--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-6279
2009-06-15 22:05:02
--------------------------------------------------------------------------------

Name        : pam_krb5
Product     : Fedora 9
Version     : 2.3.5
Release     : 1.fc9
URL         : https://fedoraproject.org/wiki/Infrastructure/Fedorahosted-retirement
Summary     : A Pluggable Authentication Module for Kerberos 5.
Description :
This is pam_krb5, a pluggable authentication module that can be used with
Linux-PAM and Kerberos 5. This module supports password checking, ticket
creation, and optional TGT verification and conversion to Kerberos IV tickets.
The included pam_krb5afs module also gets AFS tokens if so configured.

--------------------------------------------------------------------------------
Update Information:

This updates the pam_krb5 package from version 2.3.2 to 2.3.5, fixing
CVE-2009-1384: in certain configurations, the password prompt could vary
depending on whether or not the user account was known to the system or the KDC.
It also fixes a bug which prevented password change attempts from working if the
KDC denied requests for password-changing credentials with settings which would
be used for login credentials, and makes the "-n" option for the "afs5log"
command work as advertised.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 26 2009 Nalin Dahyabhai  - 2.3.5-1
- catch the case where we pass a NULL initial password into libkrb5 and
  it uses our callback to ask us for the password for the user using a
  principal name, and reject that (#502602)
- always prompt for a password unless we were told not to (#502602,
  CVE-2009-1384)
* Wed Mar  4 2009 Nalin Dahyabhai  - 2.3.4-1
- don't request password-changing credentials with the same options that we
  use when requesting ticket granting tickets, which might run afoul of KDC
  policies
* Thu Feb 26 2009 Fedora Release Engineering  - 2.3.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Fri Feb  6 2009 Nalin Dahyabhai  - 2.3.3-1
- clean up a couple of debug messages
* Fri Feb  6 2009 Nalin Dahyabhai 
- clean up a couple of unclosed pipes to nowhere
* Wed Oct  1 2008 Nalin Dahyabhai  - 2.3.2-1
- fix ccache permissions bypass when the "existing_ticket" option is used
  (CVE-2008-3825)
* Wed Aug 27 2008 Tom "spot" Callaway  - 2.3.0-2
- fix license tag
* Wed Apr  9 2008 Nalin Dahyabhai  - 2.3.1-1
- don't bother trying to set up a temporary v4 ticket file during session open
  unless we obtained v4 creds somewhere
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #502602 - CVE-2009-1384 pam_krb5: Password prompt varies for existent and non-existent users        https://bugzilla.redhat.com/show_bug.cgi?id=502602
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update pam_krb5' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce

Fedora 9 Update: pam_krb5-2.3.5-1.fc9

June 26, 2009
This updates the pam_krb5 package from version 2.3.2 to 2.3.5, fixing CVE-2009-1384: in certain configurations, the password prompt could vary depending on whether or not the user...

Summary

This is pam_krb5, a pluggable authentication module that can be used with

Linux-PAM and Kerberos 5. This module supports password checking, ticket

creation, and optional TGT verification and conversion to Kerberos IV tickets.

The included pam_krb5afs module also gets AFS tokens if so configured.

Update Information:

This updates the pam_krb5 package from version 2.3.2 to 2.3.5, fixing CVE-2009-1384: in certain configurations, the password prompt could vary depending on whether or not the user account was known to the system or the KDC. It also fixes a bug which prevented password change attempts from working if the KDC denied requests for password-changing credentials with settings which would be used for login credentials, and makes the "-n" option for the "afs5log" command work as advertised.

Change Log

* Tue May 26 2009 Nalin Dahyabhai - 2.3.5-1 - catch the case where we pass a NULL initial password into libkrb5 and it uses our callback to ask us for the password for the user using a principal name, and reject that (#502602) - always prompt for a password unless we were told not to (#502602, CVE-2009-1384) * Wed Mar 4 2009 Nalin Dahyabhai - 2.3.4-1 - don't request password-changing credentials with the same options that we use when requesting ticket granting tickets, which might run afoul of KDC policies * Thu Feb 26 2009 Fedora Release Engineering - 2.3.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Fri Feb 6 2009 Nalin Dahyabhai - 2.3.3-1 - clean up a couple of debug messages * Fri Feb 6 2009 Nalin Dahyabhai - clean up a couple of unclosed pipes to nowhere * Wed Oct 1 2008 Nalin Dahyabhai - 2.3.2-1 - fix ccache permissions bypass when the "existing_ticket" option is used (CVE-2008-3825) * Wed Aug 27 2008 Tom "spot" Callaway - 2.3.0-2 - fix license tag * Wed Apr 9 2008 Nalin Dahyabhai - 2.3.1-1 - don't bother trying to set up a temporary v4 ticket file during session open unless we obtained v4 creds somewhere

References

[ 1 ] Bug #502602 - CVE-2009-1384 pam_krb5: Password prompt varies for existent and non-existent users https://bugzilla.redhat.com/show_bug.cgi?id=502602

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update pam_krb5' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : pam_krb5
Product : Fedora 9
Version : 2.3.5
Release : 1.fc9
URL : https://fedoraproject.org/wiki/Infrastructure/Fedorahosted-retirement
Summary : A Pluggable Authentication Module for Kerberos 5.

Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap
5.ShakingHands Esm H320
3 - 5 min read
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This
18.WifiCutout Landscape Esm H320
2 - 3 min read
A novel attack called TunnelVision has been discovered. It compromises the security of virtually all VPN apps, rendering their purpose useless. The
21.Globe RadiatingCode Esm H320
2 - 3 min read
The recent discovery of a backdoor in XZ Utils , a widely used Linux tool, raises concerns about the security of the open-source ecosystem. While

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved