Skip to navigation

Bug Fix Advisory pam_krb5 bug fix update

Advisory: RHBA-2011:1016-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2011-07-21
Last updated on: 2011-07-21
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Details

An updated pam_krb5 package that fixes various bugs is now available for Red Hat
Enterprise Linux 5.

The pam_krb5 package allows applications which use the Pluggable Authentication
Modules (PAM) framework to perform password-based authentication using Kerberos
5.

This updated pam_krb5 package includes fixes for the following bugs:

* Previously, multiple authentication attempts may have led to a memory leak
when the pam_krb5 module was unloaded. This was caused when the calling
application cleaned up the context it used when interacting with the libpam.
This has been fixed by preventing the module from being unloaded. (BZ#643962)

* An attempt to set a new Kerberos password using the "passwd" command failed
due to a bug which was triggered when the smart card authentication method was
enabled and the card was plugged in. This problem has been fixed and users are
now able to change the Kerberos password. (BZ#713967)

All users of pam_krb5 are advised to upgrade to this updated package, which
resolves these issues.


Solution

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat
Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
pam_krb5-2.2.14-21.el5.src.rpm
File outdated by:  RHBA-2012:0246
    MD5: 0cfb84f1a66af3dd125988597edda2fa
SHA-256: 2aa91b66321aba12e2d1614cb7d0b79be8f9e605b5be407785b4ca34cab4ec85
 
IA-32:
pam_krb5-2.2.14-21.el5.i386.rpm
File outdated by:  RHBA-2012:0246
    MD5: 220d5b00e107c20a841f41c354049e9d
SHA-256: 6ece1283985681d2b1fdc8ef101f1cec2f7b5f7d07336c844a5504180181a274
 
IA-64:
pam_krb5-2.2.14-21.el5.i386.rpm
File outdated by:  RHBA-2012:0246
    MD5: 220d5b00e107c20a841f41c354049e9d
SHA-256: 6ece1283985681d2b1fdc8ef101f1cec2f7b5f7d07336c844a5504180181a274
pam_krb5-2.2.14-21.el5.ia64.rpm
File outdated by:  RHBA-2012:0246
    MD5: 50b4db5946b954e12e1e28562f06ed90
SHA-256: 454d16d5b07e2cdd068057507b6da62a389308926b12eb64ef6d09eb1f36c0a6
 
PPC:
pam_krb5-2.2.14-21.el5.ppc.rpm
File outdated by:  RHBA-2012:0246
    MD5: 2385dad021e68b6a8d9d6e9569dac6b5
SHA-256: 5d0bf8e01f3e01b7be323923a9a8d36b8a5d81034337f9c6262e35e9d73f8ec4
pam_krb5-2.2.14-21.el5.ppc64.rpm
File outdated by:  RHBA-2012:0246
    MD5: a73d14bb58edc4de0410de3d57aa5fdb
SHA-256: 5d2ebe272e999c0c237eac3a9bed388f03b73077eafacf23aab70cdafd1c13a4
 
s390x:
pam_krb5-2.2.14-21.el5.s390.rpm
File outdated by:  RHBA-2012:0246
    MD5: 0fcbbd6ee19d999babeb0863f0d66b59
SHA-256: 72a25c92839678e751827445c816c81970aa204ffc3399e0f462650a313a2aa3
pam_krb5-2.2.14-21.el5.s390x.rpm
File outdated by:  RHBA-2012:0246
    MD5: e1a7d6285ccf8511fcd5f349790010f4
SHA-256: 4d40ec92c2c8530d42f4b7559428f1fa1c33c506456ea2fe31fdad13e700083b
 
x86_64:
pam_krb5-2.2.14-21.el5.i386.rpm
File outdated by:  RHBA-2012:0246
    MD5: 220d5b00e107c20a841f41c354049e9d
SHA-256: 6ece1283985681d2b1fdc8ef101f1cec2f7b5f7d07336c844a5504180181a274
pam_krb5-2.2.14-21.el5.x86_64.rpm
File outdated by:  RHBA-2012:0246
    MD5: a80168801fbc2aa69563e631223b9619
SHA-256: da013ae46cb80c0284375420f4f23112a60509a2847912c523de433303b5f0f4
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
pam_krb5-2.2.14-21.el5.src.rpm
File outdated by:  RHBA-2012:0246
    MD5: 0cfb84f1a66af3dd125988597edda2fa
SHA-256: 2aa91b66321aba12e2d1614cb7d0b79be8f9e605b5be407785b4ca34cab4ec85
 
IA-32:
pam_krb5-2.2.14-21.el5.i386.rpm
File outdated by:  RHBA-2012:0246
    MD5: 220d5b00e107c20a841f41c354049e9d
SHA-256: 6ece1283985681d2b1fdc8ef101f1cec2f7b5f7d07336c844a5504180181a274
 
x86_64:
pam_krb5-2.2.14-21.el5.i386.rpm
File outdated by:  RHBA-2012:0246
    MD5: 220d5b00e107c20a841f41c354049e9d
SHA-256: 6ece1283985681d2b1fdc8ef101f1cec2f7b5f7d07336c844a5504180181a274
pam_krb5-2.2.14-21.el5.x86_64.rpm
File outdated by:  RHBA-2012:0246
    MD5: a80168801fbc2aa69563e631223b9619
SHA-256: da013ae46cb80c0284375420f4f23112a60509a2847912c523de433303b5f0f4
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

643962 - [NetApp 5.7 bug] Memory leak on PAM for Active Directory users
713967 - Smart card login with Kerberos credential: passwd command does not change the kerberos password.


Keywords

change, initialization, library, memory, password, shared


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/