Amazon Linux 1 Security Advisory: ALAS-2011-15
Advisory Release Date: 2011-10-31 18:26 Pacific
Advisory Updated Date: 2014-09-14 14:34 Pacific
Multiple NULL pointer dereference and assertion failure flaws were found in the MIT Kerberos KDC when it was configured to use an LDAP (Lightweight Directory Access Protocol) or Berkeley Database (Berkeley DB) back end. A remote attacker could use these flaws to crash the KDC. (CVE-2011-1527, CVE-2011-1528, CVE-2011-1529)
Affected Packages:
krb5
Issue Correction:
Run yum update krb5 to update your system.
i686:
krb5-devel-1.9-9.19.amzn1.i686
krb5-server-ldap-1.9-9.19.amzn1.i686
krb5-server-1.9-9.19.amzn1.i686
krb5-pkinit-openssl-1.9-9.19.amzn1.i686
krb5-libs-1.9-9.19.amzn1.i686
krb5-workstation-1.9-9.19.amzn1.i686
krb5-debuginfo-1.9-9.19.amzn1.i686
src:
krb5-1.9-9.19.amzn1.src
x86_64:
krb5-libs-1.9-9.19.amzn1.x86_64
krb5-server-1.9-9.19.amzn1.x86_64
krb5-debuginfo-1.9-9.19.amzn1.x86_64
krb5-server-ldap-1.9-9.19.amzn1.x86_64
krb5-workstation-1.9-9.19.amzn1.x86_64
krb5-devel-1.9-9.19.amzn1.x86_64
krb5-pkinit-openssl-1.9-9.19.amzn1.x86_64