Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora: FEDORA-2007-620 Critical Update for krb5 Buffer Overflow Issue

fedora
Calendar Grey June 29, 2007
Dist Fedora Esm H88
Mitigations for buffer overflow vulnerabilities and heap corruption in Fedora Core 5's krb5 are vital for enhancing network security and preventing exploits
This update incorporates fixes for a stack buffer overflow and heap corruption in the RPC library, and a fix for a potential stack buffer overflow in kadmind.

Summary

Kerberos V5 is a trusted-third-party network authentication system,

which can improve your network's security by eliminating the insecure

practice of cleartext passwords.

This update incorporates fixes for a stack buffer overflow

and heap corruption in the RPC library, and a fix for a

potential stack buffer overflow in kadmind.

- incorporate fixes for MITKRB5-SA-2007-004 (CVE-2007-2442,CVE-2007-2443)

and MITKRB5-SA-2007-005 (CVE-2007-2798)

* Tue Apr 3 2007 Nalin Dahyabhai 1.4.3-5.4

- add patch to correct unauthorized access via krb5-aware telnet

daemon (#229782, CVE-2007-0956)

- add patch to fix buffer overflow in krb5kdc and kadmind

(#231528, CVE-2007-0957)

- add patch to fix double-free in kadmind (#231537, CVE-2007-1216)

* Tue Jan 9 2007 Nalin Dahyabhai 1.4.3-5.3

- apply patch from Tom Yu to fix MITKRB-SA-2006-002 (CVE-2006-6143)

* Fri Aug 18 2006 Nalin Dahyabhai 1.4.3-5.2

- switch to the updated patch for MITKRB-SA-2006-001

* Tue Aug 8 2006 Nalin Dahyabhai 1.4.3-5.1

- apply patch to address MITKRB-SA-2006-001 (CVE-2006-3084)

* Fri Apr 14 2006 Stepan Kasal - 1.4.3-5

- Fix formatting typo in kinit.1 (krb5-kinit-man-typo.patch)

428f5a1a16f261507e780a7468adcf054534228a SRPMS/krb5-1.4.3-5.5.src.rpm

428f5a1a16f261507e780a7468adcf054534228a noarch/krb5-1.4.3-5.5.src.rpm

ae9338cee91736eab3a108b8713d4dce56e1e41e ppc/debug/krb5-debuginfo-1.4.3-5.5.ppc.rpm

7a6a044dbe79c2b1e52bb37493a125c81ec3d61a ppc/krb5-server-1.4.3-5.5.ppc.rpm

28f4db0ea0ee174c3d027b387e2dc1de3743920a ppc/krb5-libs-1.4.3-5.5.ppc.rpm

b2b2e49c40a4f2f9896e1968533df905c9bf5a17 ppc/krb5-workstation-1.4.3-5.5.ppc.rpm

d5138a1387d0c53555f30b62453c4acc48c3f850 ppc/krb5-devel-1.4.3-5.5.ppc.rpm

fb2b5ee96faeb4a32e5ebef492e3951f884be0b7 x86_64/debug/krb5-debuginfo-1.4.3-5.5.x86_64.rpm

c38ff027c2fc12e2f5574978d447d3312f46c083 x86_64/krb5-server-1.4.3-5.5.x86_64.rpm

ae8e4ccde571e411765b76813df63179cccb14b0 x86_64/krb5-libs-1.4.3-5.5.x86_64.rpm

a429a9a7e6bc3716bc3762aed47949aafce2fe93 x86_64/krb5-devel-1.4.3-5.5.x86_64.rpm

4097c5826880d51c689cc2ac9598865d2d963d2e x86_64/krb5-workstation-1.4.3-5.5.x86_64.rpm

dbfb9c6daf7737dba40ef46ee83311179664eddd i386/krb5-devel-1.4.3-5.5.i386.rpm

b1d93b42f28f0722f758493897ee8036cce1d8ab i386/krb5-server-1.4.3-5.5.i386.rpm

0d7d3f5d147c26f023e16c5c21f45716bfc04ab2 i386/krb5-libs-1.4.3-5.5.i386.rpm

08bb2e80ac94de576b5bc6129c329fed91e215c1 i386/krb5-workstation-1.4.3-5.5.i386.rpm

270cb51345181477d454f97015af76c5b303a25e i386/debug/krb5-debuginfo-1.4.3-5.5.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory fedora buffer overflow krb5 fix rpc library

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Name: krb5
Version: 1.4.3
Release: 5.5
Summary: The Kerberos network authentication system.

Topics%20covered

Topics Covered

security advisory fedora buffer overflow krb5 fix rpc library

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here