[El-errata] ELSA-2007-0095 Critical: krb5 security update
el-errata at oss.oracle.com
el-errata at oss.oracle.com
Wed Apr 4 09:23:43 PDT 2007
Enterprise Linux Security Advisory ELSA-2007-0095
https://rhn.redhat.com/errata/RHSA-2007-0095.html
The following updated rpms for Enterprise Linux 4 have been uploaded to the Unbreakable Linux Network:
i386:
krb5-devel-1.3.4-46.i386.rpm
krb5-libs-1.3.4-46.i386.rpm
krb5-server-1.3.4-46.i386.rpm
krb5-workstation-1.3.4-46.i386.rpm
x86_64:
krb5-devel-1.3.4-46.x86_64.rpm
krb5-libs-1.3.4-46.i386.rpm
krb5-libs-1.3.4-46.x86_64.rpm
krb5-server-1.3.4-46.x86_64.rpm
krb5-workstation-1.3.4-46.x86_64.rpm
SRPMS:
http://oss.oracle.com/el4/SRPMS-updates/krb5-1.3.4-46.src.rpm
Description of changes:
[1.3.4-46]
- fix bug ID in changelog
[1.3.4-45]
- add preliminary patch to fix buffer overflow in krb5kdc and kadmind
(#231528, CVE-2007-0957)
- add preliminary patch to fix double-free in kadmind (#231537, CVE-2007-1216)
[1.3.4-44]
- temporarily disable bug fixes for #143289, #179062, #180671, #202191, #223669
for security update
- add preliminary patch to correct unauthorized access via krb5-aware telnet
daemon (#229782, CVE-2007-0956)
[1.3.4-43]
- re-enable fixes for #143289, #223669 and rebuild
[1.3.4-42]
- temporarily back out fixes for #143289, #223669 and rebuild
[1.3.4-41]
- update rcp non-fatal error patch to fix hangs on write errors, too (Jose
Plans, #223669)
[1.3.4-40]
- report a non-fatal error to the remote rcp when the client fails to open a
file for writing (#223669)
[1.3.4-39]
- refrain from killing any lingering members of our child's process group when
logging that the child process has exited (Jose Plans, #143289)
[1.3.4-38]
- correct syntax error in krb5-config.sh
[1.3.4-37]
- update to revised upstream patches for CVE-2006-3083 and CVE-2006-3084
(MITKRB5-SA-2006-001) to avoid unnecessary error messages from ksu (#209512)
[1.3.4-36]
- add missing shebang headers to krsh and krlogin wrapper scripts (#209238)
[1.3.4-35]
- backport changes to make krb5-devel multilib-safe (#202191, prereq for
[1.3.4-34]
- reapply changes for #198633, #179062, #180671
[1.3.4-33]
- temporarily revert changes for #198633
[ 1.3.4-32]
- rebuild
[1.3.4-31]
- temporarily revert changes for #179062
- temporarily revert changes for #180671
- apply patch to fix unchecked calls to setuid() (CVE-2006-3083) and
seteuid() (CVE-2006-3084) (#197818)
[1.3.4-30]
- incorporate fixes for hangs in the rsh client and server (#198633)
[1.3.4-29]
- if we fail to determine the name of a master KDC in
krb5_get_init_creds_keytab(), return the error we got from the non-master
rather than the can't-determine-the-name error, which isn't so useful,
matching the current release's behavior (#180671)
[1.3.4-28]
- reenable the fix for #179062
More information about the El-errata
mailing list