- Issued:
- 2007-11-15
- Updated:
- 2007-11-15
RHEA-2007:0788 - Product Enhancement Advisory
Synopsis
krb5 bug fix and enhancement update
Type/Severity
Product Enhancement Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated krb5 packages that fix various bugs and add enhancements are now
available.
Description
Kerberos is a trusted-third-party authentication system that allows
clients and servers to authenticate to each other using symmetric-key
encryption.
These updated packages fix the following bugs:
- the Kerberos FTP client leaked file descriptors when it failed to
download a file, causing sockets to be left open. Multiple failed attempts
increased the number of open sockets. In these updated packages the
Kerberos FTP client no longer leaks file descriptors.
- when the "runique" option is enabled in the Kerberos FTP client,
downloading multiple files using mget and a wildcard (ie "mget *") failed.
In these updated packages mget works correctly with "runique" enabled.
- the behavior of the "srvtab" keytab type was not consistent with the
"file" keytab type. Scanning keytabs and srvtabs that did not exist using
the "klist -k -t FILE:/tmp/does-not-exist" and "klist -k -t
SRVTAB:/tmp/does-not-exist" commands reported inconsistent errors. The
behavior of the "srvtab" keytab type is more consistent with the "file"
keytab type in these updated packages.
- a memory leak in credential caching has been resolved.
- missing white spaces caused words to run together in the kinit man page.
Words are correctly spaced in these updated packages.
- when kpasswd is run by a user who does not have a valid credential
cache, kpasswd fails with a "kpasswd: Bad format in credentials cache
getting principal from ccache" error. In these updated packages if a user
does not have a valid credential cache, kpasswd will convert the users UID
to a username and append the default realm name.
This update also adds the following enhancements:
- the Kerberos-aware rsh, rlogin, ftp, and telnet servers now use PAM to
perform session management. This allows process limits to be set using the
pam_limits.so module.
- time periods specified without any units are now treated as a number of
seconds rather than an invalid value. For example, the "kinit -l 3600"
command requests a ticket with a lifetime of 3600 seconds.
- services can now use keys with a version number of "0". This improves
compatibility with Microsoft Windows Server 2003 Domain Controllers.
All krb5 users are advised to upgrade to these updated packages, which
resolve these issues and add these enhancements.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Affected Products
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
Fixes
- BZ - 190104 - ftp leaks socket fds when it fails to open a file
- BZ - 190106 - ftp client: runique on stops mget from working
- BZ - 195923 - Backport from RHEL5: krb5-workstation's klogind needsto be pamified
- BZ - 197062 - kinit man page is missing some white spaces
- BZ - 197522 - Kerberos maximum ticket lifetime is 1 day
- BZ - 216649 - Memory leak in credential caching.
- BZ - 236896 - kpasswd insists on a valid credentials cache and doesn't use the UID
- BZ - 241806 - incorporate fixup for "any" keytab type
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 4
SRPM | |
---|---|
krb5-1.3.4-54.src.rpm | SHA-256: 9c239900b67a067a4924ed81ca19822ff54362f0ba172cb1e1987c7fb7c17ff6 |
x86_64 | |
krb5-devel-1.3.4-54.x86_64.rpm | SHA-256: ab5985f9f1edfabccf05c87979e40a5f4bf92550502e5016c9e60297d4340f27 |
krb5-devel-1.3.4-54.x86_64.rpm | SHA-256: ab5985f9f1edfabccf05c87979e40a5f4bf92550502e5016c9e60297d4340f27 |
krb5-libs-1.3.4-54.i386.rpm | SHA-256: 38e135ddc4a711bc6263f3a0febf3cb680a96008fcf40d5c7f6b8f642c3cef60 |
krb5-libs-1.3.4-54.i386.rpm | SHA-256: 38e135ddc4a711bc6263f3a0febf3cb680a96008fcf40d5c7f6b8f642c3cef60 |
krb5-libs-1.3.4-54.x86_64.rpm | SHA-256: b07a4428cfa1ee8b0012ec437858aae7075c30caf95bea201c59942130c39810 |
krb5-libs-1.3.4-54.x86_64.rpm | SHA-256: b07a4428cfa1ee8b0012ec437858aae7075c30caf95bea201c59942130c39810 |
krb5-server-1.3.4-54.x86_64.rpm | SHA-256: b40f634f90e1a978b00c0714b76be2cea6ecc8262d6bfdfd4d50335ae8866b84 |
krb5-server-1.3.4-54.x86_64.rpm | SHA-256: b40f634f90e1a978b00c0714b76be2cea6ecc8262d6bfdfd4d50335ae8866b84 |
krb5-workstation-1.3.4-54.x86_64.rpm | SHA-256: 8345c6c6b92392aea57e922a5d086c5aa285f46e89ff662c43730106282b68a6 |
krb5-workstation-1.3.4-54.x86_64.rpm | SHA-256: 8345c6c6b92392aea57e922a5d086c5aa285f46e89ff662c43730106282b68a6 |
ia64 | |
krb5-devel-1.3.4-54.ia64.rpm | SHA-256: aeb7864b422c2df185c17094390c773d0e8bc65de25a9b12174f1feab1a569dd |
krb5-devel-1.3.4-54.ia64.rpm | SHA-256: aeb7864b422c2df185c17094390c773d0e8bc65de25a9b12174f1feab1a569dd |
krb5-libs-1.3.4-54.i386.rpm | SHA-256: 38e135ddc4a711bc6263f3a0febf3cb680a96008fcf40d5c7f6b8f642c3cef60 |
krb5-libs-1.3.4-54.i386.rpm | SHA-256: 38e135ddc4a711bc6263f3a0febf3cb680a96008fcf40d5c7f6b8f642c3cef60 |
krb5-libs-1.3.4-54.ia64.rpm | SHA-256: 740badfd58734f21a06c3f732aecabbf983f285634a4760c15e6fa0ce9a48083 |
krb5-libs-1.3.4-54.ia64.rpm | SHA-256: 740badfd58734f21a06c3f732aecabbf983f285634a4760c15e6fa0ce9a48083 |
krb5-server-1.3.4-54.ia64.rpm | SHA-256: 52b809918fc15ad4b827e71ef410a34e9215a9af5804e9bf06a4544e400700a4 |
krb5-server-1.3.4-54.ia64.rpm | SHA-256: 52b809918fc15ad4b827e71ef410a34e9215a9af5804e9bf06a4544e400700a4 |
krb5-workstation-1.3.4-54.ia64.rpm | SHA-256: b91458b4d8e2bfc3043ea61d519d6e9e4dcef782ec65a823cc1948a9e67ad480 |
krb5-workstation-1.3.4-54.ia64.rpm | SHA-256: b91458b4d8e2bfc3043ea61d519d6e9e4dcef782ec65a823cc1948a9e67ad480 |
i386 | |
krb5-devel-1.3.4-54.i386.rpm | SHA-256: 2f64f8b311d794783ac87bfcdb2472af1e4363fdf8df81d40528ddbc82d09fa0 |
krb5-devel-1.3.4-54.i386.rpm | SHA-256: 2f64f8b311d794783ac87bfcdb2472af1e4363fdf8df81d40528ddbc82d09fa0 |
krb5-libs-1.3.4-54.i386.rpm | SHA-256: 38e135ddc4a711bc6263f3a0febf3cb680a96008fcf40d5c7f6b8f642c3cef60 |
krb5-libs-1.3.4-54.i386.rpm | SHA-256: 38e135ddc4a711bc6263f3a0febf3cb680a96008fcf40d5c7f6b8f642c3cef60 |
krb5-server-1.3.4-54.i386.rpm | SHA-256: 8e429184785fc5e6d8c039390c811366fd25bdb292f6aabdb7d7427f7d12732f |
krb5-server-1.3.4-54.i386.rpm | SHA-256: 8e429184785fc5e6d8c039390c811366fd25bdb292f6aabdb7d7427f7d12732f |
krb5-workstation-1.3.4-54.i386.rpm | SHA-256: a821b5ec859e22732ac68367605e95149b43fef4efb30a66a7dfcffdd7ea01d5 |
krb5-workstation-1.3.4-54.i386.rpm | SHA-256: a821b5ec859e22732ac68367605e95149b43fef4efb30a66a7dfcffdd7ea01d5 |
Red Hat Enterprise Linux Workstation 4
SRPM | |
---|---|
krb5-1.3.4-54.src.rpm | SHA-256: 9c239900b67a067a4924ed81ca19822ff54362f0ba172cb1e1987c7fb7c17ff6 |
x86_64 | |
krb5-devel-1.3.4-54.x86_64.rpm | SHA-256: ab5985f9f1edfabccf05c87979e40a5f4bf92550502e5016c9e60297d4340f27 |
krb5-libs-1.3.4-54.i386.rpm | SHA-256: 38e135ddc4a711bc6263f3a0febf3cb680a96008fcf40d5c7f6b8f642c3cef60 |
krb5-libs-1.3.4-54.x86_64.rpm | SHA-256: b07a4428cfa1ee8b0012ec437858aae7075c30caf95bea201c59942130c39810 |
krb5-server-1.3.4-54.x86_64.rpm | SHA-256: b40f634f90e1a978b00c0714b76be2cea6ecc8262d6bfdfd4d50335ae8866b84 |
krb5-workstation-1.3.4-54.x86_64.rpm | SHA-256: 8345c6c6b92392aea57e922a5d086c5aa285f46e89ff662c43730106282b68a6 |
ia64 | |
krb5-devel-1.3.4-54.ia64.rpm | SHA-256: aeb7864b422c2df185c17094390c773d0e8bc65de25a9b12174f1feab1a569dd |
krb5-libs-1.3.4-54.i386.rpm | SHA-256: 38e135ddc4a711bc6263f3a0febf3cb680a96008fcf40d5c7f6b8f642c3cef60 |
krb5-libs-1.3.4-54.ia64.rpm | SHA-256: 740badfd58734f21a06c3f732aecabbf983f285634a4760c15e6fa0ce9a48083 |
krb5-server-1.3.4-54.ia64.rpm | SHA-256: 52b809918fc15ad4b827e71ef410a34e9215a9af5804e9bf06a4544e400700a4 |
krb5-workstation-1.3.4-54.ia64.rpm | SHA-256: b91458b4d8e2bfc3043ea61d519d6e9e4dcef782ec65a823cc1948a9e67ad480 |
i386 | |
krb5-devel-1.3.4-54.i386.rpm | SHA-256: 2f64f8b311d794783ac87bfcdb2472af1e4363fdf8df81d40528ddbc82d09fa0 |
krb5-libs-1.3.4-54.i386.rpm | SHA-256: 38e135ddc4a711bc6263f3a0febf3cb680a96008fcf40d5c7f6b8f642c3cef60 |
krb5-server-1.3.4-54.i386.rpm | SHA-256: 8e429184785fc5e6d8c039390c811366fd25bdb292f6aabdb7d7427f7d12732f |
krb5-workstation-1.3.4-54.i386.rpm | SHA-256: a821b5ec859e22732ac68367605e95149b43fef4efb30a66a7dfcffdd7ea01d5 |
Red Hat Enterprise Linux Desktop 4
SRPM | |
---|---|
krb5-1.3.4-54.src.rpm | SHA-256: 9c239900b67a067a4924ed81ca19822ff54362f0ba172cb1e1987c7fb7c17ff6 |
x86_64 | |
krb5-devel-1.3.4-54.x86_64.rpm | SHA-256: ab5985f9f1edfabccf05c87979e40a5f4bf92550502e5016c9e60297d4340f27 |
krb5-libs-1.3.4-54.i386.rpm | SHA-256: 38e135ddc4a711bc6263f3a0febf3cb680a96008fcf40d5c7f6b8f642c3cef60 |
krb5-libs-1.3.4-54.x86_64.rpm | SHA-256: b07a4428cfa1ee8b0012ec437858aae7075c30caf95bea201c59942130c39810 |
krb5-server-1.3.4-54.x86_64.rpm | SHA-256: b40f634f90e1a978b00c0714b76be2cea6ecc8262d6bfdfd4d50335ae8866b84 |
krb5-workstation-1.3.4-54.x86_64.rpm | SHA-256: 8345c6c6b92392aea57e922a5d086c5aa285f46e89ff662c43730106282b68a6 |
i386 | |
krb5-devel-1.3.4-54.i386.rpm | SHA-256: 2f64f8b311d794783ac87bfcdb2472af1e4363fdf8df81d40528ddbc82d09fa0 |
krb5-libs-1.3.4-54.i386.rpm | SHA-256: 38e135ddc4a711bc6263f3a0febf3cb680a96008fcf40d5c7f6b8f642c3cef60 |
krb5-server-1.3.4-54.i386.rpm | SHA-256: 8e429184785fc5e6d8c039390c811366fd25bdb292f6aabdb7d7427f7d12732f |
krb5-workstation-1.3.4-54.i386.rpm | SHA-256: a821b5ec859e22732ac68367605e95149b43fef4efb30a66a7dfcffdd7ea01d5 |
Red Hat Enterprise Linux for IBM z Systems 4
SRPM | |
---|---|
krb5-1.3.4-54.src.rpm | SHA-256: 9c239900b67a067a4924ed81ca19822ff54362f0ba172cb1e1987c7fb7c17ff6 |
s390x | |
krb5-devel-1.3.4-54.s390x.rpm | SHA-256: 39943564b59072a0247126ab8f797844704b364fc0c48797abd8f7f2eba0661f |
krb5-libs-1.3.4-54.s390.rpm | SHA-256: 427e15df4dcd28456439f17d0b27e334a970bfbb5c361985c4a20dee8ff6588f |
krb5-libs-1.3.4-54.s390x.rpm | SHA-256: 3917112c1577d35c9b397a4977c341a4f6986f1a36a3f726f6ef66bd9c4de9a6 |
krb5-server-1.3.4-54.s390x.rpm | SHA-256: 14711b425d8407b0d6db1d07dff314189db99bc73ec028f3c18c91f4a8a824d7 |
krb5-workstation-1.3.4-54.s390x.rpm | SHA-256: 50fa66b6ad27804d56efc02f23f7e88660b1b0a8193ce931c508c368c93f322b |
s390 | |
krb5-devel-1.3.4-54.s390.rpm | SHA-256: c09eebd4ccb281fa0bd0fdc4b51bfeeee6f40724b1d6a81141b90cce429aed68 |
krb5-libs-1.3.4-54.s390.rpm | SHA-256: 427e15df4dcd28456439f17d0b27e334a970bfbb5c361985c4a20dee8ff6588f |
krb5-server-1.3.4-54.s390.rpm | SHA-256: 7a00c11001f04f471e825f3aa0a94a0ca2e36cbdba7e56871c20c9fd13a3b79b |
krb5-workstation-1.3.4-54.s390.rpm | SHA-256: 8093aa176fcda9e4aa3d623d62a7127615b225ff52618a1bff09377bf4404bc2 |
Red Hat Enterprise Linux for Power, big endian 4
SRPM | |
---|---|
krb5-1.3.4-54.src.rpm | SHA-256: 9c239900b67a067a4924ed81ca19822ff54362f0ba172cb1e1987c7fb7c17ff6 |
ppc | |
krb5-devel-1.3.4-54.ppc.rpm | SHA-256: 9a0e44ff5771a1f240513156302e39dc2cd00a0f264cbe89ac489cde7ad43479 |
krb5-libs-1.3.4-54.ppc.rpm | SHA-256: acd956f95b66084242bbdf4176eec003ea03126c38bae1fc1fb07a3a39b14a6e |
krb5-libs-1.3.4-54.ppc64.rpm | SHA-256: de505e0f64ecd1f5ddd80c3eccbd87831fb094fc7ab16fc11d103f97056c2262 |
krb5-server-1.3.4-54.ppc.rpm | SHA-256: 9f774c8776abd9fa8d3e86fda05410c375f7ce5a0627a3dd1d7709211e28683d |
krb5-workstation-1.3.4-54.ppc.rpm | SHA-256: 5c1f7c76d23635eba30501634e192f04d4862f314610644eabd002db960f6ff1 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.