Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 23rd, 2015
Linux Advisory Watch: March 20th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Fedora Core 2 Update: krb5-1.3.6-4 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora Updated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available.
Fedora Update Notification

Product     : Fedora Core 2
Name        : krb5
Version     : 1.3.6                     =20
Release     : 4                 =20
Summary     : The Kerberos network authentication system.
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.

Update Information:

Updated krb5 packages which fix two buffer overflow vulnerabilities
in the included Kerberos-aware telnet client are now available.

Kerberos is a networked authentication system which uses a trusted
third party (a KDC) to authenticate clients and servers to each

The krb5-workstation package includes a Kerberos-aware telnet client.
Two buffer overflow flaws were discovered in the way the telnet
client handles messages from a server. An attacker may be able to
execute arbitrary code on a victim's machine if the victim can be
tricked into connecting to a malicious telnet server. The Common
Vulnerabilities and Exposures project ( has assigned
the names CAN-2005-0468 and CAN-2005-0469 to these issues.
* Wed Mar 23 2005 Nalin Dahyabhai  1.3.6-4

- drop krshd patch

* Thu Mar 17 2005 Nalin Dahyabhai 

- add draft fix from Tom Yu for slc_add_reply() buffer overflow (CAN-2005-0=
- add draft fix from Tom Yu for env_opt_add() buffer overflow (CAN-2005-046=
This update can be downloaded from:

3c210dbdcfb5f01a35f52632abbd3e58  SRPMS/krb5-1.3.6-4.src.rpm
2b4e4f7ffe208989572b173efa18c4b4  x86_64/krb5-devel-1.3.6-4.x86_64.rpm
67a3ffb77c8f92b235d503380ff54b32  x86_64/krb5-libs-1.3.6-4.x86_64.rpm
5d8e752002f27ca2ea7c8f40a6247b37  x86_64/krb5-server-1.3.6-4.x86_64.rpm
b01504865b91a46e9f6dab345a939bf6  x86_64/krb5-workstation-1.3.6-4.x86_64.rpm
72def6a5e69a30e63ab071f581ad1729  x86_64/debug/krb5-debuginfo-1.3.6-4.x86_6=
891e77b16aa127543976583a0b134464  x86_64/krb5-libs-1.3.6-4.i386.rpm
e26b5c97144daa666babf9e01bc90b25  i386/krb5-devel-1.3.6-4.i386.rpm
891e77b16aa127543976583a0b134464  i386/krb5-libs-1.3.6-4.i386.rpm
16a523103910c903de48a8c2e33c6524  i386/krb5-server-1.3.6-4.i386.rpm
f36537a81b6330e72c01de759196fb35  i386/krb5-workstation-1.3.6-4.i386.rpm
123d9371167ecbe81399b256ece22399  i386/debug/krb5-debuginfo-1.3.6-4.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command. =20

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.1 (GNU/Linux)



Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

fedora-announce-list mailing list
< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Tech Companies, Privacy Advocates Call for NSA Reform
Google warns of unauthorized TLS certificates trusted by almost all OSes
How Kevin Mitnick hacked the audience at CeBIT 2015
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.