[SECURITY] Fedora Core 6 Update: krb5-1.5-21

Nalin Dahyabhai nalin at redhat.com
Tue Apr 3 20:13:33 UTC 2007

Fedora Update Notification

Product     : Fedora Core 6
Name        : krb5
Version     : 1.5
Release     : 21
Summary     : The Kerberos network authentication system.
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.

Update Information:

This update incorporates fixes for MITKRB5-SA-2007-001
(unauthorized access via telnetd), MITKRB5-SA-2007-002
(buffer overflow in KDC and kadmind logging), and
MITKRB5-SA-2007-003 (double-free in kadmind).
* Thu Mar 15 2007 Nalin Dahyabhai <nalin at redhat.com> 1.5-21
- add patch to fix buffer overflow in krb5kdc and kadmind
  (#231528, CVE-2007-0957)
- add patch to fix double-free in kadmind (#231537, CVE-2007-1216)
* Tue Feb 27 2007 Nalin Dahyabhai <nalin at redhat.com> - 1.5-20
- temporarily back out %post changes, fix for #143289 for security update
- add patch to correct unauthorized access via krb5-aware telnet
  daemon (#229782, CVE-2007-0956)
* Thu Jan 25 2007 Nalin Dahyabhai <nalin at redhat.com> - 1.5-19
- refrain from killing any lingering members of our child's process group when
  logging that the child process has exited (Jose Plans, #143289)
* Mon Jan 22 2007 Nalin Dahyabhai <nalin at redhat.com> - 1.5-18
- make use of install-info more failsafe (Ville Skyttä, #223704)
* Tue Jan 16 2007 Nalin Dahyabhai <nalin at redhat.com> - 1.5-17
- move to using pregenerated PDF docs to cure multilib conflicts (#222721)
* Fri Jan 12 2007 Nalin Dahyabhai <nalin at redhat.com> - 1.5-16
- update backport of the preauth module interface (part of #194654)

This update can be downloaded from:

cc068f79cd7fe62667147cba0b96659ddce60b5b  SRPMS/krb5-1.5-21.src.rpm
cc068f79cd7fe62667147cba0b96659ddce60b5b  noarch/krb5-1.5-21.src.rpm
98c8b325ddb13f3757fb349cd87c3d61c8eec9bf  ppc/krb5-workstation-1.5-21.ppc.rpm
9a20b89bdcfabf503926c17b69f09ab345a86ac3  ppc/krb5-devel-1.5-21.ppc.rpm
bca3beecb2eb73065de7f79982d3190e50fe5b6b  ppc/krb5-server-1.5-21.ppc.rpm
411eecd8de23dd486abd96de14b6b45a0fcb481a  ppc/krb5-libs-1.5-21.ppc.rpm
7f423433186622ec45cbff24892e58fd3eb08cd9  ppc/debug/krb5-debuginfo-1.5-21.ppc.rpm
a3138abb663b94999499bcc2ffc392710f4782f5  x86_64/debug/krb5-debuginfo-1.5-21.x86_64.rpm
412873d0d6b2ba5b4ac7a60bab868541286ac376  x86_64/krb5-server-1.5-21.x86_64.rpm
59475786c6a7c9702099257fdbd30e1657641da8  x86_64/krb5-workstation-1.5-21.x86_64.rpm
90766b552742d35290b7ac7dca280c1284a5e131  x86_64/krb5-devel-1.5-21.x86_64.rpm
479e1ae2c82899660cc4bcaa8d30fa6b2ad4a32c  x86_64/krb5-libs-1.5-21.x86_64.rpm
5440d096e7f74e242c5c2974018f926f2b47e6b9  i386/krb5-workstation-1.5-21.i386.rpm
662953e86cd6f2f9ef8c7b5bf71bb5c76259186a  i386/debug/krb5-debuginfo-1.5-21.i386.rpm
6b9fda6d658e97f95a1728e63cbd08b8c8586bed  i386/krb5-libs-1.5-21.i386.rpm
4659fe73d50c5542f50bdcf231022fecbfdb677e  i386/krb5-server-1.5-21.i386.rpm
5cda24bfe886b33745524085308cf379ae16c216  i386/krb5-devel-1.5-21.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.

More information about the Fedora-package-announce mailing list