MDKSA-2004:056 - Updated krb5 packages fix buffer overflow vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: krb5
Advisory ID: MDKSA-2004:056
Date: June 3rd, 2004
Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
Multiple buffer overflows exist in the krb5_aname_to_localname()
library function that if exploited could lead to unauthorized root
privileges. In order to exploit this flaw, an attacker must first
successfully authenticate to a vulnerable service, which must be
configured to enable the explicit mapping or rules-based mapping
functionality of krb5_aname_to_localname, which is not a default
configuration.
Mandrakesoft encourages all users to upgrade to these patched krb5
packages.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0523
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-001-an_to_ln.txt
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
3f69e19bae9dc3cb4ee59ca7d3be08ab
10.0/RPMS/ftp-client-krb5-1.3-6.1.100mdk.i586.rpm
6a1a0859a8aab0c4d0658209cb1b7f5c
10.0/RPMS/ftp-server-krb5-1.3-6.1.100mdk.i586.rpm
83159f49c7f5c143c5b7498153ec79e4 10.0/RPMS/krb5-server-1.3-6.1.100mdk.i586.rpm
674d93d2240afb54f579920b69484b34
10.0/RPMS/krb5-workstation-1.3-6.1.100mdk.i586.rpm
5e132ecbce927441c7be8e6004080535 10.0/RPMS/libkrb51-1.3-6.1.100mdk.i586.rpm
957327bc8dbd9c7176ac875828e39816
10.0/RPMS/libkrb51-devel-1.3-6.1.100mdk.i586.rpm
68890f7386b9d33d85f5c8ca0f527410
10.0/RPMS/telnet-client-krb5-1.3-6.1.100mdk.i586.rpm
0b507f70e638c93fd0897ff4a0b56e61
10.0/RPMS/telnet-server-krb5-1.3-6.1.100mdk.i586.rpm
990f44e1171410a8a4ff6f9b64a310c7 10.0/SRPMS/krb5-1.3-6.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
9c6e1a4aa3298fc26b743e89ba79fb50
amd64/10.0/RPMS/ftp-client-krb5-1.3-6.1.100mdk.amd64.rpm
dd30b5dcc6d6eafb252bea319c47cd72
amd64/10.0/RPMS/ftp-server-krb5-1.3-6.1.100mdk.amd64.rpm
be24d1822f4c56eb5d514eb7f4620e94
amd64/10.0/RPMS/krb5-server-1.3-6.1.100mdk.amd64.rpm
3315cd08b90a42876cb3fe0df8de7bc1
amd64/10.0/RPMS/krb5-workstation-1.3-6.1.100mdk.amd64.rpm
8003ae014ebe45ec26d332cec6a4e0d8
amd64/10.0/RPMS/lib64krb51-1.3-6.1.100mdk.amd64.rpm
5f45277c5f4979864a14753208762e29
amd64/10.0/RPMS/lib64krb51-devel-1.3-6.1.100mdk.amd64.rpm
3284ca83d423ad7cf00e9f6d7a6eb19f
amd64/10.0/RPMS/telnet-client-krb5-1.3-6.1.100mdk.amd64.rpm
963ad02887f98e59894e913f872eb623
amd64/10.0/RPMS/telnet-server-krb5-1.3-6.1.100mdk.amd64.rpm
990f44e1171410a8a4ff6f9b64a310c7 amd64/10.0/SRPMS/krb5-1.3-6.1.100mdk.src.rpm
Corporate Server 2.1:
28d17e73c658b4633dfb80dc5f9e79d0
corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.5.C21mdk.i586.rpm
6d3252882a56eedcf4c1d65d5187da65
corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.5.C21mdk.i586.rpm
392cf7a12b155a7e38a1fcbf57356453
corporate/2.1/RPMS/krb5-devel-1.2.5-1.5.C21mdk.i586.rpm
4c208f2cc19e6ceb06e7748e3589c6ac
corporate/2.1/RPMS/krb5-libs-1.2.5-1.5.C21mdk.i586.rpm
4f2574763f5cbc40b43e988016fa7ad5
corporate/2.1/RPMS/krb5-server-1.2.5-1.5.C21mdk.i586.rpm
3c13190ff1dab8751b49d5c3c9588681
corporate/2.1/RPMS/krb5-workstation-1.2.5-1.5.C21mdk.i586.rpm
0c048f9883ce94c1f677fcbfb61496dc
corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.5.C21mdk.i586.rpm
0d44ecccb454ade87808de678b060834
corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.5.C21mdk.i586.rpm
219e71f13c936d8d5f7cd14513dcb751
corporate/2.1/SRPMS/krb5-1.2.5-1.5.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
eab4f9bd5751049040cd9c9bd7492b08
x86_64/corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.5.C21mdk.x86_64.rpm
a36e3184a7130674020db161a03dc705
x86_64/corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.5.C21mdk.x86_64.rpm
22322929f255095b2d5f54d338ede660
x86_64/corporate/2.1/RPMS/krb5-devel-1.2.5-1.5.C21mdk.x86_64.rpm
eb09e34102ea6a43b914dedbcd0da178
x86_64/corporate/2.1/RPMS/krb5-libs-1.2.5-1.5.C21mdk.x86_64.rpm
783c614ed1dbbd2405c2e1a70703fc16
x86_64/corporate/2.1/RPMS/krb5-server-1.2.5-1.5.C21mdk.x86_64.rpm
de5a5456f79f795787c6e54a04b6c098
x86_64/corporate/2.1/RPMS/krb5-workstation-1.2.5-1.5.C21mdk.x86_64.rpm
c6b5b17261c7bffb8c5cdad1fc42d099
x86_64/corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.5.C21mdk.x86_64.rpm
250efd6fd7498de490681f257414d312
x86_64/corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.5.C21mdk.x86_64.rpm
219e71f13c936d8d5f7cd14513dcb751
x86_64/corporate/2.1/SRPMS/krb5-1.2.5-1.5.C21mdk.src.rpm
Mandrakelinux 9.1:
2ced4496f263fced47a1507a82c2cb1e
9.1/RPMS/ftp-client-krb5-1.2.7-1.2.91mdk.i586.rpm
cab37c9cf0b43e7b6686d7d52246fb38
9.1/RPMS/ftp-server-krb5-1.2.7-1.2.91mdk.i586.rpm
85f06e28d5866ca0019331f06128b9d9 9.1/RPMS/krb5-devel-1.2.7-1.2.91mdk.i586.rpm
7e5fdb86010a2beaca1096d7f5c5a9ec 9.1/RPMS/krb5-libs-1.2.7-1.2.91mdk.i586.rpm
a6262aca95a4dc7bfbea9b39cad4297e 9.1/RPMS/krb5-server-1.2.7-1.2.91mdk.i586.rpm
fee32c38e1c94a2b3d951b9eb2c22dae
9.1/RPMS/krb5-workstation-1.2.7-1.2.91mdk.i586.rpm
07bd644f73985078acae9e78b3efb570
9.1/RPMS/telnet-client-krb5-1.2.7-1.2.91mdk.i586.rpm
0288aecc76e64a0756d4c7c040859f5e
9.1/RPMS/telnet-server-krb5-1.2.7-1.2.91mdk.i586.rpm
c9cb232771f711d8dacb9a0247f0f446 9.1/SRPMS/krb5-1.2.7-1.2.91mdk.src.rpm
Mandrakelinux 9.1/PPC:
c15b924256dd15bb6251bbd476fd7b89
ppc/9.1/RPMS/ftp-client-krb5-1.2.7-1.2.91mdk.ppc.rpm
0505bac3bc6cfc52d25313cd8ed74ef8
ppc/9.1/RPMS/ftp-server-krb5-1.2.7-1.2.91mdk.ppc.rpm
803f513a08883b41aae1e25121a180fc
ppc/9.1/RPMS/krb5-devel-1.2.7-1.2.91mdk.ppc.rpm
5eb8abff903c9421b4c0e2e5f0a11273
ppc/9.1/RPMS/krb5-libs-1.2.7-1.2.91mdk.ppc.rpm
cd82456b41b41cc34b0f49c5062273e5
ppc/9.1/RPMS/krb5-server-1.2.7-1.2.91mdk.ppc.rpm
085d8b51236fca2fda043f4d05ff91ea
ppc/9.1/RPMS/krb5-workstation-1.2.7-1.2.91mdk.ppc.rpm
50bfa53e1d651b12e9c9896097eddbca
ppc/9.1/RPMS/telnet-client-krb5-1.2.7-1.2.91mdk.ppc.rpm
dfa7947c5210d71e2337a31efb55783c
ppc/9.1/RPMS/telnet-server-krb5-1.2.7-1.2.91mdk.ppc.rpm
c9cb232771f711d8dacb9a0247f0f446 ppc/9.1/SRPMS/krb5-1.2.7-1.2.91mdk.src.rpm
Mandrakelinux 9.2:
3c0064e8fcddb7d92c417d2de44832e6
9.2/RPMS/ftp-client-krb5-1.3-3.1.92mdk.i586.rpm
e8a49c0e3083aa62c78a166e13ad8de7
9.2/RPMS/ftp-server-krb5-1.3-3.1.92mdk.i586.rpm
684a31c9ad1b9cee39c354c24abd8c82 9.2/RPMS/krb5-server-1.3-3.1.92mdk.i586.rpm
9e2df5a8153c7f98252ba9ac8f328747
9.2/RPMS/krb5-workstation-1.3-3.1.92mdk.i586.rpm
36393ba65d19487fdddb561f3d410d34 9.2/RPMS/libkrb51-1.3-3.1.92mdk.i586.rpm
3ea03174e1b8d5034bcda9cff28ce46c
9.2/RPMS/libkrb51-devel-1.3-3.1.92mdk.i586.rpm
526f8a29e2f79646046f67f7e91de657
9.2/RPMS/telnet-client-krb5-1.3-3.1.92mdk.i586.rpm
0ee4ff655a48b36a3caf6b4fc9e58e7b
9.2/RPMS/telnet-server-krb5-1.3-3.1.92mdk.i586.rpm
97a04b5c44799791eb1574d72a77dd5a 9.2/SRPMS/krb5-1.3-3.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
dd21326a798dff0e4f18c98d1ee1b25b
amd64/9.2/RPMS/ftp-client-krb5-1.3-3.1.92mdk.amd64.rpm
59e661a9d5e28a1662b4278b4099be3e
amd64/9.2/RPMS/ftp-server-krb5-1.3-3.1.92mdk.amd64.rpm
e1882034fd1c6a6956c1c36f044bd50a
amd64/9.2/RPMS/krb5-server-1.3-3.1.92mdk.amd64.rpm
cabea2b50a85c472ff5c252c4a3b65f5
amd64/9.2/RPMS/krb5-workstation-1.3-3.1.92mdk.amd64.rpm
5ebc0da84930676585725ddebc21ace3
amd64/9.2/RPMS/lib64krb51-1.3-3.1.92mdk.amd64.rpm
06f1e9bfe725e320666a51bd217b067b
amd64/9.2/RPMS/lib64krb51-devel-1.3-3.1.92mdk.amd64.rpm
0c3c7637de54d9291c1886be3ac09ac1
amd64/9.2/RPMS/telnet-client-krb5-1.3-3.1.92mdk.amd64.rpm
876cd2e1bc605b8379183a5a7d53334f
amd64/9.2/RPMS/telnet-server-krb5-1.3-3.1.92mdk.amd64.rpm
97a04b5c44799791eb1574d72a77dd5a amd64/9.2/SRPMS/krb5-1.3-3.1.92mdk.src.rpm
Multi Network Firewall 8.2:
e469005862622993d741efe18a973b4f
mnf8.2/RPMS/krb5-libs-1.2.2-17.6.M82mdk.i586.rpm
007a6133daaec5e1c699ba303651f627 mnf8.2/SRPMS/krb5-1.2.2-17.6.M82mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFAv6LEmqjQ0CJFipgRAmP2AJ9yz70XbcN/fd6EjyQcyQbyoddqEACg59bD
1nsN3/ilgIlGelRpvf4eJqw=
=EigO
-----END PGP SIGNATURE-----