---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: Mandriva update for krb5 SECUNIA ADVISORY ID: SA24979 VERIFY ADVISORY: http://secunia.com/advisories/24979/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system OPERATING SYSTEM: Mandriva Linux 2007 http://secunia.com/product/12165/ DESCRIPTION: Mandriva has issued an update for krb5. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges. The security issue is due to an error where modules are loaded from a certain potentially insecure location and can be exploited to execute arbitrary code with escalated privileges. SOLUTION: Apply updated packages. -- Mandriva Linux 2007.1 -- 1f920aac69205ebc55feb4483b88f1be 2007.1/i586/ftp-client-krb5-1.5.2-6.2mdv2007.1.i586.rpm 33c691d619af154edf28417b38c1ab90 2007.1/i586/ftp-server-krb5-1.5.2-6.2mdv2007.1.i586.rpm ffd93d8b493f4d3cad20d1387021ed91 2007.1/i586/krb5-server-1.5.2-6.2mdv2007.1.i586.rpm 5b1dde7e492cdd0fc5b131c4df008bf3 2007.1/i586/krb5-workstation-1.5.2-6.2mdv2007.1.i586.rpm f65941778953f0396f3307872d05e5ae 2007.1/i586/libkrb53-1.5.2-6.2mdv2007.1.i586.rpm a28df16eab4e38fa425ea8f2c0cd482d 2007.1/i586/libkrb53-devel-1.5.2-6.2mdv2007.1.i586.rpm a6866af02d2dcad5688a9a722c42abaf 2007.1/i586/telnet-client-krb5-1.5.2-6.2mdv2007.1.i586.rpm d950b8428b80b7aa72b8b62228616fab 2007.1/i586/telnet-server-krb5-1.5.2-6.2mdv2007.1.i586.rpm f3d13c1b5c10f990288e2bb1ae8fbec9 2007.1/SRPMS/krb5-1.5.2-6.2mdv2007.1.src.rpm -- Mandriva Linux 2007.1/X86_64 -- 84de03a0a6a6e943794ec27a67bbcefd 2007.1/x86_64/ftp-client-krb5-1.5.2-6.2mdv2007.1.x86_64.rpm 3f8e1a9bd6af23839750f6376dd5c7b4 2007.1/x86_64/ftp-server-krb5-1.5.2-6.2mdv2007.1.x86_64.rpm 0a0c097aea83b5e524a15706cd73bcd1 2007.1/x86_64/krb5-server-1.5.2-6.2mdv2007.1.x86_64.rpm 95c2232afc4394f48731c1f9410eea9d 2007.1/x86_64/krb5-workstation-1.5.2-6.2mdv2007.1.x86_64.rpm 6877a85fe2ce8766bba68090163fb67d 2007.1/x86_64/lib64krb53-1.5.2-6.2mdv2007.1.x86_64.rpm 19506808bf27f7eeac1bbdb5c0efa98c 2007.1/x86_64/lib64krb53-devel-1.5.2-6.2mdv2007.1.x86_64.rpm 147dec07b177c00284559c1d205779bb 2007.1/x86_64/telnet-client-krb5-1.5.2-6.2mdv2007.1.x86_64.rpm f133917514ef86be627e63debb1ca379 2007.1/x86_64/telnet-server-krb5-1.5.2-6.2mdv2007.1.x86_64.rpm f3d13c1b5c10f990288e2bb1ae8fbec9 2007.1/SRPMS/krb5-1.5.2-6.2mdv2007.1.src.rpm PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.mandriva.com/security/advisories?name=MDKA-2007:026 http://qa.mandriva.com/show_bug.cgi?id=30349 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------