Skip to navigation

Bug Fix Advisory krb5 bug fix update

Advisory: RHBA-2010:0560-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2010-07-26
Last updated on: 2010-07-26
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Details

Kerberos is a trusted-third-party authentication system in which allows clients
and servers to authenticate to each other using symmetric encryption and the
trusted third party, the KDC.

The krb5-workstation includes a utility, ksu, which can be used to grant
privileged shell access to unprivileged users using Kerberos authentication. It
can also be used to grant access to shells running as unprivileged users.

These updated packages resolve the following issues:

* ksu used perform PAM account and session management for the target user after
switching to the privileges of the target user. As a result, if that user did
not have sufficient privileges, some modules which PAM could be configured to
use would not function properly.This update performs PAM account and session
management before assuming the privileges of the target user, fixing these bugs.
(BZ#602967 and BZ#615261)

Users of krb5-workstation are advised to upgrade to these updated packages,
which resolve these issues.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
krb5-1.6.1-36.el5_5.5.src.rpm
File outdated by:  RHSA-2013:0942
    MD5: d311849ebdcb8da6c8e1a1b3d2ca41fd
SHA-256: 4538aa43635447b7ff7309f69ee4d5f8114636cb90eb9ba910b5a8bff4095a53
 
IA-32:
krb5-devel-1.6.1-36.el5_5.5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: 524efaf532f62a35e7bdf976ea2762de
SHA-256: 54eb916371cd509ecf48dc6ac74cda48ee06f55b06a1c83926e7c524f64e2fe0
krb5-server-1.6.1-36.el5_5.5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: de2f64d71e872d576d15ddf540204f68
SHA-256: 545d373f69c19fb353e5394246801204eb293bd5af41f58c4fca00d72cfdcc71
 
x86_64:
krb5-devel-1.6.1-36.el5_5.5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: 524efaf532f62a35e7bdf976ea2762de
SHA-256: 54eb916371cd509ecf48dc6ac74cda48ee06f55b06a1c83926e7c524f64e2fe0
krb5-devel-1.6.1-36.el5_5.5.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: 9c074c65c4b3c32e75dbc799d1b7defe
SHA-256: 51ed21242597bcf0a8b9bbab67ce6006fe3b8fbdb602dc12c7c814a8f053bfca
krb5-server-1.6.1-36.el5_5.5.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: e2ca61f9322666dfe4c27eea126a02ab
SHA-256: dfc532e5194a1b74245ee25a223f7c792b42e49786bbb62fa5f482ca94b51f0c
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
krb5-1.6.1-36.el5_5.5.src.rpm
File outdated by:  RHSA-2013:0942
    MD5: d311849ebdcb8da6c8e1a1b3d2ca41fd
SHA-256: 4538aa43635447b7ff7309f69ee4d5f8114636cb90eb9ba910b5a8bff4095a53
 
IA-32:
krb5-devel-1.6.1-36.el5_5.5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: 524efaf532f62a35e7bdf976ea2762de
SHA-256: 54eb916371cd509ecf48dc6ac74cda48ee06f55b06a1c83926e7c524f64e2fe0
krb5-libs-1.6.1-36.el5_5.5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: b8f4a98ae83db9994955021dce6ee9aa
SHA-256: c3aef6d6858cd750cba782dc696875f8f60ea2e63cf7ebb6a9e504e518b3dae5
krb5-server-1.6.1-36.el5_5.5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: de2f64d71e872d576d15ddf540204f68
SHA-256: 545d373f69c19fb353e5394246801204eb293bd5af41f58c4fca00d72cfdcc71
krb5-workstation-1.6.1-36.el5_5.5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: ba8c95c6f06a4c5c80fe86c336c774c6
SHA-256: 7e14e3c2bd0a31df6a84bc662ef48c468024ab8dd09c292daf0d66d60601dd62
 
IA-64:
krb5-devel-1.6.1-36.el5_5.5.ia64.rpm
File outdated by:  RHSA-2013:0942
    MD5: a1d0125c3a0528b08e22199ce93a4e6c
SHA-256: 9a902c25f2e5caec00d295b752ca3b2d061e0ff6c743ebb481830f0b22c72fc2
krb5-libs-1.6.1-36.el5_5.5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: b8f4a98ae83db9994955021dce6ee9aa
SHA-256: c3aef6d6858cd750cba782dc696875f8f60ea2e63cf7ebb6a9e504e518b3dae5
krb5-libs-1.6.1-36.el5_5.5.ia64.rpm
File outdated by:  RHSA-2013:0942
    MD5: 6bcd3087ffcdc23096ba1c7990066822
SHA-256: 77299e9a34d4cdeed39011f759eac03d03cb62068a39a093843159cc9ad84825
krb5-server-1.6.1-36.el5_5.5.ia64.rpm
File outdated by:  RHSA-2013:0942
    MD5: a92b68b5a70a8284672bf566442a7b57
SHA-256: ada6e40c19adc31a329b46fb4cc878738d2c9f3a85f432c3a8c901e401318ba4
krb5-workstation-1.6.1-36.el5_5.5.ia64.rpm
File outdated by:  RHSA-2013:0942
    MD5: 6ad8709139f60c6947321e03770886ba
SHA-256: 510a83c18c04c077681b1df38b62d0c109f340593f33cbd57dcf8a8471ef8dcb
 
PPC:
krb5-devel-1.6.1-36.el5_5.5.ppc.rpm
File outdated by:  RHSA-2013:0942
    MD5: 633165c7633e974131a401663ac3a192
SHA-256: 01a78d3329868b7718a951e5fd8b964c1b0edce43915ff330be819d064d04f98
krb5-devel-1.6.1-36.el5_5.5.ppc64.rpm
File outdated by:  RHSA-2013:0942
    MD5: ed7139f92f8e692e0cf4053113e73cac
SHA-256: 128f066458fbb70958b8dc8da75881ac2f8a8a768da9ac753acf0d5461994e7a
krb5-libs-1.6.1-36.el5_5.5.ppc.rpm
File outdated by:  RHSA-2013:0942
    MD5: b9e2295fc774ae692c9e43d816b9ef3a
SHA-256: 9a07706e852ee65f54c59ff57b534a2064f5c536ae9562fe6325560dbfcecb3b
krb5-libs-1.6.1-36.el5_5.5.ppc64.rpm
File outdated by:  RHSA-2013:0942
    MD5: 59c19e35a360874d9ef20fd3f5e4bae0
SHA-256: de5c31bad62e29921662c8d2b34ae665e7a5a1d1af309e3e99840be84004a82c
krb5-server-1.6.1-36.el5_5.5.ppc.rpm
File outdated by:  RHSA-2013:0942
    MD5: 041faa9e62bd9a5d21ea2087d7528361
SHA-256: f66ad98f2b8fc5947e0308fba92091fbdcac0365699d67137c80f38829a00e65
krb5-workstation-1.6.1-36.el5_5.5.ppc.rpm
File outdated by:  RHSA-2013:0942
    MD5: 3aa4489f43c673f75d3b0f2055cc8236
SHA-256: e2f1b02b7d0d49139119adf466088ed90f2defd9ca06d4a16140a7520e531dbb
 
s390x:
krb5-devel-1.6.1-36.el5_5.5.s390.rpm
File outdated by:  RHSA-2013:0942
    MD5: 4d53cf749907991894b4dadc760d574d
SHA-256: 1482dde20bf75449dd87c8cffb657dbf7097c70ae49e1eccbe391998e205e856
krb5-devel-1.6.1-36.el5_5.5.s390x.rpm
File outdated by:  RHSA-2013:0942
    MD5: 3efced45c97ed72544e28a304ef16e1a
SHA-256: d0b75922f0797aaf77bf6e2cf03cfc6b330bf0b6a5f141aad41e5c7734a9c4f6
krb5-libs-1.6.1-36.el5_5.5.s390.rpm
File outdated by:  RHSA-2013:0942
    MD5: d3ec5196321cd991efed4ebae0bf455d
SHA-256: d0be7f67ad208ab513172808802383d1ab15c489905943c304a78acf768bb104
krb5-libs-1.6.1-36.el5_5.5.s390x.rpm
File outdated by:  RHSA-2013:0942
    MD5: b9fb2533856943ec57c8653ba4e5cec2
SHA-256: 420fce59c66d8ac1221f493fd987c8573284d530ff461696783286b7d6a403d0
krb5-server-1.6.1-36.el5_5.5.s390x.rpm
File outdated by:  RHSA-2013:0942
    MD5: 27068fc69ea27f244046e794d365e2c6
SHA-256: 8cb6204e67552bf7867929de90270977c9b49354d7f38479ec29f314925d80ab
krb5-workstation-1.6.1-36.el5_5.5.s390x.rpm
File outdated by:  RHSA-2013:0942
    MD5: c118d638872f3e162aadbfc6704b03c5
SHA-256: 09b9ab6cb536ff0bc3b8e3611753698324184d4b1c6f164bd91be4fcd908015e
 
x86_64:
krb5-devel-1.6.1-36.el5_5.5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: 524efaf532f62a35e7bdf976ea2762de
SHA-256: 54eb916371cd509ecf48dc6ac74cda48ee06f55b06a1c83926e7c524f64e2fe0
krb5-devel-1.6.1-36.el5_5.5.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: 9c074c65c4b3c32e75dbc799d1b7defe
SHA-256: 51ed21242597bcf0a8b9bbab67ce6006fe3b8fbdb602dc12c7c814a8f053bfca
krb5-libs-1.6.1-36.el5_5.5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: b8f4a98ae83db9994955021dce6ee9aa
SHA-256: c3aef6d6858cd750cba782dc696875f8f60ea2e63cf7ebb6a9e504e518b3dae5
krb5-libs-1.6.1-36.el5_5.5.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: b6b684792b7741a305c9a5419de31ef5
SHA-256: e4135f3c7ec45b970e6ee22671b69f5c2b48b93d789afe388e8c47cdb4f2cf51
krb5-server-1.6.1-36.el5_5.5.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: e2ca61f9322666dfe4c27eea126a02ab
SHA-256: dfc532e5194a1b74245ee25a223f7c792b42e49786bbb62fa5f482ca94b51f0c
krb5-workstation-1.6.1-36.el5_5.5.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: 457e28d83746aad6bf7a2b06c9fb9ee0
SHA-256: 9b8a5d8e1124a036943854387afc71cae2e03df46c4b8ee200f7adf61be7cdfa
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
krb5-1.6.1-36.el5_5.5.src.rpm
File outdated by:  RHSA-2013:0942
    MD5: d311849ebdcb8da6c8e1a1b3d2ca41fd
SHA-256: 4538aa43635447b7ff7309f69ee4d5f8114636cb90eb9ba910b5a8bff4095a53
 
IA-32:
krb5-libs-1.6.1-36.el5_5.5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: b8f4a98ae83db9994955021dce6ee9aa
SHA-256: c3aef6d6858cd750cba782dc696875f8f60ea2e63cf7ebb6a9e504e518b3dae5
krb5-workstation-1.6.1-36.el5_5.5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: ba8c95c6f06a4c5c80fe86c336c774c6
SHA-256: 7e14e3c2bd0a31df6a84bc662ef48c468024ab8dd09c292daf0d66d60601dd62
 
x86_64:
krb5-libs-1.6.1-36.el5_5.5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: b8f4a98ae83db9994955021dce6ee9aa
SHA-256: c3aef6d6858cd750cba782dc696875f8f60ea2e63cf7ebb6a9e504e518b3dae5
krb5-libs-1.6.1-36.el5_5.5.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: b6b684792b7741a305c9a5419de31ef5
SHA-256: e4135f3c7ec45b970e6ee22671b69f5c2b48b93d789afe388e8c47cdb4f2cf51
krb5-workstation-1.6.1-36.el5_5.5.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: 457e28d83746aad6bf7a2b06c9fb9ee0
SHA-256: 9b8a5d8e1124a036943854387afc71cae2e03df46c4b8ee200f7adf61be7cdfa
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

602967 - ksu with pam occasionally fails
615261 - [RHEL 5.5?] /etc/security/access.conf must be 444 for ksu to function properly


Keywords

krb5, ksu, pam


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/