---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-277
2004-08-31
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : krb5
Version     : 1.3.4                      
Release     : 6                  
Summary     : The Kerberos network authentication system.
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.

---------------------------------------------------------------------
Update Information:

Kerberos is a networked authentication system which uses a trusted
third party (a KDC) to authenticate clients and servers to each
other.

Several double-free bugs were found in the Kerberos 5 KDC and
libraries. A remote attacker could potentially exploit these flaws to
execute arbitrary code. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the names CAN-2004-0642 and
CAN-2004-0643 to these issues.

A double-free bug was also found in the krb524 server
(CAN-2004-0772), however this issue does not affect Fedora Core.

An infinite loop bug was found in the Kerberos 5 ASN.1 decoder
library. A remote attacker may be able to trigger this flaw and cause
a denial of service. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0644 to this issue.

---------------------------------------------------------------------
* Tue Aug 24 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-6

- rebuild

* Tue Aug 24 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-5

- incorporate revised fixes from Tom Yu for CAN-2004-0642, CAN-2004-0644,
  CAN-2004-0772

* Mon Aug 23 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-4

- rebuild

* Mon Aug 23 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-3

- incorporate fixes from Tom Yu for CAN-2004-0642, CAN-2004-0772
  (MITKRB5-SA-2004-002, #130732)
- incorporate fixes from Tom Yu for CAN-2004-0644 (MITKRB5-SA-2004-003, #130732)

* Tue Jul 27 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-2

- fix indexing error in server sorting patch (#127336)

* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>

- rebuilt

* Mon Jun 14 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-0.1

- update to 1.3.4 final

* Mon Jun 07 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-0

- update to 1.3.4 beta1
- remove MITKRB5-SA-2004-001, included in 1.3.4

* Mon Jun 07 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.3-8

- rebuild

---------------------------------------------------------------------
This update can be downloaded from:
    

2b26718a3e533f32a1e98b401a2e21d4  SRPMS/krb5-1.3.4-6.src.rpm
beebe2125e840d9cb4546465b9833d66  x86_64/krb5-devel-1.3.4-6.x86_64.rpm
e00056df9058bed4b00684d2a64ffbe6  x86_64/krb5-libs-1.3.4-6.x86_64.rpm
abe8cf2e80236fb5a6adfa62c6e13240  x86_64/krb5-server-1.3.4-6.x86_64.rpm
11fdd50862bc0379fbfb3d804e59143b  x86_64/krb5-workstation-1.3.4-6.x86_64.rpm
a6abcfdeb10910b7b814391c720d2ae7  x86_64/debug/krb5-debuginfo-1.3.4-6.x86_64.rpm
1d720b00203ce00d4c75e3926ee618e4  x86_64/krb5-libs-1.3.4-6.i386.rpm
16d556d502f9d34729bcb166ec209ea8  i386/krb5-devel-1.3.4-6.i386.rpm
1d720b00203ce00d4c75e3926ee618e4  i386/krb5-libs-1.3.4-6.i386.rpm
4534128db2230d8e8f0b76a591e7f7a6  i386/krb5-server-1.3.4-6.i386.rpm
c8f55dbadff7333fdb49b8f39173135b  i386/krb5-workstation-1.3.4-6.i386.rpm
0092eed09687bf677aa0ed0c3980ec98  i386/debug/krb5-debuginfo-1.3.4-6.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

Fedora: krb5 double-free bugs (Core 2)

August 31, 2004
Several double-free bugs were found in the Kerberos 5 KDC andlibraries.

Summary

Kerberos V5 is a trusted-third-party network authentication system,

which can improve your network's security by eliminating the insecure

practice of cleartext passwords.

Update Information:

Kerberos is a networked authentication system which uses a trusted third party (a KDC) to authenticate clients and servers to each other.

Several double-free bugs were found in the Kerberos 5 KDC and libraries. A remote attacker could potentially exploit these flaws to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0642 and CAN-2004-0643 to these issues.

A double-free bug was also found in the krb524 server (CAN-2004-0772), however this issue does not affect Fedora Core.

An infinite loop bug was found in the Kerberos 5 ASN.1 decoder library. A remote attacker may be able to trigger this flaw and cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0644 to this issue.

* Tue Aug 24 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-6

- rebuild

* Tue Aug 24 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-5

- incorporate revised fixes from ...

Read the Full Advisory

Change Log

References

Fedora Update Notification FEDORA-2004-277 2004-08-31 Product : Fedora Core 2 Name : krb5 Version : 1.3.4 Release : 6 Summary : The Kerberos network authentication system. Description : Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords.

Update Instructions

Severity
Product : Fedora Core 2
Name : krb5
Version : 1.3.4
Release : 6
Summary : The Kerberos network authentication system.

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved