LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: July 28th, 2014
Linux Advisory Watch: July 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora Core 3 Update: krb5-1.3.6-5 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora Updated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available.
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-270
2005-03-29
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : krb5
Version     : 1.3.6                     =20
Release     : 5                 =20
Summary     : The Kerberos network authentication system.
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.

---------------------------------------------------------------------
Update Information:

Updated krb5 packages which fix two buffer overflow vulnerabilities
in the included Kerberos-aware telnet client are now available.

Kerberos is a networked authentication system which uses a trusted
third party (a KDC) to authenticate clients and servers to each
other.

The krb5-workstation package includes a Kerberos-aware telnet client.
Two buffer overflow flaws were discovered in the way the telnet
client handles messages from a server. An attacker may be able to
execute arbitrary code on a victim's machine if the victim can be
tricked into connecting to a malicious telnet server. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the names CAN-2005-0468 and CAN-2005-0469 to these issues.
---------------------------------------------------------------------
* Mon Mar 28 2005 Nalin Dahyabhai  1.3.6-5

- rebuild

* Wed Mar 23 2005 Nalin Dahyabhai  1.3.6-4

- drop krshd patch

* Thu Mar 17 2005 Nalin Dahyabhai 

- add draft fix from Tom Yu for slc_add_reply() buffer overflow (CAN-2005-0=
469)
- add draft fix from Tom Yu for env_opt_add() buffer overflow (CAN-2005-046=
8)
---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

15bad9c44ba4da14de7d5527a02c1a90  SRPMS/krb5-1.3.6-5.src.rpm
41314d054ab13a935cd57466a99bb03e  x86_64/krb5-devel-1.3.6-5.x86_64.rpm
c99ffb83d090d156e59a0348e8162b6e  x86_64/krb5-libs-1.3.6-5.x86_64.rpm
9ed53c214ae3b20aa8cb3a3f339b46ad  x86_64/krb5-server-1.3.6-5.x86_64.rpm
1f03b24107cb22cfca368d59fb9c40ee  x86_64/krb5-workstation-1.3.6-5.x86_64.rpm
0c354d4e12fcfe83c2cd6fbfb96abc16  x86_64/debug/krb5-debuginfo-1.3.6-5.x86_6=
4.rpm
f07344531de5e52ff9b5a0d20bdc91be  x86_64/krb5-libs-1.3.6-5.i386.rpm
0af73edbe1464ecceaf3a30789c5d400  i386/krb5-devel-1.3.6-5.i386.rpm
f07344531de5e52ff9b5a0d20bdc91be  i386/krb5-libs-1.3.6-5.i386.rpm
d737538d9eb42347efc297930f17241c  i386/krb5-server-1.3.6-5.i386.rpm
92a3d0a3000bd0a78abcf11da80009ba  i386/krb5-workstation-1.3.6-5.i386.rpm
d8b1635e05c1b0bb6d76cb9f7a810d78  i386/debug/krb5-debuginfo-1.3.6-5.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command. =20
---------------------------------------------------------------------

--hHWLQfXTYDoKhP50
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCSavTN5vOV3hoi/URAkoCAJ44iybctytWmBWfgQoQrtxqz3ANbgCdEu9s
PInaD8lPxRUcZmfk0+zMiMU=
=Qej8
-----END PGP SIGNATURE-----

--hHWLQfXTYDoKhP50--


--===============1155866446==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hackers Plundered Israeli Defense Firms that Built ‘Iron Dome’ Missile Defense System
Internet of things big security worry, says HP
Boffins build FREE SUPERCOMPUTER from free cloud server trials
Insecure Connections: Enterprises hacked after neglecting third-party risks
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.