---------------------------------------------------------------------Fedora Update Notification
FEDORA-2005-269
2005-03-29
---------------------------------------------------------------------Product     : Fedora Core 2
Name        : krb5
Version     : 1.3.6                     =20
Release     : 4                 =20
Summary     : The Kerberos network authentication system.
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.

---------------------------------------------------------------------Update Information:

Updated krb5 packages which fix two buffer overflow vulnerabilities
in the included Kerberos-aware telnet client are now available.

Kerberos is a networked authentication system which uses a trusted
third party (a KDC) to authenticate clients and servers to each
other.

The krb5-workstation package includes a Kerberos-aware telnet client.
Two buffer overflow flaws were discovered in the way the telnet
client handles messages from a server. An attacker may be able to
execute arbitrary code on a victim's machine if the victim can be
tricked into connecting to a malicious telnet server. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the names CAN-2005-0468 and CAN-2005-0469 to these issues.
---------------------------------------------------------------------* Wed Mar 23 2005 Nalin Dahyabhai  1.3.6-4

- drop krshd patch

* Thu Mar 17 2005 Nalin Dahyabhai 

- add draft fix from Tom Yu for slc_add_reply() buffer overflow (CAN-2005-0469)
- add draft fix from Tom Yu for env_opt_add() buffer overflow (CAN-2005-0468)
---------------------------------------------------------------------This update can be downloaded from:
  
3c210dbdcfb5f01a35f52632abbd3e58  SRPMS/krb5-1.3.6-4.src.rpm
2b4e4f7ffe208989572b173efa18c4b4  x86_64/krb5-devel-1.3.6-4.x86_64.rpm
67a3ffb77c8f92b235d503380ff54b32  x86_64/krb5-libs-1.3.6-4.x86_64.rpm
5d8e752002f27ca2ea7c8f40a6247b37  x86_64/krb5-server-1.3.6-4.x86_64.rpm
b01504865b91a46e9f6dab345a939bf6  x86_64/krb5-workstation-1.3.6-4.x86_64.rpm
72def6a5e69a30e63ab071f581ad1729  x86_64/debug/krb5-debuginfo-1.3.6-4.x86_64.rpm
891e77b16aa127543976583a0b134464  x86_64/krb5-libs-1.3.6-4.i386.rpm
e26b5c97144daa666babf9e01bc90b25  i386/krb5-devel-1.3.6-4.i386.rpm
891e77b16aa127543976583a0b134464  i386/krb5-libs-1.3.6-4.i386.rpm
16a523103910c903de48a8c2e33c6524  i386/krb5-server-1.3.6-4.i386.rpm
f36537a81b6330e72c01de759196fb35  i386/krb5-workstation-1.3.6-4.i386.rpm
123d9371167ecbe81399b256ece22399  i386/debug/krb5-debuginfo-1.3.6-4.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command. =20
-----------------------------------------------------------------------MGYHOYXEY6WxJCY8
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCSavBN5vOV3hoi/URAhHFAJ40VLeGnwyNAscU2T7PJjHafnRfPwCfdP3U
mQiNn+duV2S7fVUV23LMZmQ=45YW
-----END PGP SIGNATURE-------MGYHOYXEY6WxJCY8--
--===============1330397643=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

Fedora Core 2 Update: krb5-1.3.6-4

March 29, 2005
Updated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available.

Summary

Kerberos V5 is a trusted-third-party network authentication system,

which can improve your network's security by eliminating the insecure

practice of cleartext passwords.

Updated krb5 packages which fix two buffer overflow vulnerabilities

in the included Kerberos-aware telnet client are now available.

Kerberos is a networked authentication system which uses a trusted

third party (a KDC) to authenticate clients and servers to each

other.

The krb5-workstation package includes a Kerberos-aware telnet client.

Two buffer overflow flaws were discovered in the way the telnet

client handles messages from a server. An attacker may be able to

execute arbitrary code on a victim's machine if the victim can be

tricked into connecting to a malicious telnet server. The Common

Vulnerabilities and Exposures project (cve.mitre.org) has assigned

the names CAN-2005-0468 and CAN-2005-0469 to these issues.

- drop krshd patch

* Thu Mar 17 2005 Nalin Dahyabhai

- add draft fix from Tom Yu for slc_add_reply() buffer overflow (CAN-2005-0469)

- add draft fix from Tom Yu for env_opt_add() buffer overflow (CAN-2005-0468)

3c210dbdcfb5f01a35f52632abbd3e58 SRPMS/krb5-1.3.6-4.src.rpm

2b4e4f7ffe208989572b173efa18c4b4 x86_64/krb5-devel-1.3.6-4.x86_64.rpm

67a3ffb77c8f92b235d503380ff54b32 x86_64/krb5-libs-1.3.6-4.x86_64.rpm

5d8e752002f27ca2ea7c8f40a6247b37 x86_64/krb5-server-1.3.6-4.x86_64.rpm

b01504865b91a46e9f6dab345a939bf6 x86_64/krb5-workstation-1.3.6-4.x86_64.rpm

72def6a5e69a30e63ab071f581ad1729 x86_64/debug/krb5-debuginfo-1.3.6-4.x86_64.rpm

891e77b16aa127543976583a0b134464 x86_64/krb5-libs-1.3.6-4.i386.rpm

e26b5c97144daa666babf9e01bc90b25 i386/krb5-devel-1.3.6-4.i386.rpm

891e77b16aa127543976583a0b134464 i386/krb5-libs-1.3.6-4.i386.rpm

16a523103910c903de48a8c2e33c6524 i386/krb5-server-1.3.6-4.i386.rpm

f36537a81b6330e72c01de759196fb35 i386/krb5-workstation-1.3.6-4.i386.rpm

123d9371167ecbe81399b256ece22399 i386/debug/krb5-debuginfo-1.3.6-4.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command. =20

Content-Type: application/pgp-signature

Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCSavBN5vOV3hoi/URAhHFAJ40VLeGnwyNAscU2T7PJjHafnRfPwCfdP3U

mQiNn+duV2S7fVUV23LMZmQ=45YW

-----END PGP SIGNATURE-------MGYHOYXEY6WxJCY8--

--===============1330397643=Content-Type: text/plain; charset="us-ascii"

MIME-Version: 1.0

Content-Transfer-Encoding: 7bit

Content-Disposition: inline

--fedora-announce-list mailing list

fedora-announce-list@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-announce-list

Change Log

References

Update Instructions

Severity
Name : krb5
Version : 1.3.6 =20
Release : 4 =20
Summary : The Kerberos network authentication system.

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved