[El-errata] ELSA-2007-0095 Critical: krb5 security update

el-errata at oss.oracle.com el-errata at oss.oracle.com
Wed Apr 4 09:23:43 PDT 2007 

Enterprise Linux Security Advisory ELSA-2007-0095

https://rhn.redhat.com/errata/RHSA-2007-0095.html

The following updated rpms for Enterprise Linux 4 have been uploaded to the Unbreakable Linux Network:

i386: 
krb5-devel-1.3.4-46.i386.rpm
krb5-libs-1.3.4-46.i386.rpm
krb5-server-1.3.4-46.i386.rpm
krb5-workstation-1.3.4-46.i386.rpm

x86_64:
krb5-devel-1.3.4-46.x86_64.rpm
krb5-libs-1.3.4-46.i386.rpm
krb5-libs-1.3.4-46.x86_64.rpm
krb5-server-1.3.4-46.x86_64.rpm
krb5-workstation-1.3.4-46.x86_64.rpm

SRPMS:

http://oss.oracle.com/el4/SRPMS-updates/krb5-1.3.4-46.src.rpm

Description of changes:

[1.3.4-46]
- fix bug ID in changelog

[1.3.4-45]
- add preliminary patch to fix buffer overflow in krb5kdc and kadmind
  (#231528, CVE-2007-0957)
- add preliminary patch to fix double-free in kadmind (#231537, CVE-2007-1216)

[1.3.4-44]
- temporarily disable bug fixes for #143289, #179062, #180671, #202191, #223669
  for security update
- add preliminary patch to correct unauthorized access via krb5-aware telnet
  daemon (#229782, CVE-2007-0956)

[1.3.4-43]
- re-enable fixes for #143289, #223669 and rebuild

[1.3.4-42]
- temporarily back out fixes for #143289, #223669 and rebuild

[1.3.4-41]
- update rcp non-fatal error patch to fix hangs on write errors, too (Jose
  Plans, #223669)

[1.3.4-40]
- report a non-fatal error to the remote rcp when the client fails to open a
  file for writing (#223669)

[1.3.4-39]
- refrain from killing any lingering members of our child's process group when
  logging that the child process has exited (Jose Plans, #143289)

[1.3.4-38]
- correct syntax error in krb5-config.sh

[1.3.4-37]
- update to revised upstream patches for CVE-2006-3083 and CVE-2006-3084
  (MITKRB5-SA-2006-001) to avoid unnecessary error messages from ksu (#209512)

[1.3.4-36]
- add missing shebang headers to krsh and krlogin wrapper scripts (#209238)

[1.3.4-35]
- backport changes to make krb5-devel multilib-safe (#202191, prereq for

[1.3.4-34]
- reapply changes for #198633, #179062, #180671

[1.3.4-33]
- temporarily revert changes for #198633

[ 1.3.4-32]
- rebuild

[1.3.4-31]
- temporarily revert changes for #179062
- temporarily revert changes for #180671
- apply patch to fix unchecked calls to setuid() (CVE-2006-3083) and
  seteuid() (CVE-2006-3084) (#197818)

[1.3.4-30]
- incorporate fixes for hangs in the rsh client and server (#198633)

[1.3.4-29]
- if we fail to determine the name of a master KDC in
  krb5_get_init_creds_keytab(), return the error we got from the non-master
  rather than the can't-determine-the-name error, which isn't so useful,
  matching the current release's behavior (#180671)

[1.3.4-28]
- reenable the fix for #179062

More information about the El-errata mailing list