:44:00",
"db": "NVD",
"id": "CVE-2008-0062",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2011-07-22T00:00:00",
"db": "CERT/CC",
"id": "VU#895609",
"ident": null
},
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-30187",
"ident": null
},
{
"date": "2015-04-13T21:38:00",
"db": "BID",
"id": "28303",
"ident": null
},
{
"date": "2008-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-309",
"ident": null
},
{
"date": "2024-02-28T07:01:00",
"db": "JVNDB",
"id": "JVNDB-2008-001186",
"ident": null
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-0062",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "64708"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-309"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "MIT Kerberos krb4-enabled KDC contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#895609"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-309"
}
],
"trust": 0.6
}
}
OPENSUSE-SU-2024:10899-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
krb5-1.19.2-2.2 on GA media
Severity
Moderate
Notes
Title of the patch: krb5-1.19.2-2.2 on GA media
Description of the patch: These are all security issues fixed in the krb5-1.19.2-2.2 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10899
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.2 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "krb5-1.19.2-2.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the krb5-1.19.2-2.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10899",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10899-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-6143 page",
"url": "https://www.suse.com/security/cve/CVE-2006-6143/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-6144 page",
"url": "https://www.suse.com/security/cve/CVE-2006-6144/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-0956 page",
"url": "https://www.suse.com/security/cve/CVE-2007-0956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-0957 page",
"url": "https://www.suse.com/security/cve/CVE-2007-0957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-1216 page",
"url": "https://www.suse.com/security/cve/CVE-2007-1216/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-2442 page",
"url": "https://www.suse.com/security/cve/CVE-2007-2442/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-2798 page",
"url": "https://www.suse.com/security/cve/CVE-2007-2798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3999 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-4000 page",
"url": "https://www.suse.com/security/cve/CVE-2007-4000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-5894 page",
"url": "https://www.suse.com/security/cve/CVE-2007-5894/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-5902 page",
"url": "https://www.suse.com/security/cve/CVE-2007-5902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-5971 page",
"url": "https://www.suse.com/security/cve/CVE-2007-5971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-5972 page",
"url": "https://www.suse.com/security/cve/CVE-2007-5972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0062 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0947 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11368 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11368/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11462 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5729 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-36222 page",
"url": "https://www.suse.com/security/cve/CVE-2021-36222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-37750 page",
"url": "https://www.suse.com/security/cve/CVE-2021-37750/"
}
],
"title": "krb5-1.19.2-2.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10899-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "krb5-1.19.2-2.2.aarch64",
"product": {
"name": "krb5-1.19.2-2.2.aarch64",
"product_id": "krb5-1.19.2-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "krb5-32bit-1.19.2-2.2.aarch64",
"product": {
"name": "krb5-32bit-1.19.2-2.2.aarch64",
"product_id": "krb5-32bit-1.19.2-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "krb5-client-1.19.2-2.2.aarch64",
"product": {
"name": "krb5-client-1.19.2-2.2.aarch64",
"product_id": "krb5-client-1.19.2-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "krb5-devel-1.19.2-2.2.aarch64",
"product": {
"name": "krb5-devel-1.19.2-2.2.aarch64",
"product_id": "krb5-devel-1.19.2-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "krb5-devel-32bit-1.19.2-2.2.aarch64",
"product": {
"name": "krb5-devel-32bit-1.19.2-2.2.aarch64",
"product_id": "krb5-devel-32bit-1.19.2-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"product": {
"name": "krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"product_id": "krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"product": {
"name": "krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"product_id": "krb5-plugin-preauth-otp-1.19.2-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"product": {
"name": "krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"product_id": "krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"product": {
"name": "krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"product_id": "krb5-plugin-preauth-spake-1.19.2-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "krb5-server-1.19.2-2.2.aarch64",
"product": {
"name": "krb5-server-1.19.2-2.2.aarch64",
"product_id": "krb5-server-1.19.2-2.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-1.19.2-2.2.ppc64le",
"product": {
"name": "krb5-1.19.2-2.2.ppc64le",
"product_id": "krb5-1.19.2-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "krb5-32bit-1.19.2-2.2.ppc64le",
"product": {
"name": "krb5-32bit-1.19.2-2.2.ppc64le",
"product_id": "krb5-32bit-1.19.2-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "krb5-client-1.19.2-2.2.ppc64le",
"product": {
"name": "krb5-client-1.19.2-2.2.ppc64le",
"product_id": "krb5-client-1.19.2-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "krb5-devel-1.19.2-2.2.ppc64le",
"product": {
"name": "krb5-devel-1.19.2-2.2.ppc64le",
"product_id": "krb5-devel-1.19.2-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "krb5-devel-32bit-1.19.2-2.2.ppc64le",
"product": {
"name": "krb5-devel-32bit-1.19.2-2.2.ppc64le",
"product_id": "krb5-devel-32bit-1.19.2-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"product": {
"name": "krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"product_id": "krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"product": {
"name": "krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"product_id": "krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"product": {
"name": "krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"product_id": "krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"product": {
"name": "krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"product_id": "krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "krb5-server-1.19.2-2.2.ppc64le",
"product": {
"name": "krb5-server-1.19.2-2.2.ppc64le",
"product_id": "krb5-server-1.19.2-2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-1.19.2-2.2.s390x",
"product": {
"name": "krb5-1.19.2-2.2.s390x",
"product_id": "krb5-1.19.2-2.2.s390x"
}
},
{
"category": "product_version",
"name": "krb5-32bit-1.19.2-2.2.s390x",
"product": {
"name": "krb5-32bit-1.19.2-2.2.s390x",
"product_id": "krb5-32bit-1.19.2-2.2.s390x"
}
},
{
"category": "product_version",
"name": "krb5-client-1.19.2-2.2.s390x",
"product": {
"name": "krb5-client-1.19.2-2.2.s390x",
"product_id": "krb5-client-1.19.2-2.2.s390x"
}
},
{
"category": "product_version",
"name": "krb5-devel-1.19.2-2.2.s390x",
"product": {
"name": "krb5-devel-1.19.2-2.2.s390x",
"product_id": "krb5-devel-1.19.2-2.2.s390x"
}
},
{
"category": "product_version",
"name": "krb5-devel-32bit-1.19.2-2.2.s390x",
"product": {
"name": "krb5-devel-32bit-1.19.2-2.2.s390x",
"product_id": "krb5-devel-32bit-1.19.2-2.2.s390x"
}
},
{
"category": "product_version",
"name": "krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"product": {
"name": "krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"product_id": "krb5-plugin-kdb-ldap-1.19.2-2.2.s390x"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"product": {
"name": "krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"product_id": "krb5-plugin-preauth-otp-1.19.2-2.2.s390x"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"product": {
"name": "krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"product_id": "krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"product": {
"name": "krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"product_id": "krb5-plugin-preauth-spake-1.19.2-2.2.s390x"
}
},
{
"category": "product_version",
"name": "krb5-server-1.19.2-2.2.s390x",
"product": {
"name": "krb5-server-1.19.2-2.2.s390x",
"product_id": "krb5-server-1.19.2-2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "krb5-1.19.2-2.2.x86_64",
"product": {
"name": "krb5-1.19.2-2.2.x86_64",
"product_id": "krb5-1.19.2-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "krb5-32bit-1.19.2-2.2.x86_64",
"product": {
"name": "krb5-32bit-1.19.2-2.2.x86_64",
"product_id": "krb5-32bit-1.19.2-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "krb5-client-1.19.2-2.2.x86_64",
"product": {
"name": "krb5-client-1.19.2-2.2.x86_64",
"product_id": "krb5-client-1.19.2-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "krb5-devel-1.19.2-2.2.x86_64",
"product": {
"name": "krb5-devel-1.19.2-2.2.x86_64",
"product_id": "krb5-devel-1.19.2-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "krb5-devel-32bit-1.19.2-2.2.x86_64",
"product": {
"name": "krb5-devel-32bit-1.19.2-2.2.x86_64",
"product_id": "krb5-devel-32bit-1.19.2-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"product": {
"name": "krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"product_id": "krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"product": {
"name": "krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"product_id": "krb5-plugin-preauth-otp-1.19.2-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"product": {
"name": "krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"product_id": "krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"product": {
"name": "krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"product_id": "krb5-plugin-preauth-spake-1.19.2-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "krb5-server-1.19.2-2.2.x86_64",
"product": {
"name": "krb5-server-1.19.2-2.2.x86_64",
"product_id": "krb5-server-1.19.2-2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-1.19.2-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64"
},
"product_reference": "krb5-1.19.2-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-1.19.2-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le"
},
"product_reference": "krb5-1.19.2-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-1.19.2-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x"
},
"product_reference": "krb5-1.19.2-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-1.19.2-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64"
},
"product_reference": "krb5-1.19.2-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-32bit-1.19.2-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64"
},
"product_reference": "krb5-32bit-1.19.2-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-32bit-1.19.2-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le"
},
"product_reference": "krb5-32bit-1.19.2-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-32bit-1.19.2-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x"
},
"product_reference": "krb5-32bit-1.19.2-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-32bit-1.19.2-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64"
},
"product_reference": "krb5-32bit-1.19.2-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-client-1.19.2-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64"
},
"product_reference": "krb5-client-1.19.2-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-client-1.19.2-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le"
},
"product_reference": "krb5-client-1.19.2-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-client-1.19.2-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x"
},
"product_reference": "krb5-client-1.19.2-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-client-1.19.2-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64"
},
"product_reference": "krb5-client-1.19.2-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-1.19.2-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64"
},
"product_reference": "krb5-devel-1.19.2-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-1.19.2-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le"
},
"product_reference": "krb5-devel-1.19.2-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-1.19.2-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x"
},
"product_reference": "krb5-devel-1.19.2-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-1.19.2-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64"
},
"product_reference": "krb5-devel-1.19.2-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-32bit-1.19.2-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64"
},
"product_reference": "krb5-devel-32bit-1.19.2-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-32bit-1.19.2-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le"
},
"product_reference": "krb5-devel-32bit-1.19.2-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-32bit-1.19.2-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x"
},
"product_reference": "krb5-devel-32bit-1.19.2-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-devel-32bit-1.19.2-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64"
},
"product_reference": "krb5-devel-32bit-1.19.2-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64"
},
"product_reference": "krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le"
},
"product_reference": "krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-plugin-kdb-ldap-1.19.2-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x"
},
"product_reference": "krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64"
},
"product_reference": "krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-plugin-preauth-otp-1.19.2-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64"
},
"product_reference": "krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le"
},
"product_reference": "krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-plugin-preauth-otp-1.19.2-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x"
},
"product_reference": "krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-plugin-preauth-otp-1.19.2-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64"
},
"product_reference": "krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64"
},
"product_reference": "krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le"
},
"product_reference": "krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x"
},
"product_reference": "krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64"
},
"product_reference": "krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-plugin-preauth-spake-1.19.2-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64"
},
"product_reference": "krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le"
},
"product_reference": "krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-plugin-preauth-spake-1.19.2-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x"
},
"product_reference": "krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-plugin-preauth-spake-1.19.2-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64"
},
"product_reference": "krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-1.19.2-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64"
},
"product_reference": "krb5-server-1.19.2-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-1.19.2-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le"
},
"product_reference": "krb5-server-1.19.2-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-1.19.2-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x"
},
"product_reference": "krb5-server-1.19.2-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "krb5-server-1.19.2-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
},
"product_reference": "krb5-server-1.19.2-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-6143",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-6143"
}
],
"notes": [
{
"category": "general",
"text": "The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-6143",
"url": "https://www.suse.com/security/cve/CVE-2006-6143"
},
{
"category": "external",
"summary": "SUSE Bug 225990 for CVE-2006-6143",
"url": "https://bugzilla.suse.com/225990"
},
{
"category": "external",
"summary": "SUSE Bug 225992 for CVE-2006-6143",
"url": "https://bugzilla.suse.com/225992"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2006-6143"
},
{
"cve": "CVE-2006-6144",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-6144"
}
],
"notes": [
{
"category": "general",
"text": "The \"mechglue\" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-6144",
"url": "https://www.suse.com/security/cve/CVE-2006-6144"
},
{
"category": "external",
"summary": "SUSE Bug 225990 for CVE-2006-6144",
"url": "https://bugzilla.suse.com/225990"
},
{
"category": "external",
"summary": "SUSE Bug 225992 for CVE-2006-6144",
"url": "https://bugzilla.suse.com/225992"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2006-6144"
},
{
"cve": "CVE-2007-0956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-0956"
}
],
"notes": [
{
"category": "general",
"text": "The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a \u0027-\u0027 character, a similar issue to CVE-2007-0882.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-0956",
"url": "https://www.suse.com/security/cve/CVE-2007-0956"
},
{
"category": "external",
"summary": "SUSE Bug 247765 for CVE-2007-0956",
"url": "https://bugzilla.suse.com/247765"
},
{
"category": "external",
"summary": "SUSE Bug 256319 for CVE-2007-0956",
"url": "https://bugzilla.suse.com/256319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2007-0956"
},
{
"cve": "CVE-2007-0957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-0957"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-0957",
"url": "https://www.suse.com/security/cve/CVE-2007-0957"
},
{
"category": "external",
"summary": "SUSE Bug 253548 for CVE-2007-0957",
"url": "https://bugzilla.suse.com/253548"
},
{
"category": "external",
"summary": "SUSE Bug 256319 for CVE-2007-0957",
"url": "https://bugzilla.suse.com/256319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2007-0957"
},
{
"cve": "CVE-2007-1216",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-1216"
}
],
"notes": [
{
"category": "general",
"text": "Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an \"an invalid direction encoding\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-1216",
"url": "https://www.suse.com/security/cve/CVE-2007-1216"
},
{
"category": "external",
"summary": "SUSE Bug 252487 for CVE-2007-1216",
"url": "https://bugzilla.suse.com/252487"
},
{
"category": "external",
"summary": "SUSE Bug 256319 for CVE-2007-1216",
"url": "https://bugzilla.suse.com/256319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2007-1216"
},
{
"cve": "CVE-2007-2442",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-2442"
}
],
"notes": [
{
"category": "general",
"text": "The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-2442",
"url": "https://www.suse.com/security/cve/CVE-2007-2442"
},
{
"category": "external",
"summary": "SUSE Bug 271191 for CVE-2007-2442",
"url": "https://bugzilla.suse.com/271191"
},
{
"category": "external",
"summary": "SUSE Bug 283681 for CVE-2007-2442",
"url": "https://bugzilla.suse.com/283681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2007-2442"
},
{
"cve": "CVE-2007-2798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-2798"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-2798",
"url": "https://www.suse.com/security/cve/CVE-2007-2798"
},
{
"category": "external",
"summary": "SUSE Bug 278689 for CVE-2007-2798",
"url": "https://bugzilla.suse.com/278689"
},
{
"category": "external",
"summary": "SUSE Bug 283681 for CVE-2007-2798",
"url": "https://bugzilla.suse.com/283681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2007-2798"
},
{
"cve": "CVE-2007-3999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3999"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3999",
"url": "https://www.suse.com/security/cve/CVE-2007-3999"
},
{
"category": "external",
"summary": "SUSE Bug 302377 for CVE-2007-3999",
"url": "https://bugzilla.suse.com/302377"
},
{
"category": "external",
"summary": "SUSE Bug 305261 for CVE-2007-3999",
"url": "https://bugzilla.suse.com/305261"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2007-3999"
},
{
"cve": "CVE-2007-4000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-4000"
}
],
"notes": [
{
"category": "general",
"text": "The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the \"modify policy\" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-4000",
"url": "https://www.suse.com/security/cve/CVE-2007-4000"
},
{
"category": "external",
"summary": "SUSE Bug 302377 for CVE-2007-4000",
"url": "https://bugzilla.suse.com/302377"
},
{
"category": "external",
"summary": "SUSE Bug 305261 for CVE-2007-4000",
"url": "https://bugzilla.suse.com/305261"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2007-4000"
},
{
"cve": "CVE-2007-5894",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-5894"
}
],
"notes": [
{
"category": "general",
"text": "The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used. NOTE: the vendor disputes this issue, stating \" The \u0027length\u0027 variable is only uninitialized if \u0027auth_type\u0027 is neither the \u0027KERBEROS_V4\u0027 nor \u0027GSSAPI\u0027; this condition cannot occur in the unmodified source code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-5894",
"url": "https://www.suse.com/security/cve/CVE-2007-5894"
},
{
"category": "external",
"summary": "SUSE Bug 346745 for CVE-2007-5894",
"url": "https://bugzilla.suse.com/346745"
},
{
"category": "external",
"summary": "SUSE Bug 346749 for CVE-2007-5894",
"url": "https://bugzilla.suse.com/346749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2007-5894"
},
{
"cve": "CVE-2007-5902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-5902"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-5902",
"url": "https://www.suse.com/security/cve/CVE-2007-5902"
},
{
"category": "external",
"summary": "SUSE Bug 346747 for CVE-2007-5902",
"url": "https://bugzilla.suse.com/346747"
},
{
"category": "external",
"summary": "SUSE Bug 346749 for CVE-2007-5902",
"url": "https://bugzilla.suse.com/346749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2007-5902"
},
{
"cve": "CVE-2007-5971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-5971"
}
],
"notes": [
{
"category": "general",
"text": "Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-5971",
"url": "https://www.suse.com/security/cve/CVE-2007-5971"
},
{
"category": "external",
"summary": "SUSE Bug 346748 for CVE-2007-5971",
"url": "https://bugzilla.suse.com/346748"
},
{
"category": "external",
"summary": "SUSE Bug 346749 for CVE-2007-5971",
"url": "https://bugzilla.suse.com/346749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-5971"
},
{
"cve": "CVE-2007-5972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-5972"
}
],
"notes": [
{
"category": "general",
"text": "Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-5972",
"url": "https://www.suse.com/security/cve/CVE-2007-5972"
},
{
"category": "external",
"summary": "SUSE Bug 346749 for CVE-2007-5972",
"url": "https://bugzilla.suse.com/346749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2007-5972"
},
{
"cve": "CVE-2008-0062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0062"
}
],
"notes": [
{
"category": "general",
"text": "KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0062",
"url": "https://www.suse.com/security/cve/CVE-2008-0062"
},
{
"category": "external",
"summary": "SUSE Bug 361373 for CVE-2008-0062",
"url": "https://bugzilla.suse.com/361373"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-0062"
},
{
"cve": "CVE-2008-0947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0947"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0947",
"url": "https://www.suse.com/security/cve/CVE-2008-0947"
},
{
"category": "external",
"summary": "SUSE Bug 363151 for CVE-2008-0947",
"url": "https://bugzilla.suse.com/363151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-0947"
},
{
"cve": "CVE-2017-11368",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11368"
}
],
"notes": [
{
"category": "general",
"text": "In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11368",
"url": "https://www.suse.com/security/cve/CVE-2017-11368"
},
{
"category": "external",
"summary": "SUSE Bug 1049819 for CVE-2017-11368",
"url": "https://bugzilla.suse.com/1049819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-11368"
},
{
"cve": "CVE-2017-11462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11462"
}
],
"notes": [
{
"category": "general",
"text": "Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11462",
"url": "https://www.suse.com/security/cve/CVE-2017-11462"
},
{
"category": "external",
"summary": "SUSE Bug 1056995 for CVE-2017-11462",
"url": "https://bugzilla.suse.com/1056995"
},
{
"category": "external",
"summary": "SUSE Bug 1122468 for CVE-2017-11462",
"url": "https://bugzilla.suse.com/1122468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-11462"
},
{
"cve": "CVE-2018-5729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5729"
}
],
"notes": [
{
"category": "general",
"text": "MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5729",
"url": "https://www.suse.com/security/cve/CVE-2018-5729"
},
{
"category": "external",
"summary": "SUSE Bug 1076211 for CVE-2018-5729",
"url": "https://bugzilla.suse.com/1076211"
},
{
"category": "external",
"summary": "SUSE Bug 1083926 for CVE-2018-5729",
"url": "https://bugzilla.suse.com/1083926"
},
{
"category": "external",
"summary": "SUSE Bug 1122468 for CVE-2018-5729",
"url": "https://bugzilla.suse.com/1122468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5729"
},
{
"cve": "CVE-2021-36222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-36222"
}
],
"notes": [
{
"category": "general",
"text": "ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-36222",
"url": "https://www.suse.com/security/cve/CVE-2021-36222"
},
{
"category": "external",
"summary": "SUSE Bug 1188571 for CVE-2021-36222",
"url": "https://bugzilla.suse.com/1188571"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-36222"
},
{
"cve": "CVE-2021-37750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-37750"
}
],
"notes": [
{
"category": "general",
"text": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-37750",
"url": "https://www.suse.com/security/cve/CVE-2021-37750"
},
{
"category": "external",
"summary": "SUSE Bug 1189929 for CVE-2021-37750",
"url": "https://bugzilla.suse.com/1189929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:krb5-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-client-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-devel-32bit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-plugin-preauth-spake-1.19.2-2.2.x86_64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.aarch64",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.ppc64le",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.s390x",
"openSUSE Tumbleweed:krb5-server-1.19.2-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-37750"
}
]
}
FKIE_CVE-2008-0062
Vulnerability from fkie_nvd - Published: 2008-03-19 10:44 - Updated: 2025-04-09 00:30
Severity ?
Summary
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://docs.info.apple.com/article.html?artnum=307562 | Broken Link | |
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html | Mailing List | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html | Mailing List | |
| cve@mitre.org | http://marc.info/?l=bugtraq&m=130497213107107&w=2 | Mailing List | |
| cve@mitre.org | http://secunia.com/advisories/29420 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/29423 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/29424 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/29428 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/29435 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/29438 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/29450 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/29451 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/29457 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/29462 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/29464 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/29516 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/29663 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/30535 | Broken Link | |
| cve@mitre.org | http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html | Broken Link | |
| cve@mitre.org | http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html | Broken Link | |
| cve@mitre.org | http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt | Third Party Advisory | |
| cve@mitre.org | http://wiki.rpath.com/Advisories:rPSA-2008-0112 | Broken Link | |
| cve@mitre.org | http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112 | Broken Link | |
| cve@mitre.org | http://www.debian.org/security/2008/dsa-1524 | Third Party Advisory | |
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml | Third Party Advisory | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/895609 | Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2008:069 | Broken Link | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2008:070 | Broken Link | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2008:071 | Broken Link | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2008-0164.html | Broken Link | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2008-0180.html | Broken Link | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2008-0181.html | Broken Link | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2008-0182.html | Broken Link | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/489761 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/489883/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/493080/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/28303 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1019626 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/usn-587-1 | Third Party Advisory | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0009.html | Third Party Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0922/references | Broken Link | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0924/references | Broken Link | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/1102/references | Broken Link | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/1744 | Broken Link | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/41275 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496 | Broken Link | |
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html | Mailing List | |
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://docs.info.apple.com/article.html?artnum=307562 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=130497213107107&w=2 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29420 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29423 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29424 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29428 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29435 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29438 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29450 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29451 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29457 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29462 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29464 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29516 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29663 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30535 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/Advisories:rPSA-2008-0112 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1524 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/895609 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:069 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:070 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:071 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2008-0164.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2008-0180.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2008-0181.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2008-0182.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/489761 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/489883/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/493080/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28303 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1019626 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-587-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0009.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0922/references | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0924/references | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1102/references | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1744 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/41275 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html | Mailing List |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mit | kerberos_5 | * | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 4.0 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 6.10 | |
| canonical | ubuntu_linux | 7.04 | |
| canonical | ubuntu_linux | 7.10 | |
| fedoraproject | fedora | 7 | |
| fedoraproject | fedora | 8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "904FBF9F-9269-4088-BD5A-3C773E6F841E",
"versionEndIncluding": "1.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EFD171-01F7-450B-B6F3-0F7E443A2337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*",
"matchCriteriaId": "72E4DB7F-07C3-46BB-AAA2-05CD0312C57F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free."
},
{
"lang": "es",
"value": "KDC en MIT Kerberos 5 (krb5kdc) no fija variable global alguna para determinados tipos de mensaje krb4, la cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n mediante mensajes manipulados que disparan una referencia a un puntero nulo o doble liberaci\u00f3n de memoria (double-free)."
}
],
"id": "CVE-2008-0062",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2008-03-19T10:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29423"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29424"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29428"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29435"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29438"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29450"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29451"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29457"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29462"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29464"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29516"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29663"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/30535"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0112"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1524"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/895609"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:069"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:070"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:071"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0164.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0180.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0181.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0182.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/489761"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/489883/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/28303"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1019626"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-587-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/0922/references"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/1102/references"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41275"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/30535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/895609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0164.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0180.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0181.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0182.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/489761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/489883/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/28303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1019626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-587-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/0922/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/1102/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…