[SECURITY] Fedora Core 5 Update: mod_auth_kerb-5.3-2.fc5

Joe Orton jorton at redhat.com
Wed Nov 29 12:26:01 UTC 2006 

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-1341
2006-11-29
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : mod_auth_kerb
Version     : 5.3
Release     : 2.fc5
Summary     : Kerberos authentication module for HTTP
Description :
mod_auth_kerb is module for the Apache HTTP Server designed to
provide Kerberos authentication over HTTP.  The module supports the
Negotiate authentication method, which performs full Kerberos
authentication based on ticket exchanges.

---------------------------------------------------------------------
Update Information:

This update includes the latest upstream release of
mod_auth_kerb, version 5.3, which includes the fix for a
security issue.

An off by one flaw was found in the way mod_auth_kerb
handles certain Kerberos authentication messages. A remote
client could send a specially crafted authentication request
which could crash an httpd child process (CVE-2006-5989).

---------------------------------------------------------------------
* Tue Nov 28 2006 Joe Orton <jorton at redhat.com> 5.3-2.fc5
- fix r->user caching (Enrico Scholz, #214207)
* Thu Nov 23 2006 Joe Orton <jorton at redhat.com> 5.3-1.fc5
- update to 5.3 (CVE-2006-5989, #215443)

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

69de23600ac2b927af4b24498c056be48f6ce707  SRPMS/mod_auth_kerb-5.3-2.fc5.src.rpm
69de23600ac2b927af4b24498c056be48f6ce707  noarch/mod_auth_kerb-5.3-2.fc5.src.rpm
1a7fff3cfb20d2447ba27cab093944d37037b6d6  ppc/debug/mod_auth_kerb-debuginfo-5.3-2.fc5.ppc.rpm
13dd78d44664c5c29672a55ca6e35de534fcb705  ppc/mod_auth_kerb-5.3-2.fc5.ppc.rpm
e77cbc87eab362aa9d71cdac44a727fa9fe5f917  x86_64/mod_auth_kerb-5.3-2.fc5.x86_64.rpm
6e1ccab28dc654035684d3a3ff048bd78f4f7bc3  x86_64/debug/mod_auth_kerb-debuginfo-5.3-2.fc5.x86_64.rpm
d7319c95d15a63cd7ae9dea639a1de657ba854c0  i386/debug/mod_auth_kerb-debuginfo-5.3-2.fc5.i386.rpm
c3c8a4d6adf29a6b94c739a502d7bb7c4e66d200  i386/mod_auth_kerb-5.3-2.fc5.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

More information about the Fedora-package-announce mailing list