Bug Fix Advisory krb5 bug fix update

Advisory: RHBA-2008:0714-2
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2008-07-24
Last updated on: 2008-07-24
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
OVAL: N/A

Details

Updated krb5 packages that fix several bugs are now available.

Kerberos is a network authentication system, which allows clients and
servers to authenticate to each other through the use of symmetric
encryption and a trusted third party: the Key Distribution Center (KDC).

These updated packages fix the following bugs:

* the krb5 init scripts returned certain error codes that did not comply
with guidelines for various causes of failure. In these updated packages,
the init scripts have been updated to more closely conform to
distribution-wide guidelines.

* when a calling application supplied a zero-length password, and a
callback function to the krb5_get_init_creds_password() function, libkrb5
provided that callback function with a zero-length buffer in which to place
answers to any questions being asked. This may have denied users SSH access
if sshd was running with the "PermitEmptyPasswords yes" option configured
in "/etc/ssh/sshd_config". These updated packages included a backported fix
to resolve this issue.

* when replying to an AS request, the KDC incorrectly reported the client's
account expiration time, instead of the client's password expiration time,
frequently causing the client application to display an erroneous warning
to the user.

* due to a packaging error, RPM verification failed. RPM incorrectly
flagged, as a possible problem, that the contents of the "/etc/krb5.conf"
configuration file had changed, despite such changes being both expected
and normal.

Users of krb5 are advised to upgrade to these updated packages, which
resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 4)
SRPMS:
krb5-1.3.4-60.el4.src.rpm     96660d4d6d092119f784e57be8de98e0
 
IA-32:
krb5-devel-1.3.4-60.el4.i386.rpm     5bbb02066d87359de1799a226ece9f5d
krb5-libs-1.3.4-60.el4.i386.rpm     d7079bb954d75c9da9879641b734491f
krb5-server-1.3.4-60.el4.i386.rpm     45f98fe3fa4a359b43df07532294c8d6
krb5-workstation-1.3.4-60.el4.i386.rpm     84f9d9b6331e422eb3aeb775f5064b83
 
x86_64:
krb5-devel-1.3.4-60.el4.x86_64.rpm     f82969e7db6ea9ec0369064b85cb4828
krb5-libs-1.3.4-60.el4.i386.rpm     d7079bb954d75c9da9879641b734491f
krb5-libs-1.3.4-60.el4.x86_64.rpm     d86368666270583600676c7ad5d4538b
krb5-server-1.3.4-60.el4.x86_64.rpm     57b4ae3de3374e97df874b99d07a1c35
krb5-workstation-1.3.4-60.el4.x86_64.rpm     80e1173df41e1ab71dd67acbb0dcddbe
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
krb5-1.3.4-60.el4.src.rpm     96660d4d6d092119f784e57be8de98e0
 
IA-32:
krb5-devel-1.3.4-60.el4.i386.rpm     5bbb02066d87359de1799a226ece9f5d
krb5-libs-1.3.4-60.el4.i386.rpm     d7079bb954d75c9da9879641b734491f
krb5-server-1.3.4-60.el4.i386.rpm     45f98fe3fa4a359b43df07532294c8d6
krb5-workstation-1.3.4-60.el4.i386.rpm     84f9d9b6331e422eb3aeb775f5064b83
 
IA-64:
krb5-devel-1.3.4-60.el4.ia64.rpm     7bf14489cac0c0c73539ba329fd92ccc
krb5-libs-1.3.4-60.el4.i386.rpm     d7079bb954d75c9da9879641b734491f
krb5-libs-1.3.4-60.el4.ia64.rpm     e9b1b9bee4c4284478a88041b9b17a22
krb5-server-1.3.4-60.el4.ia64.rpm     092d578fbee225a9eda8a7a7b866b3b0
krb5-workstation-1.3.4-60.el4.ia64.rpm     b648a45e013f6a0eae4b58f9abd2cf88
 
PPC:
krb5-devel-1.3.4-60.el4.ppc.rpm     ae441330495ebd62d4a0e97f392c2a26
krb5-libs-1.3.4-60.el4.ppc.rpm     9c089f71d1ca1e0bb3abb28b3e293537
krb5-libs-1.3.4-60.el4.ppc64.rpm     2bc073229e6e288037a484d87884e035
krb5-server-1.3.4-60.el4.ppc.rpm     b0ad4fe82965fdda1cde3be5c29f062d
krb5-workstation-1.3.4-60.el4.ppc.rpm     db20045e7c53eed130397848bb7a64f0
 
s390:
krb5-devel-1.3.4-60.el4.s390.rpm     5e50bfb2823b5900328900d1f18359fc
krb5-libs-1.3.4-60.el4.s390.rpm     0ce6a7cd57ae459ab9cac45eb26ef5ce
krb5-server-1.3.4-60.el4.s390.rpm     ee9f0389bd379b8c5c1d9d79424b5911
krb5-workstation-1.3.4-60.el4.s390.rpm     18b3eb5df6b0b2d0c28e79cee96a1401
 
s390x:
krb5-devel-1.3.4-60.el4.s390x.rpm     50fd1d07176b981c4be2d027a2eb7715
krb5-libs-1.3.4-60.el4.s390.rpm     0ce6a7cd57ae459ab9cac45eb26ef5ce
krb5-libs-1.3.4-60.el4.s390x.rpm     f727e028f53b1f28575d31261e4f0fb2
krb5-server-1.3.4-60.el4.s390x.rpm     55e831b607dd05fb9dd01beacb9c7184
krb5-workstation-1.3.4-60.el4.s390x.rpm     77debf77c57a53a01d95ae05f5155622
 
x86_64:
krb5-devel-1.3.4-60.el4.x86_64.rpm     f82969e7db6ea9ec0369064b85cb4828
krb5-libs-1.3.4-60.el4.i386.rpm     d7079bb954d75c9da9879641b734491f
krb5-libs-1.3.4-60.el4.x86_64.rpm     d86368666270583600676c7ad5d4538b
krb5-server-1.3.4-60.el4.x86_64.rpm     57b4ae3de3374e97df874b99d07a1c35
krb5-workstation-1.3.4-60.el4.x86_64.rpm     80e1173df41e1ab71dd67acbb0dcddbe
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
krb5-1.3.4-60.el4.src.rpm     96660d4d6d092119f784e57be8de98e0
 
IA-32:
krb5-devel-1.3.4-60.el4.i386.rpm     5bbb02066d87359de1799a226ece9f5d
krb5-libs-1.3.4-60.el4.i386.rpm     d7079bb954d75c9da9879641b734491f
krb5-server-1.3.4-60.el4.i386.rpm     45f98fe3fa4a359b43df07532294c8d6
krb5-workstation-1.3.4-60.el4.i386.rpm     84f9d9b6331e422eb3aeb775f5064b83
 
IA-64:
krb5-devel-1.3.4-60.el4.ia64.rpm     7bf14489cac0c0c73539ba329fd92ccc
krb5-libs-1.3.4-60.el4.i386.rpm     d7079bb954d75c9da9879641b734491f
krb5-libs-1.3.4-60.el4.ia64.rpm     e9b1b9bee4c4284478a88041b9b17a22
krb5-server-1.3.4-60.el4.ia64.rpm     092d578fbee225a9eda8a7a7b866b3b0
krb5-workstation-1.3.4-60.el4.ia64.rpm     b648a45e013f6a0eae4b58f9abd2cf88
 
x86_64:
krb5-devel-1.3.4-60.el4.x86_64.rpm     f82969e7db6ea9ec0369064b85cb4828
krb5-libs-1.3.4-60.el4.i386.rpm     d7079bb954d75c9da9879641b734491f
krb5-libs-1.3.4-60.el4.x86_64.rpm     d86368666270583600676c7ad5d4538b
krb5-server-1.3.4-60.el4.x86_64.rpm     57b4ae3de3374e97df874b99d07a1c35
krb5-workstation-1.3.4-60.el4.x86_64.rpm     80e1173df41e1ab71dd67acbb0dcddbe
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
krb5-1.3.4-60.el4.src.rpm     96660d4d6d092119f784e57be8de98e0
 
IA-32:
krb5-devel-1.3.4-60.el4.i386.rpm     5bbb02066d87359de1799a226ece9f5d
krb5-libs-1.3.4-60.el4.i386.rpm     d7079bb954d75c9da9879641b734491f
krb5-server-1.3.4-60.el4.i386.rpm     45f98fe3fa4a359b43df07532294c8d6
krb5-workstation-1.3.4-60.el4.i386.rpm     84f9d9b6331e422eb3aeb775f5064b83
 
IA-64:
krb5-devel-1.3.4-60.el4.ia64.rpm     7bf14489cac0c0c73539ba329fd92ccc
krb5-libs-1.3.4-60.el4.i386.rpm     d7079bb954d75c9da9879641b734491f
krb5-libs-1.3.4-60.el4.ia64.rpm     e9b1b9bee4c4284478a88041b9b17a22
krb5-server-1.3.4-60.el4.ia64.rpm     092d578fbee225a9eda8a7a7b866b3b0
krb5-workstation-1.3.4-60.el4.ia64.rpm     b648a45e013f6a0eae4b58f9abd2cf88
 
x86_64:
krb5-devel-1.3.4-60.el4.x86_64.rpm     f82969e7db6ea9ec0369064b85cb4828
krb5-libs-1.3.4-60.el4.i386.rpm     d7079bb954d75c9da9879641b734491f
krb5-libs-1.3.4-60.el4.x86_64.rpm     d86368666270583600676c7ad5d4538b
krb5-server-1.3.4-60.el4.x86_64.rpm     57b4ae3de3374e97df874b99d07a1c35
krb5-workstation-1.3.4-60.el4.x86_64.rpm     80e1173df41e1ab71dd67acbb0dcddbe
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

242501 - Wrong init script
244645 - Problem for ssh for kerberos users with PermitEmptyPasswords yes
327521 - Rpm Verify Fails - krb5.conf needs %verify(not md5 size mtime) in %config
442772 - ftp case directive botches mget when mixed case filenames exit


Keywords

expiration, init, prompt, verify

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/