krb5 (SL7) | Scientific Linux

Synopsis: Moderate: krb5 security, bug fix, and enhancement update
Advisory ID: SLSA-2018:0666-1
Issue Date: 2018-04-10
CVE Numbers: CVE-2017-11368
CVE-2017-7562
—

Security Fix(es):

* krb5: Authentication bypass by improper validation of certificate EKU
and SAN (CVE-2017-7562)

* krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure
(CVE-2017-11368)

Additional Changes:
—

SL7
x86_64
krb5-debuginfo-1.15.1-18.el7.i686.rpm
krb5-debuginfo-1.15.1-18.el7.x86_64.rpm
krb5-libs-1.15.1-18.el7.i686.rpm
krb5-libs-1.15.1-18.el7.x86_64.rpm
krb5-pkinit-1.15.1-18.el7.x86_64.rpm
krb5-workstation-1.15.1-18.el7.x86_64.rpm
libkadm5-1.15.1-18.el7.i686.rpm
libkadm5-1.15.1-18.el7.x86_64.rpm
krb5-devel-1.15.1-18.el7.i686.rpm
krb5-devel-1.15.1-18.el7.x86_64.rpm
krb5-server-1.15.1-18.el7.x86_64.rpm
krb5-server-ldap-1.15.1-18.el7.x86_64.rpm

– Scientific Linux Development Team

SL Security Errata