[SECURITY] Fedora 7 Update: krb5-1.6.1-3.fc7

updates at fedoraproject.org updates at fedoraproject.org
Tue Sep 4 22:14:03 UTC 2007


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-2017
2007-09-04 15:13:56.485393
--------------------------------------------------------------------------------

Name        : krb5
Product     : Fedora 7
Version     : 1.6.1
Release     : 3.fc7
Summary     : The Kerberos network authentication system.
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.

--------------------------------------------------------------------------------
Update Information:

This update incorporates fixes for a stack overflow in the rpcsec_gss implementation in libgssrpc (CVE-2007-3999) and a potential write through an uninitialized pointer in kadmind (CVE-2007-4000).
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep  4 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-3
- incorporate fixes for MITKRB5-SA-2007-006 (CVE-2007-3999, CVE-2007-4000)
* Wed Jun 27 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-2.1
- incorporate fixes for MITKRB5-SA-2007-004 (CVE-2007-2442,CVE-2007-2443)
  and MITKRB5-SA-2007-005 (CVE-2007-2798)
* Wed Jun 27 2007 Nalin Dahyabhai <nalin at redhat.com>
- preprocess kerberos.ldif into a format FDS will like better, and include
  that as a doc file as well (from 1.6.1-4)
- drop old, incomplete SELinux patch (from 1.6.1-4)
- add patch from Greg Hudson to make srvtab routines report missing-file errors
  at same point that "file" keytab routines do (from 1.6.1-4, #241805)
* Wed Jun 27 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-2.0
- pull up from devel HEAD's 1.6.1-2
* Thu May 24 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-2
- pull patch from svn to undo unintentional chattiness in ftp
- pull patch from svn to handle NULL krb5_get_init_creds_opt structures
  better in a couple of places where they're expected
* Wed May 23 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-1
- update to 1.6.1
  - drop no-longer-needed patches for CVE-2007-0956,CVE-2007-0957,CVE-2007-1216
  - drop patch for sendto bug in 1.6, fixed in 1.6.1
* Fri May 18 2007 Nalin Dahyabhai <nalin at redhat.com>
- kadmind.init: don't fail outright if the default principal database
  isn't there if it looks like we might be using the kldap plugin
- kadmind.init: attempt to extract the key for the host-specific kadmin
  service when we try to create the keytab
--------------------------------------------------------------------------------
References:

  [ 1 ] CVE-2007-3999
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999
  [ 2 ] CVE-2007-4000
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4000
--------------------------------------------------------------------------------
Updated packages:

f3fedb67d3b6c9fd457c651e9f4e5f4a73773639 krb5-workstation-servers-1.6.1-3.fc7.ppc64.rpm
0aadee600d61baf3355bc734bb97749c9a024428 krb5-server-1.6.1-3.fc7.ppc64.rpm
3c40e2912621468ffb3de5937c1c0768037ca974 krb5-workstation-1.6.1-3.fc7.ppc64.rpm
901250263c007d6dc6b048131b0e49b2710e66dc krb5-server-ldap-1.6.1-3.fc7.ppc64.rpm
1a3f97283cf3015c4aa38e0ab0dd8c5f7f105ce4 krb5-debuginfo-1.6.1-3.fc7.ppc64.rpm
aa133ff05a4f5b756ca433773c35294f7aadfc04 krb5-devel-1.6.1-3.fc7.ppc64.rpm
b637cf65c6f98663552baa44e03834cf6ba65220 krb5-libs-1.6.1-3.fc7.ppc64.rpm
d29b74591a1d505f9ea71acd1dec2e91bced5ee3 krb5-workstation-clients-1.6.1-3.fc7.ppc64.rpm
9421449a348c4326ec58080d7bdbbe29d34cb3a6 krb5-devel-1.6.1-3.fc7.i386.rpm
eeab8f838addd9b8d51e58b4db1405c917c956bf krb5-server-ldap-1.6.1-3.fc7.i386.rpm
55495f2eb30718d712dc47daba2dc9c7384eaa35 krb5-libs-1.6.1-3.fc7.i386.rpm
fb703be3d2cadd7aeadffa839b30cfb32655f9f2 krb5-workstation-1.6.1-3.fc7.i386.rpm
d54417a38164981057e49936bb621f827039f0fc krb5-server-1.6.1-3.fc7.i386.rpm
3dae8bb80257da806306883b122cc87f2ea37987 krb5-workstation-servers-1.6.1-3.fc7.i386.rpm
0dcced57d06e76a8f1d65f8cba7c85b69bdd6896 krb5-debuginfo-1.6.1-3.fc7.i386.rpm
3df2c957366f086cc64a7650e586fc405410a368 krb5-workstation-clients-1.6.1-3.fc7.i386.rpm
9f5611a40de5bfaab6efdcde8848dcbaaabceec4 krb5-workstation-1.6.1-3.fc7.x86_64.rpm
49a90fe133c70274f737ce4682a0c8d843f3f9b8 krb5-workstation-servers-1.6.1-3.fc7.x86_64.rpm
7e3c579a63b48903ec23b1e92ce06f683e023b35 krb5-workstation-clients-1.6.1-3.fc7.x86_64.rpm
19be0287aa03e9bab8e22ad4297c6b93af0e8e5a krb5-server-ldap-1.6.1-3.fc7.x86_64.rpm
0783c552daa26891af206f33d8f97ef244bd3efa krb5-devel-1.6.1-3.fc7.x86_64.rpm
56f7467d3fad16bc0a1f6063daea9862e0f20fc1 krb5-debuginfo-1.6.1-3.fc7.x86_64.rpm
28c79b4a0bdbcb01f675a096c4d91cd1290e66a4 krb5-server-1.6.1-3.fc7.x86_64.rpm
d50cecc84a105aacf8c72f0f3d1a7a11014ae98d krb5-libs-1.6.1-3.fc7.x86_64.rpm
b97a05f62b7bde6896fb25a1af28c49295e173d3 krb5-workstation-1.6.1-3.fc7.ppc.rpm
27c19180b1eeeb051b1a530b5419fbcace3d518c krb5-libs-1.6.1-3.fc7.ppc.rpm
0c13666c7764d09a929fc94f7fc45e7926b6fbf9 krb5-debuginfo-1.6.1-3.fc7.ppc.rpm
a03d2fa017bc682d43fda501041350cfb86bd1e5 krb5-server-ldap-1.6.1-3.fc7.ppc.rpm
bedffb6bf8331f251ed64f4cbd9c7697beea7303 krb5-devel-1.6.1-3.fc7.ppc.rpm
37def8f99aa529a0cee17d1e3270d5e115c28dd5 krb5-workstation-servers-1.6.1-3.fc7.ppc.rpm
c72e1db5fbcba2eba6989464b7a695de706e9bc2 krb5-server-1.6.1-3.fc7.ppc.rpm
d67ba95e679887932af3ba184ad873ad96e388ed krb5-workstation-clients-1.6.1-3.fc7.ppc.rpm
2ebbd6473880cd09332676a5f36d645e42419eb7 krb5-1.6.1-3.fc7.src.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------




More information about the Fedora-package-announce mailing list