- Issued:
- 2007-06-11
- Updated:
- 2007-06-11
RHBA-2007:0435 - Bug Fix Advisory
Synopsis
krb5 bug fix update
Type/Severity
Bug Fix Advisory
Topic
Updated krb5 packages are now available.
Description
Kerberos V5 is a trusted-third-party network authentication system, which
can improve your network's security by eliminating the insecure practice of
cleartext passwords.
When receiving encrypted credentials from a KDC, the Kerberos IV library
incorrectly calculated the skew between the client's system clock and that
on the KDC, resulting in occasional false error reports in cases where
authentication had actually succeeded.
Users should upgrade to these updated packages, which resolve this issue.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Affected Products
- Red Hat Enterprise Linux Server 3 x86_64
- Red Hat Enterprise Linux Server 3 ia64
- Red Hat Enterprise Linux Server 3 i386
- Red Hat Enterprise Linux Workstation 3 x86_64
- Red Hat Enterprise Linux Workstation 3 ia64
- Red Hat Enterprise Linux Workstation 3 i386
- Red Hat Enterprise Linux Desktop 3 x86_64
- Red Hat Enterprise Linux Desktop 3 i386
- Red Hat Enterprise Linux for IBM z Systems 3 s390x
- Red Hat Enterprise Linux for IBM z Systems 3 s390
- Red Hat Enterprise Linux for Power, big endian 3 ppc
Fixes
- BZ - 193750 - krb4 : Time is out of bounds when storing the time diff into unsigned int32
CVEs
(none)
References
(none)
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.