--------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated krb5 packages fix security issues Advisory ID: FLSA:154276 Issue date: 2005-07-24 Product: Red Hat Linux, Fedora Core Keywords: Bugfix CVE Names: CAN-2004-0523 CAN-2004-0642 CAN-2004-0643 CAN-2004-0644 CAN-2004-0772 CAN-2004-0971 CAN-2004-1189 CAN-2005-0468 CAN-2005-0469 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated Kerberos (krb5) packages that correct multiple security issues are now available. Kerberos is a networked authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other. Note that some of these issues have already been fixed in Fedora Core 1. Please refer to previous advisories for details. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 3. Problem description: Several buffer overflows were possible for all Kerberos versions up to and including 1.3.3 in the krb5_aname_to_localname library function. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0523 to this issue. Several double-free bugs were found in the Kerberos 5 KDC and libraries. A remote attacker could potentially exploit these flaws to execuate arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0642 and CAN-2004-0643 to these issues. A double-free bug was also found in the krb524 server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0772 to this issue. An infinite loop bug was found in the Kerberos 5 ASN.1 decoder library. A remote attacker may be able to trigger this flaw and cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0644 to this issue. A heap based buffer overflow bug was found in the administration library of Kerberos 1.3.5 and earlier. This bug could allow an authenticated remote attacker to execute arbitrary commands on a realm's master Kerberos KDC. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1189 to this issue. Additionally a temporary file bug was found in the Kerberos krb5-send-pr program. It is possible that an attacker could create a temporary file that would allow an arbitrary file to be overwritten which the victim has write access to. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0971 to this issue. The krb5-workstation package includes a Kerberos-aware telnet client. Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim's machine if the victim can be tricked into connecting to a malicious telnet server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0468 and CAN-2005-0469 to these issues. All users of krb5 should upgrade to these updated packages, which contain backported security patches to resolve these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154276 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/krb5-1.2.4-16.1.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/krb5-devel-1.2.4-16.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/krb5-libs-1.2.4-16.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/krb5-server-1.2.4-16.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/krb5-workstation-1.2.4-16.1.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/krb5-1.2.7-38.3.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/krb5-devel-1.2.7-38.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/krb5-libs-1.2.7-38.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/krb5-server-1.2.7-38.3.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/krb5-workstation-1.2.7-38.3.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/krb5-1.3.4-5.3.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/krb5-devel-1.3.4-5.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/krb5-libs-1.3.4-5.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/krb5-server-1.3.4-5.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/krb5-workstation-1.3.4-5.3.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 4fcc561d7f179fb0672b0f273043c272b790f423 redhat/7.3/updates/i386/krb5-devel-1.2.4-16.1.legacy.i386.rpm 07938a62bd7498733b3e535a381fe18223184eda redhat/7.3/updates/i386/krb5-libs-1.2.4-16.1.legacy.i386.rpm c81a4385ede484d89187d5836d49cacbc5655ee1 redhat/7.3/updates/i386/krb5-server-1.2.4-16.1.legacy.i386.rpm 568b4b641c2b9a54eafd14b4099bc72d49f02137 redhat/7.3/updates/i386/krb5-workstation-1.2.4-16.1.legacy.i386.rpm 4ee83ff2a6f0bd9bdbf0726ba2fd4acf6c5f43cc redhat/7.3/updates/SRPMS/krb5-1.2.4-16.1.legacy.src.rpm 0111aeb1c5946f18e8a48d1d27d8493c919ca936 redhat/9/updates/i386/krb5-devel-1.2.7-38.3.legacy.i386.rpm 35141598dbb9c60e8cd0b3f06b23528ee526bb46 redhat/9/updates/i386/krb5-libs-1.2.7-38.3.legacy.i386.rpm bcaf771e3de01b16e73327cc3643a2ebd4fda6dd redhat/9/updates/i386/krb5-server-1.2.7-38.3.legacy.i386.rpm 4b4b056d4abc0d69c14e7df45fa3b02e76db48fb redhat/9/updates/i386/krb5-workstation-1.2.7-38.3.legacy.i386.rpm ddc2bdafbecf5801a7238187936fee99966efc65 redhat/9/updates/SRPMS/krb5-1.2.7-38.3.legacy.src.rpm 389b8b7b2b59b4363f941e22213be5794e3321a0 fedora/1/updates/i386/krb5-devel-1.3.4-5.3.legacy.i386.rpm f0f7a0e7a002751d9ed19d2c573f9b332759ac00 fedora/1/updates/i386/krb5-libs-1.3.4-5.3.legacy.i386.rpm 8d685627a81c1cc51545e8d43db8c3f2acc4a520 fedora/1/updates/i386/krb5-server-1.3.4-5.3.legacy.i386.rpm 9aed15c515e7e319fe880b064ecc595565db6575 fedora/1/updates/i386/krb5-workstation-1.3.4-5.3.legacy.i386.rpm d8f81d57720d1b4c4fc393778f82d7119aeb209c fedora/1/updates/SRPMS/krb5-1.3.4-5.3.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum <filename> 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0523 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469 9. Contact: The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More project details at http://www.fedoralegacy.org ---------------------------------------------------------------------
Attachment:
signature.asc
Description: OpenPGP digital signature