Security Advisory Moderate: krb5 security update

Advisory: RHSA-2014:1255-1
Type: Security Advisory
Severity: Moderate
Issued on: 2014-09-17
Last updated on: 2014-09-17
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2014-4345

Details

Updated krb5 packages that fix one security issue are now available for Red
Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

Kerberos is an authentication system which allows clients and services to
authenticate to each other with the help of a trusted third party, a
Kerberos Key Distribution Center (KDC).

A buffer overflow was found in the KADM5 administration server (kadmind)
when it was used with an LDAP back end for the KDC database. A remote,
authenticated attacker could potentially use this flaw to execute arbitrary
code on the system running kadmind. (CVE-2014-4345)

All krb5 users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
updated packages, the krb5kdc and kadmind daemons will be restarted
automatically.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
krb5-1.6.1-80.el5_11.src.rpm     MD5: 2ddda47d0bfcd1122d463b5e6d76b8ee
SHA-256: 01574ac3fa80088a3027508a4f9b7e825ac61f21cebe78f54ad55803d11d5e39
 
IA-32:
krb5-debuginfo-1.6.1-80.el5_11.i386.rpm     MD5: d48dda79135a5e4c4e04d5f94c522e41
SHA-256: c313c8db806b61da78b1f22951b128b6c2f1f7eb8b4b3501e24d7951829f891c
krb5-devel-1.6.1-80.el5_11.i386.rpm     MD5: ab6416df1eaf26dd6067f2d49a00a202
SHA-256: 832bd9d7632a34dd1042fe543728775a567909258a5dd625feadef13dc9ec2fa
krb5-server-1.6.1-80.el5_11.i386.rpm     MD5: e198cc2ab1c3c96bcfd2ff440ee3448d
SHA-256: abac9720741bdc315f13c8bc50cdbf41ab99c9d23948129d75f77d01b99ee59a
krb5-server-ldap-1.6.1-80.el5_11.i386.rpm     MD5: d5f82d8b0b74d56608bc1fdb3ebbbc01
SHA-256: dcdfcb4b0e66eb98be155d74d5ecb55be09584ef1808a1144a12bdcb8778337c
 
x86_64:
krb5-debuginfo-1.6.1-80.el5_11.i386.rpm     MD5: d48dda79135a5e4c4e04d5f94c522e41
SHA-256: c313c8db806b61da78b1f22951b128b6c2f1f7eb8b4b3501e24d7951829f891c
krb5-debuginfo-1.6.1-80.el5_11.x86_64.rpm     MD5: 40b27602e809973fe3be8643bce2a54c
SHA-256: 88d27dc43bbcbdfa9042273156f380971f1f704b3e5f66f0c5bcf858e7e58f2b
krb5-devel-1.6.1-80.el5_11.i386.rpm     MD5: ab6416df1eaf26dd6067f2d49a00a202
SHA-256: 832bd9d7632a34dd1042fe543728775a567909258a5dd625feadef13dc9ec2fa
krb5-devel-1.6.1-80.el5_11.x86_64.rpm     MD5: 0ba63e236b3c5a214a23dc03710a2dbb
SHA-256: 8cfec8adc9fd6a0450528eac930acfcbab25c942872969a761586b95a71f7071
krb5-server-1.6.1-80.el5_11.x86_64.rpm     MD5: 72d4c6115da50854a5786cd325cc84dd
SHA-256: d03df90b6b11d1e3b8d86b0f8b1832ecd7f3df42c09df00ad6d4ddcaeaca0918
krb5-server-ldap-1.6.1-80.el5_11.x86_64.rpm     MD5: bdaa900a0d3312224b671ddd92f7d8af
SHA-256: 1e50811880897b9ddf86b1a18571a92049d091b57c16e30e583f14820bcf4bab
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
krb5-1.6.1-80.el5_11.src.rpm     MD5: 2ddda47d0bfcd1122d463b5e6d76b8ee
SHA-256: 01574ac3fa80088a3027508a4f9b7e825ac61f21cebe78f54ad55803d11d5e39
 
IA-32:
krb5-debuginfo-1.6.1-80.el5_11.i386.rpm     MD5: d48dda79135a5e4c4e04d5f94c522e41
SHA-256: c313c8db806b61da78b1f22951b128b6c2f1f7eb8b4b3501e24d7951829f891c
krb5-devel-1.6.1-80.el5_11.i386.rpm     MD5: ab6416df1eaf26dd6067f2d49a00a202
SHA-256: 832bd9d7632a34dd1042fe543728775a567909258a5dd625feadef13dc9ec2fa
krb5-libs-1.6.1-80.el5_11.i386.rpm     MD5: 5759613181df710e9642af4056b9f26b
SHA-256: de67020a31714bfa242404e03a51dd6d46d8cedfe9dedbea6297fbe02dc34358
krb5-server-1.6.1-80.el5_11.i386.rpm     MD5: e198cc2ab1c3c96bcfd2ff440ee3448d
SHA-256: abac9720741bdc315f13c8bc50cdbf41ab99c9d23948129d75f77d01b99ee59a
krb5-server-ldap-1.6.1-80.el5_11.i386.rpm     MD5: d5f82d8b0b74d56608bc1fdb3ebbbc01
SHA-256: dcdfcb4b0e66eb98be155d74d5ecb55be09584ef1808a1144a12bdcb8778337c
krb5-workstation-1.6.1-80.el5_11.i386.rpm     MD5: 66c2ce403fb209fb7cec337efde91ec0
SHA-256: 26e8fa300cedd940ca2dafb3b432a9ff9059ce8646732a9b227f515016ab59c8
 
IA-64:
krb5-debuginfo-1.6.1-80.el5_11.i386.rpm     MD5: d48dda79135a5e4c4e04d5f94c522e41
SHA-256: c313c8db806b61da78b1f22951b128b6c2f1f7eb8b4b3501e24d7951829f891c
krb5-debuginfo-1.6.1-80.el5_11.ia64.rpm     MD5: 40f210c782649ccde46454cb5a6113a7
SHA-256: b1f7241283439e351f59c551e2c95b0f9bd01a770ead15fc3dc53039b18031d6
krb5-devel-1.6.1-80.el5_11.ia64.rpm     MD5: dcda4a02ac930af4ba22958d86b36fc1
SHA-256: c3d20bfb8a315902508d5263cf7594a66ed5ae3063ddd805c34adca363f03521
krb5-libs-1.6.1-80.el5_11.i386.rpm     MD5: 5759613181df710e9642af4056b9f26b
SHA-256: de67020a31714bfa242404e03a51dd6d46d8cedfe9dedbea6297fbe02dc34358
krb5-libs-1.6.1-80.el5_11.ia64.rpm     MD5: ad05d663a6e21f1d4999f5d3608e5cd2
SHA-256: 03a77d25a00d4e40fc71684cb01a2b55cb3ef7b93c2dba55cc3e64aa9abcad0a
krb5-server-1.6.1-80.el5_11.ia64.rpm     MD5: 51039f9dae8e717f6236ac0609e018ab
SHA-256: 81dc5a5c4df8990f2d6473091ca54f03bb1498f25c9737b47561c4f11131cb85
krb5-server-ldap-1.6.1-80.el5_11.ia64.rpm     MD5: 0607ca6f84c1a966a319fe9960d09edf
SHA-256: f2008a60cc874b1c8ae61b485625fbf2ce96640a621ff718f6d269867accef0f
krb5-workstation-1.6.1-80.el5_11.ia64.rpm     MD5: 572d9b9c5197db1d7f7e925a192b16f3
SHA-256: 0766f8d4d8fed3012d600b2a44b80325586f1dd189245c9deeec38d5246aa166
 
PPC:
krb5-debuginfo-1.6.1-80.el5_11.ppc.rpm     MD5: f1f2ec4aa1ecfabc7a5431ac488e1f47
SHA-256: 4e69baa54e598b3fd9df0bd988de6c797c2bf8eddc2858870046b3186f3c9c5c
krb5-debuginfo-1.6.1-80.el5_11.ppc64.rpm     MD5: 8fa862e5a98f9f24d297be826e0a1261
SHA-256: 1f07d94780975fb6a9dfa5eaa03a12c041702a2f442f8db1a4ad06d6f7b52951
krb5-devel-1.6.1-80.el5_11.ppc.rpm     MD5: 3e7b13d170235687f9654cd47d53e32a
SHA-256: ba9904b576ebc59aa34c5f99a53dd375ee8b8440557673ab7b1ea3a3dd919b90
krb5-devel-1.6.1-80.el5_11.ppc64.rpm     MD5: 65d6523f99654f46d1f9ee977a5afe54
SHA-256: fa4797400daa4703a31b97945e2b8304957cc3e240022beaa7a3d50c3ee625fd
krb5-libs-1.6.1-80.el5_11.ppc.rpm     MD5: e5443957d8b21894daacb9ad479261d3
SHA-256: c98f163aaff247545309e46c21bc452360d478a86ea37bdfcbbd4889e50233ea
krb5-libs-1.6.1-80.el5_11.ppc64.rpm     MD5: 7de017347fe2dcff84b942453ac8b0a6
SHA-256: e660eb2e641f1d27b904820cfa1874848167e2a9a1853f807e37c769de06e77c
krb5-server-1.6.1-80.el5_11.ppc.rpm     MD5: 8e9cfe699d6ea60024928a572c56d5aa
SHA-256: 371e70f9d3d5b620f07dbd30bb6f7e6a2155843a78d479f594f31a7bc3d3cba9
krb5-server-ldap-1.6.1-80.el5_11.ppc.rpm     MD5: 2f41b4e33c549de33b9a8c27da63a2f2
SHA-256: 5c4aa5d342b9c46a210c1a33a58daecc0d3f86c849f6e5a31580b9c32a797e93
krb5-workstation-1.6.1-80.el5_11.ppc.rpm     MD5: fd266f159d3979802c526e282c6f3018
SHA-256: b783de83b54b719addc3bf64744383f5bf5ac92d7ff4a473d9bbc5d871e7c2df
 
s390x:
krb5-debuginfo-1.6.1-80.el5_11.s390.rpm     MD5: a0d2563964485a552f4bf2b2a21643a0
SHA-256: c927613e93222fc7b76002e58f91316942b4a9273af754caa3ff963467fdffcf
krb5-debuginfo-1.6.1-80.el5_11.s390x.rpm     MD5: 4399d36326fcb2df848b0b3b486f91bf
SHA-256: be0b49bb5a84f346fb099eab817095bfec57287752f7e90bbde92aa30146862b
krb5-devel-1.6.1-80.el5_11.s390.rpm     MD5: 3d75d28fee941c907199d34e2b8c0030
SHA-256: 32917a9302506866c352eef4a0224d7c6a2be5f1bf180721c0ddcee17e795e7a
krb5-devel-1.6.1-80.el5_11.s390x.rpm     MD5: 0c4e1727acdb2875b0e240ff48bd3bc4
SHA-256: a86e6eb25183c9b83d627bef9e56b756c662ce3936af2ec3b8906f1028e195b0
krb5-libs-1.6.1-80.el5_11.s390.rpm     MD5: ce5f908fe59cb0daa917eb6eb6ec09a8
SHA-256: 0e9538b9df0f029ba8db6bf26dfcc94f768996c4f15c82787b7af4c977294fc9
krb5-libs-1.6.1-80.el5_11.s390x.rpm     MD5: 1a57d76983a3b5abd0cc05c04db8168a
SHA-256: 7ada5578bd95f690c453fca178c5b6dafc8f7087bf3c42e9c6466e67362c2903
krb5-server-1.6.1-80.el5_11.s390x.rpm     MD5: 14ba381a7a8711e280cbddea45a32d7a
SHA-256: 873a0da9a684ae9c41e221eb8b2c82b8f805709d094f17c82a89617090ce944c
krb5-server-ldap-1.6.1-80.el5_11.s390x.rpm     MD5: 3237c560cf44258d52d745e073a2f821
SHA-256: fd167f72f7e22a52cc37636009bf917622a387d2d43cf797329e45c746fbb31a
krb5-workstation-1.6.1-80.el5_11.s390x.rpm     MD5: ce2d242abbd373f0297d080137f42b3c
SHA-256: f4931055d577fa6458d443331e543af544ffd6ba33592bdecca23ff7aa05c871
 
x86_64:
krb5-debuginfo-1.6.1-80.el5_11.i386.rpm     MD5: d48dda79135a5e4c4e04d5f94c522e41
SHA-256: c313c8db806b61da78b1f22951b128b6c2f1f7eb8b4b3501e24d7951829f891c
krb5-debuginfo-1.6.1-80.el5_11.x86_64.rpm     MD5: 40b27602e809973fe3be8643bce2a54c
SHA-256: 88d27dc43bbcbdfa9042273156f380971f1f704b3e5f66f0c5bcf858e7e58f2b
krb5-devel-1.6.1-80.el5_11.i386.rpm     MD5: ab6416df1eaf26dd6067f2d49a00a202
SHA-256: 832bd9d7632a34dd1042fe543728775a567909258a5dd625feadef13dc9ec2fa
krb5-devel-1.6.1-80.el5_11.x86_64.rpm     MD5: 0ba63e236b3c5a214a23dc03710a2dbb
SHA-256: 8cfec8adc9fd6a0450528eac930acfcbab25c942872969a761586b95a71f7071
krb5-libs-1.6.1-80.el5_11.i386.rpm     MD5: 5759613181df710e9642af4056b9f26b
SHA-256: de67020a31714bfa242404e03a51dd6d46d8cedfe9dedbea6297fbe02dc34358
krb5-libs-1.6.1-80.el5_11.x86_64.rpm     MD5: bb5f46d01e43730841c2a0327a703cef
SHA-256: 97b120015a2e1dd7aa5ccd1f87d2faaa891dbec18b9a33ad05eeba0de7467911
krb5-server-1.6.1-80.el5_11.x86_64.rpm     MD5: 72d4c6115da50854a5786cd325cc84dd
SHA-256: d03df90b6b11d1e3b8d86b0f8b1832ecd7f3df42c09df00ad6d4ddcaeaca0918
krb5-server-ldap-1.6.1-80.el5_11.x86_64.rpm     MD5: bdaa900a0d3312224b671ddd92f7d8af
SHA-256: 1e50811880897b9ddf86b1a18571a92049d091b57c16e30e583f14820bcf4bab
krb5-workstation-1.6.1-80.el5_11.x86_64.rpm     MD5: c201b46793470a4b65975c7476ab4cfc
SHA-256: 6575df8d8d203e43e7fce29d08f2eff9006bf3e5c8446e8f974adbf1af599854
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
krb5-1.6.1-80.el5_11.src.rpm     MD5: 2ddda47d0bfcd1122d463b5e6d76b8ee
SHA-256: 01574ac3fa80088a3027508a4f9b7e825ac61f21cebe78f54ad55803d11d5e39
 
IA-32:
krb5-debuginfo-1.6.1-80.el5_11.i386.rpm     MD5: d48dda79135a5e4c4e04d5f94c522e41
SHA-256: c313c8db806b61da78b1f22951b128b6c2f1f7eb8b4b3501e24d7951829f891c
krb5-libs-1.6.1-80.el5_11.i386.rpm     MD5: 5759613181df710e9642af4056b9f26b
SHA-256: de67020a31714bfa242404e03a51dd6d46d8cedfe9dedbea6297fbe02dc34358
krb5-workstation-1.6.1-80.el5_11.i386.rpm     MD5: 66c2ce403fb209fb7cec337efde91ec0
SHA-256: 26e8fa300cedd940ca2dafb3b432a9ff9059ce8646732a9b227f515016ab59c8
 
x86_64:
krb5-debuginfo-1.6.1-80.el5_11.i386.rpm     MD5: d48dda79135a5e4c4e04d5f94c522e41
SHA-256: c313c8db806b61da78b1f22951b128b6c2f1f7eb8b4b3501e24d7951829f891c
krb5-debuginfo-1.6.1-80.el5_11.x86_64.rpm     MD5: 40b27602e809973fe3be8643bce2a54c
SHA-256: 88d27dc43bbcbdfa9042273156f380971f1f704b3e5f66f0c5bcf858e7e58f2b
krb5-libs-1.6.1-80.el5_11.i386.rpm     MD5: 5759613181df710e9642af4056b9f26b
SHA-256: de67020a31714bfa242404e03a51dd6d46d8cedfe9dedbea6297fbe02dc34358
krb5-libs-1.6.1-80.el5_11.x86_64.rpm     MD5: bb5f46d01e43730841c2a0327a703cef
SHA-256: 97b120015a2e1dd7aa5ccd1f87d2faaa891dbec18b9a33ad05eeba0de7467911
krb5-workstation-1.6.1-80.el5_11.x86_64.rpm     MD5: c201b46793470a4b65975c7476ab4cfc
SHA-256: 6575df8d8d203e43e7fce29d08f2eff9006bf3e5c8446e8f974adbf1af599854
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1128157 - CVE-2014-4345 krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/