- Issued:
- 2009-05-18
- Updated:
- 2009-05-18
RHBA-2009:0997 - Bug Fix Advisory
Synopsis
krb5 bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated krb5 packages that resolve several issues are now available.
Description
Kerberos is a network authentication system which allows clients and
servers to authenticate to each other through the use of symmetric
encryption and a trusted third party: the Key Distribution Center (KDC).
These updated krb5 packages provide fixes for the following bugs:
- a user with an expired password who logged in to the system using the
Kerberos-aware telnet protocol was correctly prompted to change their
password. However, it was then possible for that user to change their
password to a new but insecure password such as "aaa". With this update,
the Pluggable Authentication Modules (PAM) system enforces quality checks
on passwords which are changed over the Kerberos-aware telnet protocol,
thus solving this potential problem.
- attempting to log in to a remote host using the rlogin command failed
when the user's password was expired. With this update, users are able to
log in successfully to the system with rlogin and change their expired
password.
- when copying data to a full NFS directory, rcp failed silently and did
not report an error, which led to silent data loss. With this update, rcp
does report an error under this condition.
- PAM modules use PAM_RHOST, PAM_USER and PAM_SERVICE, among other items,
as factors when making access control decisions. However, certain Kerberos
utilities did not correctly set the item which PAM modules read when
determining from which host a remote connection was being attempted. This
has been corrected in this update so that the necessary Kerberos utilities
set PAM items correctly and appropriately, which is needed for a
PAM-enabled Kerberos 5.
All users of krb5 are advised to upgrade to these updated packages, which
resolve these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
Fixes
- BZ - 461900 - rcp does not return ENOSPC error on full NFS-File system
- BZ - 479082 - user can set insecure password using PAMified telnet
- BZ - 479083 - can not login with rlogin as an user with expired password
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 4
SRPM | |
---|---|
krb5-1.3.4-62.el4.src.rpm | SHA-256: 9e22b6056ba490d4838f2bf3de2057c6fa0ae0051b73485dc3d2c3c72dc39773 |
x86_64 | |
krb5-devel-1.3.4-62.el4.x86_64.rpm | SHA-256: 5ec65910787350739c741697d0b4586f5a03d63557f9309f1750ddb84f6c6086 |
krb5-devel-1.3.4-62.el4.x86_64.rpm | SHA-256: 5ec65910787350739c741697d0b4586f5a03d63557f9309f1750ddb84f6c6086 |
krb5-libs-1.3.4-62.el4.i386.rpm | SHA-256: ca48fc33675180e57b2f1feaf5a388cbdba5d31e978f0565b75c1814fef6348c |
krb5-libs-1.3.4-62.el4.i386.rpm | SHA-256: ca48fc33675180e57b2f1feaf5a388cbdba5d31e978f0565b75c1814fef6348c |
krb5-libs-1.3.4-62.el4.x86_64.rpm | SHA-256: 2e117be74157fd753e4cf593def8d29f6dfb064ba95f4a944a921a118870b069 |
krb5-libs-1.3.4-62.el4.x86_64.rpm | SHA-256: 2e117be74157fd753e4cf593def8d29f6dfb064ba95f4a944a921a118870b069 |
krb5-server-1.3.4-62.el4.x86_64.rpm | SHA-256: 353791ea520a3f38194738722017e8b20a7a07bc22731f37950211c3dc45979f |
krb5-server-1.3.4-62.el4.x86_64.rpm | SHA-256: 353791ea520a3f38194738722017e8b20a7a07bc22731f37950211c3dc45979f |
krb5-workstation-1.3.4-62.el4.x86_64.rpm | SHA-256: 4c5b6f95abb5bc6b8b6d3abe84ceb8c908349dc36d759515046e4dea6e6810e1 |
krb5-workstation-1.3.4-62.el4.x86_64.rpm | SHA-256: 4c5b6f95abb5bc6b8b6d3abe84ceb8c908349dc36d759515046e4dea6e6810e1 |
ia64 | |
krb5-devel-1.3.4-62.el4.ia64.rpm | SHA-256: b5cd2078e2e82467dc6622dcfdded48a16d34a091a13a908a861ba88bf35df93 |
krb5-devel-1.3.4-62.el4.ia64.rpm | SHA-256: b5cd2078e2e82467dc6622dcfdded48a16d34a091a13a908a861ba88bf35df93 |
krb5-libs-1.3.4-62.el4.i386.rpm | SHA-256: ca48fc33675180e57b2f1feaf5a388cbdba5d31e978f0565b75c1814fef6348c |
krb5-libs-1.3.4-62.el4.i386.rpm | SHA-256: ca48fc33675180e57b2f1feaf5a388cbdba5d31e978f0565b75c1814fef6348c |
krb5-libs-1.3.4-62.el4.ia64.rpm | SHA-256: 23bafaf6197df826e031f8bb2a0876bf8e640db51ec7a7629ede8e54424f0ca7 |
krb5-libs-1.3.4-62.el4.ia64.rpm | SHA-256: 23bafaf6197df826e031f8bb2a0876bf8e640db51ec7a7629ede8e54424f0ca7 |
krb5-server-1.3.4-62.el4.ia64.rpm | SHA-256: ca07edabc2b47aaa4e55617a07eeb274d7383c420397dbf9dfed3058f29bd7d7 |
krb5-server-1.3.4-62.el4.ia64.rpm | SHA-256: ca07edabc2b47aaa4e55617a07eeb274d7383c420397dbf9dfed3058f29bd7d7 |
krb5-workstation-1.3.4-62.el4.ia64.rpm | SHA-256: 1248ba9299646e0fcf0c90c7429df83383f09be1ad4019818abe6fbeb982f1fb |
krb5-workstation-1.3.4-62.el4.ia64.rpm | SHA-256: 1248ba9299646e0fcf0c90c7429df83383f09be1ad4019818abe6fbeb982f1fb |
i386 | |
krb5-devel-1.3.4-62.el4.i386.rpm | SHA-256: 728ef68fbceb43ded2483a5be27bf344ec83a2ecdabd7864c7eb4a2738810960 |
krb5-devel-1.3.4-62.el4.i386.rpm | SHA-256: 728ef68fbceb43ded2483a5be27bf344ec83a2ecdabd7864c7eb4a2738810960 |
krb5-libs-1.3.4-62.el4.i386.rpm | SHA-256: ca48fc33675180e57b2f1feaf5a388cbdba5d31e978f0565b75c1814fef6348c |
krb5-libs-1.3.4-62.el4.i386.rpm | SHA-256: ca48fc33675180e57b2f1feaf5a388cbdba5d31e978f0565b75c1814fef6348c |
krb5-server-1.3.4-62.el4.i386.rpm | SHA-256: 0f94ed7dc17a2b2420390bdd84047f523edc57a6015c54f0514c19d1a3777691 |
krb5-server-1.3.4-62.el4.i386.rpm | SHA-256: 0f94ed7dc17a2b2420390bdd84047f523edc57a6015c54f0514c19d1a3777691 |
krb5-workstation-1.3.4-62.el4.i386.rpm | SHA-256: 7e8d17993bcbedf208b02841b64948e7dcec59c8dd2556671e2cfb0df7de9fe3 |
krb5-workstation-1.3.4-62.el4.i386.rpm | SHA-256: 7e8d17993bcbedf208b02841b64948e7dcec59c8dd2556671e2cfb0df7de9fe3 |
Red Hat Enterprise Linux Workstation 4
SRPM | |
---|---|
krb5-1.3.4-62.el4.src.rpm | SHA-256: 9e22b6056ba490d4838f2bf3de2057c6fa0ae0051b73485dc3d2c3c72dc39773 |
x86_64 | |
krb5-devel-1.3.4-62.el4.x86_64.rpm | SHA-256: 5ec65910787350739c741697d0b4586f5a03d63557f9309f1750ddb84f6c6086 |
krb5-libs-1.3.4-62.el4.i386.rpm | SHA-256: ca48fc33675180e57b2f1feaf5a388cbdba5d31e978f0565b75c1814fef6348c |
krb5-libs-1.3.4-62.el4.x86_64.rpm | SHA-256: 2e117be74157fd753e4cf593def8d29f6dfb064ba95f4a944a921a118870b069 |
krb5-server-1.3.4-62.el4.x86_64.rpm | SHA-256: 353791ea520a3f38194738722017e8b20a7a07bc22731f37950211c3dc45979f |
krb5-workstation-1.3.4-62.el4.x86_64.rpm | SHA-256: 4c5b6f95abb5bc6b8b6d3abe84ceb8c908349dc36d759515046e4dea6e6810e1 |
ia64 | |
krb5-devel-1.3.4-62.el4.ia64.rpm | SHA-256: b5cd2078e2e82467dc6622dcfdded48a16d34a091a13a908a861ba88bf35df93 |
krb5-libs-1.3.4-62.el4.i386.rpm | SHA-256: ca48fc33675180e57b2f1feaf5a388cbdba5d31e978f0565b75c1814fef6348c |
krb5-libs-1.3.4-62.el4.ia64.rpm | SHA-256: 23bafaf6197df826e031f8bb2a0876bf8e640db51ec7a7629ede8e54424f0ca7 |
krb5-server-1.3.4-62.el4.ia64.rpm | SHA-256: ca07edabc2b47aaa4e55617a07eeb274d7383c420397dbf9dfed3058f29bd7d7 |
krb5-workstation-1.3.4-62.el4.ia64.rpm | SHA-256: 1248ba9299646e0fcf0c90c7429df83383f09be1ad4019818abe6fbeb982f1fb |
i386 | |
krb5-devel-1.3.4-62.el4.i386.rpm | SHA-256: 728ef68fbceb43ded2483a5be27bf344ec83a2ecdabd7864c7eb4a2738810960 |
krb5-libs-1.3.4-62.el4.i386.rpm | SHA-256: ca48fc33675180e57b2f1feaf5a388cbdba5d31e978f0565b75c1814fef6348c |
krb5-server-1.3.4-62.el4.i386.rpm | SHA-256: 0f94ed7dc17a2b2420390bdd84047f523edc57a6015c54f0514c19d1a3777691 |
krb5-workstation-1.3.4-62.el4.i386.rpm | SHA-256: 7e8d17993bcbedf208b02841b64948e7dcec59c8dd2556671e2cfb0df7de9fe3 |
Red Hat Enterprise Linux Desktop 4
SRPM | |
---|---|
krb5-1.3.4-62.el4.src.rpm | SHA-256: 9e22b6056ba490d4838f2bf3de2057c6fa0ae0051b73485dc3d2c3c72dc39773 |
x86_64 | |
krb5-devel-1.3.4-62.el4.x86_64.rpm | SHA-256: 5ec65910787350739c741697d0b4586f5a03d63557f9309f1750ddb84f6c6086 |
krb5-libs-1.3.4-62.el4.i386.rpm | SHA-256: ca48fc33675180e57b2f1feaf5a388cbdba5d31e978f0565b75c1814fef6348c |
krb5-libs-1.3.4-62.el4.x86_64.rpm | SHA-256: 2e117be74157fd753e4cf593def8d29f6dfb064ba95f4a944a921a118870b069 |
krb5-server-1.3.4-62.el4.x86_64.rpm | SHA-256: 353791ea520a3f38194738722017e8b20a7a07bc22731f37950211c3dc45979f |
krb5-workstation-1.3.4-62.el4.x86_64.rpm | SHA-256: 4c5b6f95abb5bc6b8b6d3abe84ceb8c908349dc36d759515046e4dea6e6810e1 |
i386 | |
krb5-devel-1.3.4-62.el4.i386.rpm | SHA-256: 728ef68fbceb43ded2483a5be27bf344ec83a2ecdabd7864c7eb4a2738810960 |
krb5-libs-1.3.4-62.el4.i386.rpm | SHA-256: ca48fc33675180e57b2f1feaf5a388cbdba5d31e978f0565b75c1814fef6348c |
krb5-server-1.3.4-62.el4.i386.rpm | SHA-256: 0f94ed7dc17a2b2420390bdd84047f523edc57a6015c54f0514c19d1a3777691 |
krb5-workstation-1.3.4-62.el4.i386.rpm | SHA-256: 7e8d17993bcbedf208b02841b64948e7dcec59c8dd2556671e2cfb0df7de9fe3 |
Red Hat Enterprise Linux for IBM z Systems 4
SRPM | |
---|---|
krb5-1.3.4-62.el4.src.rpm | SHA-256: 9e22b6056ba490d4838f2bf3de2057c6fa0ae0051b73485dc3d2c3c72dc39773 |
s390x | |
krb5-devel-1.3.4-62.el4.s390x.rpm | SHA-256: 1874fe2300c9ab159ebd29ef290b8e30fb9c5dbedabe5c5ad810145cb9b2ea84 |
krb5-libs-1.3.4-62.el4.s390.rpm | SHA-256: 344d9df534bc3d792d199bf9638c8ed69d661a248e8592453bf011d0321acaf4 |
krb5-libs-1.3.4-62.el4.s390x.rpm | SHA-256: 8bf4b932a3ba4f27960b6cd43f464c8c7d15ee474b4b17f5e5f63c1ff202c2e1 |
krb5-server-1.3.4-62.el4.s390x.rpm | SHA-256: 0a32629f5716eed8517887e38c7b19569a9a54a9877018b4f6848842451d65bd |
krb5-workstation-1.3.4-62.el4.s390x.rpm | SHA-256: 6cf36f7b7d0a83d0d41ced79099ff345c6445aa213549f038d0d9f333a21e073 |
s390 | |
krb5-devel-1.3.4-62.el4.s390.rpm | SHA-256: cd8e8f090ccbf1f7e7527389e4c7d3cbb38c37931b7d4154439af063d1c1257d |
krb5-libs-1.3.4-62.el4.s390.rpm | SHA-256: 344d9df534bc3d792d199bf9638c8ed69d661a248e8592453bf011d0321acaf4 |
krb5-server-1.3.4-62.el4.s390.rpm | SHA-256: f681f3fb02d2ce53d11293f72d3c8220c556f424bae849bb8455e0f4b8e20e33 |
krb5-workstation-1.3.4-62.el4.s390.rpm | SHA-256: 98e369bc34cdfa6a3550469092638bb66dcdbac2bfd4eae6b46e58639d1dcbe0 |
Red Hat Enterprise Linux for Power, big endian 4
SRPM | |
---|---|
krb5-1.3.4-62.el4.src.rpm | SHA-256: 9e22b6056ba490d4838f2bf3de2057c6fa0ae0051b73485dc3d2c3c72dc39773 |
ppc | |
krb5-devel-1.3.4-62.el4.ppc.rpm | SHA-256: 41bef4b71e6c03de275479f6fc0946b2bce2eb2c7e899dfc9ff470cf0e494891 |
krb5-libs-1.3.4-62.el4.ppc.rpm | SHA-256: 71126174cf8aa1684b594ef11d7b9a27ab792f3c0bf71046cba65a719e2b144c |
krb5-libs-1.3.4-62.el4.ppc64.rpm | SHA-256: f7f120160777671097d6b548b9ca0ca5182f6a9abcff2629f5e5572bb035bee7 |
krb5-server-1.3.4-62.el4.ppc.rpm | SHA-256: 684bf22e3d4f5a9e7f620bfc8e4b7d52aea9914e021477c2d3d9a04f9339a5e6 |
krb5-workstation-1.3.4-62.el4.ppc.rpm | SHA-256: b7cd56f7620603d879d5cc423b16e97d3a40e7530a85d91e0c706573d6b6ab08 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.