Security Advisory Important: krb5 security update

Advisory: RHSA-2009:0409-1
Type: Security Advisory
Severity: Important
Issued on: 2009-04-07
Last updated on: 2009-04-07
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.7.z)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.7.z)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20090409.xml
CVEs (cve.mitre.org): CVE-2009-0846

Details

Updated krb5 packages that fix a security issue are now available for Red
Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Kerberos is a network authentication system which allows clients and
servers to authenticate to each other using symmetric encryption and a
trusted third party, the Key Distribution Center (KDC).

An input validation flaw was found in the ASN.1 (Abstract Syntax Notation
One) decoder used by MIT Kerberos. A remote attacker could use this flaw to
crash a network service using the MIT Kerberos library, such as kadmind or
krb5kdc, by causing it to dereference or free an uninitialized pointer.
(CVE-2009-0846)

All krb5 users should upgrade to these updated packages, which contain a
backported patch to correct this issue. All running services using the MIT
Kerberos libraries must be restarted for the update to take effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 4)
SRPMS:
krb5-1.3.4-60.el4_7.2.src.rpm
File outdated by:  RHBA-2009:0997		     4f80a1da4fe34108c1c3a4e00a70389b
 
IA-32:
krb5-devel-1.3.4-60.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0997		     8d56acf83d61df574b4c732bdc025fba
krb5-libs-1.3.4-60.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0997		     65a55da38d721754c0f2940d88726d03
krb5-server-1.3.4-60.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0997		     728b78de7d5833338cbdc73a5d769ef0
krb5-workstation-1.3.4-60.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0997		     5df40712689418bf810e573917b4c566
 
x86_64:
krb5-devel-1.3.4-60.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0997		     ba9008d1743435aaf981f288d76b6599
krb5-libs-1.3.4-60.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0997		     65a55da38d721754c0f2940d88726d03
krb5-libs-1.3.4-60.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0997		     005ac6dd4950105a6d25a4148d282f62
krb5-server-1.3.4-60.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0997		     cc6b03167e0ae51ee8eb05e28ca15818
krb5-workstation-1.3.4-60.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0997		     c2cfd4d5ad2faec93a7137173cebf11a
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
krb5-1.3.4-60.el4_7.2.src.rpm
File outdated by:  RHBA-2009:0997		     4f80a1da4fe34108c1c3a4e00a70389b
 
IA-32:
krb5-devel-1.3.4-60.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0997		     8d56acf83d61df574b4c732bdc025fba
krb5-libs-1.3.4-60.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0997		     65a55da38d721754c0f2940d88726d03
krb5-server-1.3.4-60.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0997		     728b78de7d5833338cbdc73a5d769ef0
krb5-workstation-1.3.4-60.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0997		     5df40712689418bf810e573917b4c566
 
IA-64:
krb5-devel-1.3.4-60.el4_7.2.ia64.rpm
File outdated by:  RHBA-2009:0997		     9b6da09e31e9de56fc64f0994fcab983
krb5-libs-1.3.4-60.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0997		     65a55da38d721754c0f2940d88726d03
krb5-libs-1.3.4-60.el4_7.2.ia64.rpm
File outdated by:  RHBA-2009:0997		     0939502f2507df999ad1cf9630e396fa
krb5-server-1.3.4-60.el4_7.2.ia64.rpm
File outdated by:  RHBA-2009:0997		     6ef01b1d1d7f4681ca3f1dafa38266c2
krb5-workstation-1.3.4-60.el4_7.2.ia64.rpm
File outdated by:  RHBA-2009:0997		     766cfe56f577536dd50ddf6b78862bbe
 
PPC:
krb5-devel-1.3.4-60.el4_7.2.ppc.rpm
File outdated by:  RHBA-2009:0997		     dce1e44153117f391df5b323d25905fe
krb5-libs-1.3.4-60.el4_7.2.ppc.rpm
File outdated by:  RHBA-2009:0997		     19a4b9fe797bc4d4523395d30398c97b
krb5-libs-1.3.4-60.el4_7.2.ppc64.rpm
File outdated by:  RHBA-2009:0997		     d914818dc8cceda17dcb1abd296dc861
krb5-server-1.3.4-60.el4_7.2.ppc.rpm
File outdated by:  RHBA-2009:0997		     05f23e632e626488adb046f874017633
krb5-workstation-1.3.4-60.el4_7.2.ppc.rpm
File outdated by:  RHBA-2009:0997		     5eff4cad98e30f18d4ac11beb9368725
 
s390:
krb5-devel-1.3.4-60.el4_7.2.s390.rpm
File outdated by:  RHBA-2009:0997		     a23b67a08e245d6862e3b268b178336c
krb5-libs-1.3.4-60.el4_7.2.s390.rpm
File outdated by:  RHBA-2009:0997		     1db1261eacd5f6f9d985a1f3377f2f48
krb5-server-1.3.4-60.el4_7.2.s390.rpm
File outdated by:  RHBA-2009:0997		     a7599f85016f89bf9f2916eb688719b8
krb5-workstation-1.3.4-60.el4_7.2.s390.rpm
File outdated by:  RHBA-2009:0997		     add95320f21985a24bf9e3fa67801457
 
s390x:
krb5-devel-1.3.4-60.el4_7.2.s390x.rpm
File outdated by:  RHBA-2009:0997		     fffd041bc1bd92ac34a986837ecac23b
krb5-libs-1.3.4-60.el4_7.2.s390.rpm
File outdated by:  RHBA-2009:0997		     1db1261eacd5f6f9d985a1f3377f2f48
krb5-libs-1.3.4-60.el4_7.2.s390x.rpm
File outdated by:  RHBA-2009:0997		     1ac125fbabddfdf461db801d53dce884
krb5-server-1.3.4-60.el4_7.2.s390x.rpm
File outdated by:  RHBA-2009:0997		     0e7a270e92fd492f7299989544d61c60
krb5-workstation-1.3.4-60.el4_7.2.s390x.rpm
File outdated by:  RHBA-2009:0997		     f24164a948cdd802e8e44557f83f08fa
 
x86_64:
krb5-devel-1.3.4-60.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0997		     ba9008d1743435aaf981f288d76b6599
krb5-libs-1.3.4-60.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0997		     65a55da38d721754c0f2940d88726d03
krb5-libs-1.3.4-60.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0997		     005ac6dd4950105a6d25a4148d282f62
krb5-server-1.3.4-60.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0997		     cc6b03167e0ae51ee8eb05e28ca15818
krb5-workstation-1.3.4-60.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0997		     c2cfd4d5ad2faec93a7137173cebf11a
 
Red Hat Enterprise Linux AS (v. 4.7.z)
SRPMS:
krb5-1.3.4-60.el4_7.2.src.rpm
File outdated by:  RHBA-2009:0997		     4f80a1da4fe34108c1c3a4e00a70389b
 
IA-32:
krb5-devel-1.3.4-60.el4_7.2.i386.rpm     8d56acf83d61df574b4c732bdc025fba
krb5-libs-1.3.4-60.el4_7.2.i386.rpm     65a55da38d721754c0f2940d88726d03
krb5-server-1.3.4-60.el4_7.2.i386.rpm     728b78de7d5833338cbdc73a5d769ef0
krb5-workstation-1.3.4-60.el4_7.2.i386.rpm     5df40712689418bf810e573917b4c566
 
IA-64:
krb5-devel-1.3.4-60.el4_7.2.ia64.rpm     9b6da09e31e9de56fc64f0994fcab983
krb5-libs-1.3.4-60.el4_7.2.i386.rpm     65a55da38d721754c0f2940d88726d03
krb5-libs-1.3.4-60.el4_7.2.ia64.rpm     0939502f2507df999ad1cf9630e396fa
krb5-server-1.3.4-60.el4_7.2.ia64.rpm     6ef01b1d1d7f4681ca3f1dafa38266c2
krb5-workstation-1.3.4-60.el4_7.2.ia64.rpm     766cfe56f577536dd50ddf6b78862bbe
 
PPC:
krb5-devel-1.3.4-60.el4_7.2.ppc.rpm     dce1e44153117f391df5b323d25905fe
krb5-libs-1.3.4-60.el4_7.2.ppc.rpm     19a4b9fe797bc4d4523395d30398c97b
krb5-libs-1.3.4-60.el4_7.2.ppc64.rpm     d914818dc8cceda17dcb1abd296dc861
krb5-server-1.3.4-60.el4_7.2.ppc.rpm     05f23e632e626488adb046f874017633
krb5-workstation-1.3.4-60.el4_7.2.ppc.rpm     5eff4cad98e30f18d4ac11beb9368725
 
s390:
krb5-devel-1.3.4-60.el4_7.2.s390.rpm     a23b67a08e245d6862e3b268b178336c
krb5-libs-1.3.4-60.el4_7.2.s390.rpm     1db1261eacd5f6f9d985a1f3377f2f48
krb5-server-1.3.4-60.el4_7.2.s390.rpm     a7599f85016f89bf9f2916eb688719b8
krb5-workstation-1.3.4-60.el4_7.2.s390.rpm     add95320f21985a24bf9e3fa67801457
 
s390x:
krb5-devel-1.3.4-60.el4_7.2.s390x.rpm     fffd041bc1bd92ac34a986837ecac23b
krb5-libs-1.3.4-60.el4_7.2.s390.rpm     1db1261eacd5f6f9d985a1f3377f2f48
krb5-libs-1.3.4-60.el4_7.2.s390x.rpm     1ac125fbabddfdf461db801d53dce884
krb5-server-1.3.4-60.el4_7.2.s390x.rpm     0e7a270e92fd492f7299989544d61c60
krb5-workstation-1.3.4-60.el4_7.2.s390x.rpm     f24164a948cdd802e8e44557f83f08fa
 
x86_64:
krb5-devel-1.3.4-60.el4_7.2.x86_64.rpm     ba9008d1743435aaf981f288d76b6599
krb5-libs-1.3.4-60.el4_7.2.i386.rpm     65a55da38d721754c0f2940d88726d03
krb5-libs-1.3.4-60.el4_7.2.x86_64.rpm     005ac6dd4950105a6d25a4148d282f62
krb5-server-1.3.4-60.el4_7.2.x86_64.rpm     cc6b03167e0ae51ee8eb05e28ca15818
krb5-workstation-1.3.4-60.el4_7.2.x86_64.rpm     c2cfd4d5ad2faec93a7137173cebf11a
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
krb5-1.3.4-60.el4_7.2.src.rpm
File outdated by:  RHBA-2009:0997		     4f80a1da4fe34108c1c3a4e00a70389b
 
IA-32:
krb5-devel-1.3.4-60.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0997		     8d56acf83d61df574b4c732bdc025fba
krb5-libs-1.3.4-60.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0997		     65a55da38d721754c0f2940d88726d03
krb5-server-1.3.4-60.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0997		     728b78de7d5833338cbdc73a5d769ef0
krb5-workstation-1.3.4-60.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0997		     5df40712689418bf810e573917b4c566
 
IA-64:
krb5-devel-1.3.4-60.el4_7.2.ia64.rpm
File outdated by:  RHBA-2009:0997		     9b6da09e31e9de56fc64f0994fcab983
krb5-libs-1.3.4-60.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0997		     65a55da38d721754c0f2940d88726d03
krb5-libs-1.3.4-60.el4_7.2.ia64.rpm
File outdated by:  RHBA-2009:0997		     0939502f2507df999ad1cf9630e396fa
krb5-server-1.3.4-60.el4_7.2.ia64.rpm
File outdated by:  RHBA-2009:0997		     6ef01b1d1d7f4681ca3f1dafa38266c2
krb5-workstation-1.3.4-60.el4_7.2.ia64.rpm
File outdated by:  RHBA-2009:0997		     766cfe56f577536dd50ddf6b78862bbe
 
x86_64:
krb5-devel-1.3.4-60.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0997		     ba9008d1743435aaf981f288d76b6599
krb5-libs-1.3.4-60.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0997		     65a55da38d721754c0f2940d88726d03
krb5-libs-1.3.4-60.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0997		     005ac6dd4950105a6d25a4148d282f62
krb5-server-1.3.4-60.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0997		     cc6b03167e0ae51ee8eb05e28ca15818
krb5-workstation-1.3.4-60.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0997		     c2cfd4d5ad2faec93a7137173cebf11a
 
Red Hat Enterprise Linux ES (v. 4.7.z)
SRPMS:
krb5-1.3.4-60.el4_7.2.src.rpm
File outdated by:  RHBA-2009:0997		     4f80a1da4fe34108c1c3a4e00a70389b
 
IA-32:
krb5-devel-1.3.4-60.el4_7.2.i386.rpm     8d56acf83d61df574b4c732bdc025fba
krb5-libs-1.3.4-60.el4_7.2.i386.rpm     65a55da38d721754c0f2940d88726d03
krb5-server-1.3.4-60.el4_7.2.i386.rpm     728b78de7d5833338cbdc73a5d769ef0
krb5-workstation-1.3.4-60.el4_7.2.i386.rpm     5df40712689418bf810e573917b4c566
 
IA-64:
krb5-devel-1.3.4-60.el4_7.2.ia64.rpm     9b6da09e31e9de56fc64f0994fcab983
krb5-libs-1.3.4-60.el4_7.2.i386.rpm     65a55da38d721754c0f2940d88726d03
krb5-libs-1.3.4-60.el4_7.2.ia64.rpm     0939502f2507df999ad1cf9630e396fa
krb5-server-1.3.4-60.el4_7.2.ia64.rpm     6ef01b1d1d7f4681ca3f1dafa38266c2
krb5-workstation-1.3.4-60.el4_7.2.ia64.rpm     766cfe56f577536dd50ddf6b78862bbe
 
x86_64:
krb5-devel-1.3.4-60.el4_7.2.x86_64.rpm     ba9008d1743435aaf981f288d76b6599
krb5-libs-1.3.4-60.el4_7.2.i386.rpm     65a55da38d721754c0f2940d88726d03
krb5-libs-1.3.4-60.el4_7.2.x86_64.rpm     005ac6dd4950105a6d25a4148d282f62
krb5-server-1.3.4-60.el4_7.2.x86_64.rpm     cc6b03167e0ae51ee8eb05e28ca15818
krb5-workstation-1.3.4-60.el4_7.2.x86_64.rpm     c2cfd4d5ad2faec93a7137173cebf11a
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
krb5-1.3.4-60.el4_7.2.src.rpm
File outdated by:  RHBA-2009:0997		     4f80a1da4fe34108c1c3a4e00a70389b
 
IA-32:
krb5-devel-1.3.4-60.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0997		     8d56acf83d61df574b4c732bdc025fba
krb5-libs-1.3.4-60.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0997		     65a55da38d721754c0f2940d88726d03
krb5-server-1.3.4-60.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0997		     728b78de7d5833338cbdc73a5d769ef0
krb5-workstation-1.3.4-60.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0997		     5df40712689418bf810e573917b4c566
 
IA-64:
krb5-devel-1.3.4-60.el4_7.2.ia64.rpm
File outdated by:  RHBA-2009:0997		     9b6da09e31e9de56fc64f0994fcab983
krb5-libs-1.3.4-60.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0997		     65a55da38d721754c0f2940d88726d03
krb5-libs-1.3.4-60.el4_7.2.ia64.rpm
File outdated by:  RHBA-2009:0997		     0939502f2507df999ad1cf9630e396fa
krb5-server-1.3.4-60.el4_7.2.ia64.rpm
File outdated by:  RHBA-2009:0997		     6ef01b1d1d7f4681ca3f1dafa38266c2
krb5-workstation-1.3.4-60.el4_7.2.ia64.rpm
File outdated by:  RHBA-2009:0997		     766cfe56f577536dd50ddf6b78862bbe
 
x86_64:
krb5-devel-1.3.4-60.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0997		     ba9008d1743435aaf981f288d76b6599
krb5-libs-1.3.4-60.el4_7.2.i386.rpm
File outdated by:  RHBA-2009:0997		     65a55da38d721754c0f2940d88726d03
krb5-libs-1.3.4-60.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0997		     005ac6dd4950105a6d25a4148d282f62
krb5-server-1.3.4-60.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0997		     cc6b03167e0ae51ee8eb05e28ca15818
krb5-workstation-1.3.4-60.el4_7.2.x86_64.rpm
File outdated by:  RHBA-2009:0997		     c2cfd4d5ad2faec93a7137173cebf11a
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

491036 - CVE-2009-0846 krb5: ASN.1 decoder can free uninitialized pointer when decoding an invalid encoding (MITKRB5-SA-2009-002)


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846
http://www.redhat.com/security/updates/classification/#important
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/