Skip to navigation

Security Advisory Important: krb5 security update

Advisory: RHSA-2007:0892-2
Type: Security Advisory
Severity: Important
Issued on: 2007-09-07
Last updated on: 2007-09-07
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2007-4743

Details

Updated krb5 packages that correct a security flaw are now available for
Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Kerberos is a network authentication system which allows clients and
servers to authenticate to each other through use of symmetric encryption
and a trusted third party, the KDC. kadmind is the KADM5 administration
server.

The MIT Kerberos Team discovered a problem with the originally published
patch for svc_auth_gss.c (CVE-2007-3999). A remote unauthenticated
attacker who can access kadmind could trigger this flaw and cause kadmind
to crash. On Red Hat Enterprise Linux 5 it is not possible to exploit this
flaw to run arbitrary code as the overflow is blocked by FORTIFY_SOURCE.
(CVE-2007-4743)

This issue did not affect the versions of Kerberos distributed with Red
Hat Enterprise Linux 2.1, 3, or 4.

Users of krb5-server are advised to update to these erratum packages which
contain a corrected backported fix for this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
krb5-1.5-29.src.rpm
File outdated by:  RHSA-2013:0942
    MD5: 825ddbdc5d0d34099fc4ad64d36f4319
 
IA-32:
krb5-devel-1.5-29.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: bf248e6abade39c2ecaa8243566b6cc7
krb5-server-1.5-29.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: d5218610f15e702055e6cb3bc34397dc
 
x86_64:
krb5-devel-1.5-29.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: bf248e6abade39c2ecaa8243566b6cc7
krb5-devel-1.5-29.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: 891392dc7551dc50ea8dc2b5f2bca601
krb5-server-1.5-29.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: e4fff97ed9a00cb8771a58292bb48f06
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
krb5-1.5-29.src.rpm
File outdated by:  RHSA-2013:0942
    MD5: 825ddbdc5d0d34099fc4ad64d36f4319
 
IA-32:
krb5-devel-1.5-29.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: bf248e6abade39c2ecaa8243566b6cc7
krb5-libs-1.5-29.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: 00fd7d19bdfb7206bc203e7320250761
krb5-server-1.5-29.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: d5218610f15e702055e6cb3bc34397dc
krb5-workstation-1.5-29.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: 3ef36114368f3cbd86e062c07271948c
 
IA-64:
krb5-devel-1.5-29.ia64.rpm
File outdated by:  RHSA-2013:0942
    MD5: 30bf7d79eddef0731ba4e24cf5b8c741
krb5-libs-1.5-29.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: 00fd7d19bdfb7206bc203e7320250761
krb5-libs-1.5-29.ia64.rpm
File outdated by:  RHSA-2013:0942
    MD5: af876b898ae7ac055ec340fa7356a9e0
krb5-server-1.5-29.ia64.rpm
File outdated by:  RHSA-2013:0942
    MD5: a725ad3b4aa57a14759bb0970433180e
krb5-workstation-1.5-29.ia64.rpm
File outdated by:  RHSA-2013:0942
    MD5: 887a69b951556747567a5dc626a13ecf
 
PPC:
krb5-devel-1.5-29.ppc.rpm
File outdated by:  RHSA-2013:0942
    MD5: 4165e2b7aa9153668a199781ecba6d19
krb5-devel-1.5-29.ppc64.rpm
File outdated by:  RHSA-2013:0942
    MD5: cfca3e64c19bae40f0ecab452649ec31
krb5-libs-1.5-29.ppc.rpm
File outdated by:  RHSA-2013:0942
    MD5: f366aa3cec08f584c88767cfa6612206
krb5-libs-1.5-29.ppc64.rpm
File outdated by:  RHSA-2013:0942
    MD5: 851aef665207ae0ad32ef7b0532aad7d
krb5-server-1.5-29.ppc.rpm
File outdated by:  RHSA-2013:0942
    MD5: 27f30dfe5a9759a9a4358c3b04f038f5
krb5-workstation-1.5-29.ppc.rpm
File outdated by:  RHSA-2013:0942
    MD5: da64453a2cd7040eb79a967a1f633b47
 
s390x:
krb5-devel-1.5-29.s390.rpm
File outdated by:  RHSA-2013:0942
    MD5: ef30b93ebdb3be79c2967195fc05857a
krb5-devel-1.5-29.s390x.rpm
File outdated by:  RHSA-2013:0942
    MD5: 6cbf3138061196eae451d90333f5dc1b
krb5-libs-1.5-29.s390.rpm
File outdated by:  RHSA-2013:0942
    MD5: f0c64ed436eb6af72084e148eaf07a1c
krb5-libs-1.5-29.s390x.rpm
File outdated by:  RHSA-2013:0942
    MD5: 5218436ecb5a97de43f96585e76d3776
krb5-server-1.5-29.s390x.rpm
File outdated by:  RHSA-2013:0942
    MD5: d53dfdf1222dc096a228a73a49e3a361
krb5-workstation-1.5-29.s390x.rpm
File outdated by:  RHSA-2013:0942
    MD5: 14e97979433df3744f68e4f0058f482a
 
x86_64:
krb5-devel-1.5-29.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: bf248e6abade39c2ecaa8243566b6cc7
krb5-devel-1.5-29.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: 891392dc7551dc50ea8dc2b5f2bca601
krb5-libs-1.5-29.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: 00fd7d19bdfb7206bc203e7320250761
krb5-libs-1.5-29.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: c164118f540ee1bac62d882fe9dec19f
krb5-server-1.5-29.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: e4fff97ed9a00cb8771a58292bb48f06
krb5-workstation-1.5-29.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: de907c36f79439aaa445ae73c5582fce
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
krb5-1.5-29.src.rpm
File outdated by:  RHSA-2013:0942
    MD5: 825ddbdc5d0d34099fc4ad64d36f4319
 
IA-32:
krb5-libs-1.5-29.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: 00fd7d19bdfb7206bc203e7320250761
krb5-workstation-1.5-29.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: 3ef36114368f3cbd86e062c07271948c
 
x86_64:
krb5-libs-1.5-29.i386.rpm
File outdated by:  RHSA-2013:0942
    MD5: 00fd7d19bdfb7206bc203e7320250761
krb5-libs-1.5-29.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: c164118f540ee1bac62d882fe9dec19f
krb5-workstation-1.5-29.x86_64.rpm
File outdated by:  RHSA-2013:0942
    MD5: de907c36f79439aaa445ae73c5582fce
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

281561 - CVE-2007-4743 krb5 incomplete fix for CVE-2007-3999


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/