Skip to navigation

Bug Fix Advisory krb5 bug fix and enhancement update

Advisory: RHBA-2011:1031-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2011-07-21
Last updated on: 2011-07-21
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Details

Updated krb5 packages that fix multiple bugs and add one enhancement are now
available for Red Hat Enterprise Linux 5.

Kerberos is a network authentication system which allows clients and servers to
authenticate to each other with the help of a trusted third party, a KDC.

This update fixes the following bugs:

* Prior to this update,the lock of the realm database could, under certain
circumstances, not be released. Due to this problem, the lock could not be
acquired until the clearing process was stopped or restarted. With this update,
the realm database is successfully locked. (BZ#586032)

* Prior to this update,the Kerberos-aware FTP server did not parse the
"restrict" keyword correctly when it was used in /etc/ftpusers. This update
modifies the code so that the server parses the "restrict" keyword correctly.
(BZ#644215)

* Prior to this update,the Kerberos-aware FTP client did not correctly display
the size of a transferred file on 32-bit systems if the size of the file
exceeded 4GB. This update modifies the type of the variable used to track the
number of bytes transferred. (BZ#648404)

* Prior to this update, the client libraries failed, under certain
circumstances, to parse an error reply message from the server when trying to
change passwords. With this update, the client library can parse the message and
correctly returns the reported error to its caller. (BZ#658871)

* Prior to this update, Kerberos-aware servers leaked memory when replay caching
was disabled. This update modifies the code so that no more memory leaks occur.
(BZ#678205)

* Prior to this update, the SELinux label was not maintained for replay cache
files when expired entries were expunged. This update maintains the reply cache
files in such a case. (BZ#712453)

This update also adds the following enhancement:

* Prior to this update, the Kerberos-aware FTP client was not able to parse user
commands if the length of the command exceeded the limit of 500 characters. This
update allows for the Kerberos-aware FTP client to parse user commands without
character limit. (BZ#665833)

All Kerberos users are advised to upgrade to these updated packages, which fix
these bugs and add this enhancement.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259/

Updated packages

RHEL Desktop Workstation (v. 5 client)

IA-32:
krb5-devel-1.6.1-62.el5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: 970ef53fd8b59c949c89132d6dd386d2
SHA-256: 4cded338f4f9bf30cd29a69e9a2c061c6bace68551608d28b1aa9360ff7e837c
krb5-server-1.6.1-62.el5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: 1328c7393d0bdde818658484cf67b8a0
SHA-256: 44ba72eb8a22ad3fd862e6f9d052a3541266d490be795db3bed34ff09f171621
krb5-server-ldap-1.6.1-62.el5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: fc51e682b46ae8297ff8827a3b9b0451
SHA-256: 7b8ef36f4ebf5edd78bb80b748993645a1033cca79e725606a0ee0066e4f0fc1
 
x86_64:
krb5-devel-1.6.1-62.el5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: 970ef53fd8b59c949c89132d6dd386d2
SHA-256: 4cded338f4f9bf30cd29a69e9a2c061c6bace68551608d28b1aa9360ff7e837c
krb5-devel-1.6.1-62.el5.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: c970345fc962105a167f1200acc6f12c
SHA-256: 9f6c3b30f9db8d5a6f17d21c757b9c3b55696d1a798f931a49470fa8fca8b5f0
krb5-server-1.6.1-62.el5.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: a0a56dadf642ea5c8629787de607fa54
SHA-256: ada8186b00c83d16c8675cce83295e6fed0998baa7524d4fdc780cce13389b58
krb5-server-ldap-1.6.1-62.el5.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: ef785665265dcdd5970f6f069d9d402b
SHA-256: 8b340b6d10af8b527333ecbd3dc48b581e0efc890f815e13149ef560fa5a10f8
 
Red Hat Enterprise Linux (v. 5 server)

IA-32:
krb5-devel-1.6.1-62.el5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: 970ef53fd8b59c949c89132d6dd386d2
SHA-256: 4cded338f4f9bf30cd29a69e9a2c061c6bace68551608d28b1aa9360ff7e837c
krb5-libs-1.6.1-62.el5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: 908eb96c2d6d9ca526b1a23eb1235678
SHA-256: da12f8224c8256a872acaa584bae35a893d19d221e7980fdda21a1feea3b48db
krb5-server-1.6.1-62.el5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: 1328c7393d0bdde818658484cf67b8a0
SHA-256: 44ba72eb8a22ad3fd862e6f9d052a3541266d490be795db3bed34ff09f171621
krb5-server-ldap-1.6.1-62.el5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: fc51e682b46ae8297ff8827a3b9b0451
SHA-256: 7b8ef36f4ebf5edd78bb80b748993645a1033cca79e725606a0ee0066e4f0fc1
krb5-workstation-1.6.1-62.el5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: 9e6211164d442147811209ca9b0791c8
SHA-256: ac3b3ea76e47a45030f6b9199b6aaa7a39b243890076d5bf02d8ce94b78166ec
 
IA-64:
krb5-devel-1.6.1-62.el5.ia64.rpm
File outdated by:  RHSA-2013:0942
    MD5: acaa11236ed87421f46783b9af11bb1f
SHA-256: 1c468cb66ea89acac539a4a9c6859006eb8f259dce4553f6784ab5ae2658b0c0
krb5-libs-1.6.1-62.el5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: 908eb96c2d6d9ca526b1a23eb1235678
SHA-256: da12f8224c8256a872acaa584bae35a893d19d221e7980fdda21a1feea3b48db
krb5-libs-1.6.1-62.el5.ia64.rpm
File outdated by:  RHSA-2013:0942
    MD5: 1255f1d7c0751a975a5e0548916ae623
SHA-256: d70ee282c56c7094e2a4f98f43f3a7577eed475cfb6aabbc5240c65efe520bbb
krb5-server-1.6.1-62.el5.ia64.rpm
File outdated by:  RHSA-2013:0942
    MD5: 84ce391915ea74e8ecc7c88d7d9e1615
SHA-256: 173e8d77e13bb64de4ae0d45c71a4fabd19b06b07b65cea6f277c077ea106c42
krb5-server-ldap-1.6.1-62.el5.ia64.rpm
File outdated by:  RHSA-2013:0942
    MD5: fad56d57deb294f429455e20d45ecc24
SHA-256: 8466e44d344d4a81794f79574731369ebeb63b759ff78adba07412cff4e8e85e
krb5-workstation-1.6.1-62.el5.ia64.rpm
File outdated by:  RHSA-2013:0942
    MD5: 77e6c377b039a02ec80ce756d5d08afa
SHA-256: 5f74c8b6f42809b14e5a7dab73ac9751dc75bc729733ac2597460fe9dc7ad26d
 
PPC:
krb5-devel-1.6.1-62.el5.ppc.rpm
File outdated by:  RHSA-2013:0942
    MD5: 3fbaa6bb4becc6c41b655719fba5f270
SHA-256: 1ccce92fbfaf94e4546f7c11783b21de57c6c31f11cdeebe6af7d334100ca1b5
krb5-devel-1.6.1-62.el5.ppc64.rpm
File outdated by:  RHSA-2013:0942
    MD5: 3c11a3abd35dd483bceba419ab06130f
SHA-256: 841f75ee937fab8e77e39229d1fbaba224c70a5337e375ce007621b8bdbc3147
krb5-libs-1.6.1-62.el5.ppc.rpm
File outdated by:  RHSA-2013:0942
    MD5: 7ccf149167b646e74c12f44ab023a7df
SHA-256: 505d2aff911a3b07d8ecb8114c26ce8c3b8a54ec51e6798c0b9f8ec29396f222
krb5-libs-1.6.1-62.el5.ppc64.rpm
File outdated by:  RHSA-2013:0942
    MD5: 95252af945398dd4b1f11d5b37900c81
SHA-256: d48f600a6aab085d96b8be3ac0c1155b1448f3a849505ba4bb8610bb5ba16579
krb5-server-1.6.1-62.el5.ppc.rpm
File outdated by:  RHSA-2013:0942
    MD5: 7984ee80ba99b6539108988472e3096c
SHA-256: 50ed859cfb67dd4569f35f603ba6431a7d1df47dd6e37c2b018663a6771a347d
krb5-server-ldap-1.6.1-62.el5.ppc.rpm
File outdated by:  RHSA-2013:0942
    MD5: 4953268b753e2aa050aa63d58d675cb6
SHA-256: c08a79772a6549d53e438e1fbded4bf4a0369cf8c1fb9d391c073a5107d77011
krb5-workstation-1.6.1-62.el5.ppc.rpm
File outdated by:  RHSA-2013:0942
    MD5: 2fa709809ddfff77c5d6039751a88adc
SHA-256: 4be9be22f77de57f05650b7079769bbd74e69f8c06eedb031dafe30331d26b81
 
s390x:
krb5-devel-1.6.1-62.el5.s390.rpm
File outdated by:  RHSA-2013:0942
    MD5: 51e06ef6296b0512a32050123a5185a3
SHA-256: 4c4d817f40c98bf3a71f8f56d21346444e15691fbd3825057b9858d3a6cf5312
krb5-devel-1.6.1-62.el5.s390x.rpm
File outdated by:  RHSA-2013:0942
    MD5: 6458dcda46483445445a9b6f24443fc3
SHA-256: ac24aea2d370f3c840b9f672ea60c8ef146e2192fd0a7a18409abf5ede1051f0
krb5-libs-1.6.1-62.el5.s390.rpm
File outdated by:  RHSA-2013:0942
    MD5: 1991435e390aea9019929d53cc13f802
SHA-256: 59dbec9ab0e6665074856bc71fbbd0e551852579172275d0451665cd12d68455
krb5-libs-1.6.1-62.el5.s390x.rpm
File outdated by:  RHSA-2013:0942
    MD5: 65fd74494922028ce7487afc1ccbea86
SHA-256: 533908ddf4a983916684b81053c868229bc0d5631a1a352ec7d4494b89dd172e
krb5-server-1.6.1-62.el5.s390x.rpm
File outdated by:  RHSA-2013:0942
    MD5: 5069de364b58d2d4c58b46fdc5e509d2
SHA-256: 739356a6f5acc01a8f37c71df9023d66b486f12752b63f30a170fc6501b2b8a6
krb5-server-ldap-1.6.1-62.el5.s390x.rpm
File outdated by:  RHSA-2013:0942
    MD5: 9eaf4ec386736179679e6cec12238e3b
SHA-256: e22bdf22663c1170993aa067b35e6cfb9e0d68b833f4a7fb5d0a365964e8bf3d
krb5-workstation-1.6.1-62.el5.s390x.rpm
File outdated by:  RHSA-2013:0942
    MD5: 2429497b5a7f2f4a3b3a615590a4bede
SHA-256: f126467e773ec241242a091eae90c60dfebbb91e1dca27067a74c764117bb771
 
x86_64:
krb5-devel-1.6.1-62.el5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: 970ef53fd8b59c949c89132d6dd386d2
SHA-256: 4cded338f4f9bf30cd29a69e9a2c061c6bace68551608d28b1aa9360ff7e837c
krb5-devel-1.6.1-62.el5.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: c970345fc962105a167f1200acc6f12c
SHA-256: 9f6c3b30f9db8d5a6f17d21c757b9c3b55696d1a798f931a49470fa8fca8b5f0
krb5-libs-1.6.1-62.el5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: 908eb96c2d6d9ca526b1a23eb1235678
SHA-256: da12f8224c8256a872acaa584bae35a893d19d221e7980fdda21a1feea3b48db
krb5-libs-1.6.1-62.el5.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: f5fa0a0c5e61d979dc5e28740533487c
SHA-256: 236c575cef90687b5d2f6e97c2614ed12a2531678b621e326d35f514da255663
krb5-server-1.6.1-62.el5.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: a0a56dadf642ea5c8629787de607fa54
SHA-256: ada8186b00c83d16c8675cce83295e6fed0998baa7524d4fdc780cce13389b58
krb5-server-ldap-1.6.1-62.el5.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: ef785665265dcdd5970f6f069d9d402b
SHA-256: 8b340b6d10af8b527333ecbd3dc48b581e0efc890f815e13149ef560fa5a10f8
krb5-workstation-1.6.1-62.el5.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: 226363154875a647e7deb8a969d10d17
SHA-256: e19706944e31dabb1dca16c797d6282a0d6032202b1ca75975231b7d9714afca
 
Red Hat Enterprise Linux Desktop (v. 5 client)

IA-32:
krb5-libs-1.6.1-62.el5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: 908eb96c2d6d9ca526b1a23eb1235678
SHA-256: da12f8224c8256a872acaa584bae35a893d19d221e7980fdda21a1feea3b48db
krb5-workstation-1.6.1-62.el5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: 9e6211164d442147811209ca9b0791c8
SHA-256: ac3b3ea76e47a45030f6b9199b6aaa7a39b243890076d5bf02d8ce94b78166ec
 
x86_64:
krb5-libs-1.6.1-62.el5.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: 908eb96c2d6d9ca526b1a23eb1235678
SHA-256: da12f8224c8256a872acaa584bae35a893d19d221e7980fdda21a1feea3b48db
krb5-libs-1.6.1-62.el5.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: f5fa0a0c5e61d979dc5e28740533487c
SHA-256: 236c575cef90687b5d2f6e97c2614ed12a2531678b621e326d35f514da255663
krb5-workstation-1.6.1-62.el5.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: 226363154875a647e7deb8a969d10d17
SHA-256: e19706944e31dabb1dca16c797d6282a0d6032202b1ca75975231b7d9714afca
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

586032 - kadmind fails to lock db during password change: Cannot lock database
644215 - krb5ftpd off by one error when reading /etc/ftpusers for restricted users
648404 - Kerberos ftp shows wrong transferred bytes when transferring a file in size of more than 4GiB.
658871 - krb5-lib wrongly considers KRB5KRB_AP_ERR_REPEAT error from MS AD as correct application reply leading to wrong error "Requested protocol version not supported"
712453 - application linked to krb5-libs creates /var/tmp/host_0 with wrong selinux context


Keywords

Kerberos, krb5,


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/