Security Advisory krb5 security update

Advisory: RHSA-2005:045-13
Type: Security Advisory
Severity: Moderate
Issued on: 2005-02-15
Last updated on: 2005-02-15
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
OVAL: N/A
CVEs (cve.mitre.org): CVE-2004-1189

Details

Updated Kerberos (krb5) packages that correct a buffer overflow bug are now
available for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

Kerberos is a networked authentication system that uses a trusted third
party (a KDC) to authenticate clients and servers to each other.

A heap based buffer overflow bug was found in the administration library of
Kerberos 1.3.5 and earlier. This bug could allow an authenticated remote
attacker to execute arbitrary commands on a realm's master Kerberos KDC.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1189 to this issue.

All users of krb5 should upgrade to these updated packages, which contain
backported security patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 4)
SRPMS:
krb5-1.3.4-10.src.rpm     d6d9c9ec9e80975fa043edcfe302c0dc
 
IA-32:
krb5-devel-1.3.4-10.i386.rpm
File outdated by:  RHBA-2009:0997		     78799ca1e8c98f8fcb00209b46dfce41
krb5-libs-1.3.4-10.i386.rpm
File outdated by:  RHBA-2009:0997		     840838ec3616305979c304fda0e8d7fe
krb5-server-1.3.4-10.i386.rpm
File outdated by:  RHBA-2009:0997		     41539a24d42aded4759aea32192ac1d6
krb5-workstation-1.3.4-10.i386.rpm
File outdated by:  RHBA-2009:0997		     0cffdea74c77bf39d41ee5ea93976f01
 
x86_64:
krb5-devel-1.3.4-10.x86_64.rpm
File outdated by:  RHBA-2009:0997		     9108d9950729adeb09f3ad103cec7381
krb5-libs-1.3.4-10.i386.rpm
File outdated by:  RHBA-2009:0997		     840838ec3616305979c304fda0e8d7fe
krb5-libs-1.3.4-10.x86_64.rpm
File outdated by:  RHBA-2009:0997		     8e5f807f0aa56cb4111fb26a6e36badd
krb5-server-1.3.4-10.x86_64.rpm
File outdated by:  RHBA-2009:0997		     1e52826d2c9770b1e57b94d2083a14dd
krb5-workstation-1.3.4-10.x86_64.rpm
File outdated by:  RHBA-2009:0997		     627d3c67962cd3410fa410543a849116
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
krb5-1.3.4-10.src.rpm     d6d9c9ec9e80975fa043edcfe302c0dc
 
IA-32:
krb5-devel-1.3.4-10.i386.rpm
File outdated by:  RHBA-2009:0997		     78799ca1e8c98f8fcb00209b46dfce41
krb5-libs-1.3.4-10.i386.rpm
File outdated by:  RHBA-2009:0997		     840838ec3616305979c304fda0e8d7fe
krb5-server-1.3.4-10.i386.rpm
File outdated by:  RHBA-2009:0997		     41539a24d42aded4759aea32192ac1d6
krb5-workstation-1.3.4-10.i386.rpm
File outdated by:  RHBA-2009:0997		     0cffdea74c77bf39d41ee5ea93976f01
 
IA-64:
krb5-devel-1.3.4-10.ia64.rpm
File outdated by:  RHBA-2009:0997		     14ecc7c0ece19e49b7cc6bd7c5858949
krb5-libs-1.3.4-10.i386.rpm
File outdated by:  RHBA-2009:0997		     840838ec3616305979c304fda0e8d7fe
krb5-libs-1.3.4-10.ia64.rpm
File outdated by:  RHBA-2009:0997		     fdd4eed7c2481af9d3ffb2d41c3f07f9
krb5-server-1.3.4-10.ia64.rpm
File outdated by:  RHBA-2009:0997		     5d6d33738eb5a7ab0063a72ce3adc94c
krb5-workstation-1.3.4-10.ia64.rpm
File outdated by:  RHBA-2009:0997		     03038d68414e227a70916fa8355ef7e9
 
PPC:
krb5-devel-1.3.4-10.ppc.rpm
File outdated by:  RHBA-2009:0997		     d0adec45ee8e0a5bda3b97f6f68a5199
krb5-libs-1.3.4-10.ppc.rpm
File outdated by:  RHBA-2009:0997		     16790be4051537f2656459da6a37067c
krb5-libs-1.3.4-10.ppc64.rpm
File outdated by:  RHBA-2009:0997		     896c76f83d8f4234e926709d806f6254
krb5-server-1.3.4-10.ppc.rpm
File outdated by:  RHBA-2009:0997		     b2fd65dbd28b0ec275f4a37c86f557d7
krb5-workstation-1.3.4-10.ppc.rpm
File outdated by:  RHBA-2009:0997		     c1b37834a125fad0ae9f3f4cf9d17ae0
 
s390:
krb5-devel-1.3.4-10.s390.rpm
File outdated by:  RHBA-2009:0997		     567fe5f87682f08910e9771eb90036dd
krb5-libs-1.3.4-10.s390.rpm
File outdated by:  RHBA-2009:0997		     c42bbb32fceaca6aae6ba4a42f821245
krb5-server-1.3.4-10.s390.rpm
File outdated by:  RHBA-2009:0997		     04d67d9043a1e7ac33e00caeaed7b880
krb5-workstation-1.3.4-10.s390.rpm
File outdated by:  RHBA-2009:0997		     2669caea6f3d4b583e2a85dd3e1b9c03
 
s390x:
krb5-devel-1.3.4-10.s390x.rpm
File outdated by:  RHBA-2009:0997		     96192adee5cd4cc22aacede6d1622700
krb5-libs-1.3.4-10.s390.rpm
File outdated by:  RHBA-2009:0997		     c42bbb32fceaca6aae6ba4a42f821245
krb5-libs-1.3.4-10.s390x.rpm
File outdated by:  RHBA-2009:0997		     dabae34a4365ed7506965c0f225bb640
krb5-server-1.3.4-10.s390x.rpm
File outdated by:  RHBA-2009:0997		     ab19809471f301094225c850e6a46024
krb5-workstation-1.3.4-10.s390x.rpm
File outdated by:  RHBA-2009:0997		     5d685ebb30c8889f86171dd7c16d6606
 
x86_64:
krb5-devel-1.3.4-10.x86_64.rpm
File outdated by:  RHBA-2009:0997		     9108d9950729adeb09f3ad103cec7381
krb5-libs-1.3.4-10.i386.rpm
File outdated by:  RHBA-2009:0997		     840838ec3616305979c304fda0e8d7fe
krb5-libs-1.3.4-10.x86_64.rpm
File outdated by:  RHBA-2009:0997		     8e5f807f0aa56cb4111fb26a6e36badd
krb5-server-1.3.4-10.x86_64.rpm
File outdated by:  RHBA-2009:0997		     1e52826d2c9770b1e57b94d2083a14dd
krb5-workstation-1.3.4-10.x86_64.rpm
File outdated by:  RHBA-2009:0997		     627d3c67962cd3410fa410543a849116
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
krb5-1.3.4-10.src.rpm     d6d9c9ec9e80975fa043edcfe302c0dc
 
IA-32:
krb5-devel-1.3.4-10.i386.rpm
File outdated by:  RHBA-2009:0997		     78799ca1e8c98f8fcb00209b46dfce41
krb5-libs-1.3.4-10.i386.rpm
File outdated by:  RHBA-2009:0997		     840838ec3616305979c304fda0e8d7fe
krb5-server-1.3.4-10.i386.rpm
File outdated by:  RHBA-2009:0997		     41539a24d42aded4759aea32192ac1d6
krb5-workstation-1.3.4-10.i386.rpm
File outdated by:  RHBA-2009:0997		     0cffdea74c77bf39d41ee5ea93976f01
 
IA-64:
krb5-devel-1.3.4-10.ia64.rpm
File outdated by:  RHBA-2009:0997		     14ecc7c0ece19e49b7cc6bd7c5858949
krb5-libs-1.3.4-10.i386.rpm
File outdated by:  RHBA-2009:0997		     840838ec3616305979c304fda0e8d7fe
krb5-libs-1.3.4-10.ia64.rpm
File outdated by:  RHBA-2009:0997		     fdd4eed7c2481af9d3ffb2d41c3f07f9
krb5-server-1.3.4-10.ia64.rpm
File outdated by:  RHBA-2009:0997		     5d6d33738eb5a7ab0063a72ce3adc94c
krb5-workstation-1.3.4-10.ia64.rpm
File outdated by:  RHBA-2009:0997		     03038d68414e227a70916fa8355ef7e9
 
x86_64:
krb5-devel-1.3.4-10.x86_64.rpm
File outdated by:  RHBA-2009:0997		     9108d9950729adeb09f3ad103cec7381
krb5-libs-1.3.4-10.i386.rpm
File outdated by:  RHBA-2009:0997		     840838ec3616305979c304fda0e8d7fe
krb5-libs-1.3.4-10.x86_64.rpm
File outdated by:  RHBA-2009:0997		     8e5f807f0aa56cb4111fb26a6e36badd
krb5-server-1.3.4-10.x86_64.rpm
File outdated by:  RHBA-2009:0997		     1e52826d2c9770b1e57b94d2083a14dd
krb5-workstation-1.3.4-10.x86_64.rpm
File outdated by:  RHBA-2009:0997		     627d3c67962cd3410fa410543a849116
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
krb5-1.3.4-10.src.rpm     d6d9c9ec9e80975fa043edcfe302c0dc
 
IA-32:
krb5-devel-1.3.4-10.i386.rpm
File outdated by:  RHBA-2009:0997		     78799ca1e8c98f8fcb00209b46dfce41
krb5-libs-1.3.4-10.i386.rpm
File outdated by:  RHBA-2009:0997		     840838ec3616305979c304fda0e8d7fe
krb5-server-1.3.4-10.i386.rpm
File outdated by:  RHBA-2009:0997		     41539a24d42aded4759aea32192ac1d6
krb5-workstation-1.3.4-10.i386.rpm
File outdated by:  RHBA-2009:0997		     0cffdea74c77bf39d41ee5ea93976f01
 
IA-64:
krb5-devel-1.3.4-10.ia64.rpm
File outdated by:  RHBA-2009:0997		     14ecc7c0ece19e49b7cc6bd7c5858949
krb5-libs-1.3.4-10.i386.rpm
File outdated by:  RHBA-2009:0997		     840838ec3616305979c304fda0e8d7fe
krb5-libs-1.3.4-10.ia64.rpm
File outdated by:  RHBA-2009:0997		     fdd4eed7c2481af9d3ffb2d41c3f07f9
krb5-server-1.3.4-10.ia64.rpm
File outdated by:  RHBA-2009:0997		     5d6d33738eb5a7ab0063a72ce3adc94c
krb5-workstation-1.3.4-10.ia64.rpm
File outdated by:  RHBA-2009:0997		     03038d68414e227a70916fa8355ef7e9
 
x86_64:
krb5-devel-1.3.4-10.x86_64.rpm
File outdated by:  RHBA-2009:0997		     9108d9950729adeb09f3ad103cec7381
krb5-libs-1.3.4-10.i386.rpm
File outdated by:  RHBA-2009:0997		     840838ec3616305979c304fda0e8d7fe
krb5-libs-1.3.4-10.x86_64.rpm
File outdated by:  RHBA-2009:0997		     8e5f807f0aa56cb4111fb26a6e36badd
krb5-server-1.3.4-10.x86_64.rpm
File outdated by:  RHBA-2009:0997		     1e52826d2c9770b1e57b94d2083a14dd
krb5-workstation-1.3.4-10.x86_64.rpm
File outdated by:  RHBA-2009:0997		     627d3c67962cd3410fa410543a849116
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

139235 - krsh problem
144196 - CAN-2004-1189 buffer overflow in krb5


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1189
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-004-pwhist.txt

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/