Fedora Core 3 Update: krb5-1.3.6-5 - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Advisory Watch: July 6th, 2009

Linux Security Week: June 29th, 2009

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Fedora Core 3 Update: krb5-1.3.6-5

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas

Updated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available.

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-270
2005-03-29
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : krb5
Version     : 1.3.6                     =20
Release     : 5                 =20
Summary     : The Kerberos network authentication system.
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.

---------------------------------------------------------------------
Update Information:

Updated krb5 packages which fix two buffer overflow vulnerabilities
in the included Kerberos-aware telnet client are now available.

Kerberos is a networked authentication system which uses a trusted
third party (a KDC) to authenticate clients and servers to each
other.

The krb5-workstation package includes a Kerberos-aware telnet client.
Two buffer overflow flaws were discovered in the way the telnet
client handles messages from a server. An attacker may be able to
execute arbitrary code on a victim's machine if the victim can be
tricked into connecting to a malicious telnet server. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the names CAN-2005-0468 and CAN-2005-0469 to these issues.
---------------------------------------------------------------------
* Mon Mar 28 2005 Nalin Dahyabhai  1.3.6-5

- rebuild

* Wed Mar 23 2005 Nalin Dahyabhai  1.3.6-4

- drop krshd patch

* Thu Mar 17 2005 Nalin Dahyabhai 

- add draft fix from Tom Yu for slc_add_reply() buffer overflow (CAN-2005-0=
469)
- add draft fix from Tom Yu for env_opt_add() buffer overflow (CAN-2005-046=
8)
---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

15bad9c44ba4da14de7d5527a02c1a90  SRPMS/krb5-1.3.6-5.src.rpm
41314d054ab13a935cd57466a99bb03e  x86_64/krb5-devel-1.3.6-5.x86_64.rpm
c99ffb83d090d156e59a0348e8162b6e  x86_64/krb5-libs-1.3.6-5.x86_64.rpm
9ed53c214ae3b20aa8cb3a3f339b46ad  x86_64/krb5-server-1.3.6-5.x86_64.rpm
1f03b24107cb22cfca368d59fb9c40ee  x86_64/krb5-workstation-1.3.6-5.x86_64.rpm
0c354d4e12fcfe83c2cd6fbfb96abc16  x86_64/debug/krb5-debuginfo-1.3.6-5.x86_6=
4.rpm
f07344531de5e52ff9b5a0d20bdc91be  x86_64/krb5-libs-1.3.6-5.i386.rpm
0af73edbe1464ecceaf3a30789c5d400  i386/krb5-devel-1.3.6-5.i386.rpm
f07344531de5e52ff9b5a0d20bdc91be  i386/krb5-libs-1.3.6-5.i386.rpm
d737538d9eb42347efc297930f17241c  i386/krb5-server-1.3.6-5.i386.rpm
92a3d0a3000bd0a78abcf11da80009ba  i386/krb5-workstation-1.3.6-5.i386.rpm
d8b1635e05c1b0bb6d76cb9f7a810d78  i386/debug/krb5-debuginfo-1.3.6-5.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command. =20
---------------------------------------------------------------------

--hHWLQfXTYDoKhP50
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCSavTN5vOV3hoi/URAkoCAJ44iybctytWmBWfgQoQrtxqz3ANbgCdEu9s
PInaD8lPxRUcZmfk0+zMiMU=
=Qej8
-----END PGP SIGNATURE-----

--hHWLQfXTYDoKhP50--


--===============1155866446==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

< Prev		Next >

Partner:

Latest Features

Review: Googling Security: How Much Does Google Know About You

A Secure Nagios Server

Never Installed a Firewall on Ubuntu? Try Firestarter

Review: Hacking Exposed Linux, Third Edition

Security Features of Firefox 3.0

Review: The Book of Wireless

April 2008 Open Source Tool of the Month: sudo

Weekend Edition

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
Security Projects , Latest News , Newsletters , SELinux , Privacy , Home,
Hardening , About Us, Advertise, Legal Notice, RSS, Guardian Digital
Home Security Systems, Surveillance Cameras