Fedora Core 3: 2005-270 Moderate: Kerberos Telnet Client Buffer Overflow

Kerberos V5 is a trusted-third-party network authentication system,

which can improve your network's security by eliminating the insecure

practice of cleartext passwords.

Updated krb5 packages which fix two buffer overflow vulnerabilities

in the included Kerberos-aware telnet client are now available.

Kerberos is a networked authentication system which uses a trusted

third party (a KDC) to authenticate clients and servers to each

other.

The krb5-workstation package includes a Kerberos-aware telnet client.

Two buffer overflow flaws were discovered in the way the telnet

client handles messages from a server. An attacker may be able to

execute arbitrary code on a victim's machine if the victim can be

tricked into connecting to a malicious telnet server. The Common

Vulnerabilities and Exposures project (cve.mitre.org) has assigned

the names CAN-2005-0468 and CAN-2005-0469 to these issues.

- rebuild

* Wed Mar 23 2005 Nalin Dahyabhai 1.3.6-4

- drop krshd patch

* Thu Mar 17 2005 Nalin Dahyabhai

- add draft fix from Tom Yu for slc_add_reply() buffer overflow (CAN-2005-0469)

- add draft fix from Tom Yu for env_opt_add() buffer overflow (CAN-2005-0468)

15bad9c44ba4da14de7d5527a02c1a90 SRPMS/krb5-1.3.6-5.src.rpm

41314d054ab13a935cd57466a99bb03e x86_64/krb5-devel-1.3.6-5.x86_64.rpm

c99ffb83d090d156e59a0348e8162b6e x86_64/krb5-libs-1.3.6-5.x86_64.rpm

9ed53c214ae3b20aa8cb3a3f339b46ad x86_64/krb5-server-1.3.6-5.x86_64.rpm

1f03b24107cb22cfca368d59fb9c40ee x86_64/krb5-workstation-1.3.6-5.x86_64.rpm

0c354d4e12fcfe83c2cd6fbfb96abc16 x86_64/debug/krb5-debuginfo-1.3.6-5.x86_64.rpm

f07344531de5e52ff9b5a0d20bdc91be x86_64/krb5-libs-1.3.6-5.i386.rpm

0af73edbe1464ecceaf3a30789c5d400 i386/krb5-devel-1.3.6-5.i386.rpm

f07344531de5e52ff9b5a0d20bdc91be i386/krb5-libs-1.3.6-5.i386.rpm

d737538d9eb42347efc297930f17241c i386/krb5-server-1.3.6-5.i386.rpm

92a3d0a3000bd0a78abcf11da80009ba i386/krb5-workstation-1.3.6-5.i386.rpm

d8b1635e05c1b0bb6d76cb9f7a810d78 i386/debug/krb5-debuginfo-1.3.6-5.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command. =20

Content-Type: application/pgp-signature

Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCSavTN5vOV3hoi/URAkoCAJ44iybctytWmBWfgQoQrtxqz3ANbgCdEu9s

PInaD8lPxRUcZmfk0+zMiMU=Qej8

-----END PGP SIGNATURE-------hHWLQfXTYDoKhP50--

--===============1155866446=Content-Type: text/plain; charset="us-ascii"

MIME-Version: 1.0

Content-Transfer-Encoding: 7bit

Content-Disposition: inline

--fedora-announce-list mailing list

fedora-announce-list@redhat.com