- Issued:
- 2006-03-15
- Updated:
- 2006-03-15
RHEA-2006:0080 - Product Enhancement Advisory
Synopsis
krb5 enhancement update
Type/Severity
Product Enhancement Advisory
Topic
Updated krb5-workstation packages which correctly transfer large files
using rcp, handle login passwords more than eight characters long, and
which reduce potential stalls in the rsh client and server are now available.
Description
Kerberos 5 is a networked authentication system in which clients and
servers authenticate to each other using symmetric keys and a trusted third
party.
The krb5-workstation package contains modified versions of the standard
rsh, rcp, and telnet clients and servers which make use of Kerberos for
authentication and which optionally provide encryption of data which is
sent over the network.
In situations where the rsh client and server are both attempting to send
large amounts of data over the network at the same time, it is possible for
both processes to block while waiting for the other to receive data.
In situations where the file being copied by rcp was larger than 2GB in
size, it would not be transferred correctly.
When falling back to password-based authentication, login would incorrectly
compute the hash of a user's password if it was more than eight characters
long and deny access.
The ksu application was previously installed without the setuid bit set.
Binaries were mistakenly being stripped of debugging information too early
during the package creation process, leaving no useful information for
inclusion in the krb5-debuginfo package.
Users are advised to upgrade to these updated packages, which incorporate
changes which resolve or reduce the likelihood of these occurrences.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
Affected Products
- Red Hat Enterprise Linux Server 3 x86_64
- Red Hat Enterprise Linux Server 3 ia64
- Red Hat Enterprise Linux Server 3 i386
- Red Hat Enterprise Linux Workstation 3 x86_64
- Red Hat Enterprise Linux Workstation 3 ia64
- Red Hat Enterprise Linux Workstation 3 i386
- Red Hat Enterprise Linux Desktop 3 x86_64
- Red Hat Enterprise Linux Desktop 3 i386
- Red Hat Enterprise Linux for IBM z Systems 3 s390x
- Red Hat Enterprise Linux for IBM z Systems 3 s390
- Red Hat Enterprise Linux for Power, big endian 3 ppc
Fixes
- BZ - 149476 - Telnet Daemon provided by krb5-workstation does not process logins with passwords longer then 8 Characters
- BZ - 165032 - kerberized rcp can't copy files over 2GB
- BZ - 171680 - -debuginfo packages useless because make install strips
CVEs
(none)
References
(none)
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.