Fedora Linux 8524 Published by

Updated krb5 packages has been released for Fedora Core 2

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-563
2004-12-21
---------------------------------------------------------------------

Product : Fedora Core 2
Name : krb5
Version : 1.3.6

Release : 1

Summary : The Kerberos network authentication system.
Description :
Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords.

A heap based buffer overflow bug was found in the administration library of Kerberos 1.3.5 and earlier. This overflow in the password history handling code could allow an authenticated remote attacker to execute commands on a realm's master Kerberos KDC. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1189 to this issue.

Additionally a temporary file bug was found in the Kerberos krb5-send-pr command. It is possible that an attacker could create a specially crafted temporary file that could allow an arbitrary file to be overwritten which the victim has write access to. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0971 to this issue.



---------------------------------------------------------------------

* Mon Dec 20 2004 Nalin Dahyabhai nalin@redhat.com 1.3.6-1

- update to 1.3.6, which includes the previous fix

---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

bb1c7d3306da401a8162189277ca1cad SRPMS/krb5-1.3.6-1.src.rpm
d825b1f0975f6f6a025eaf4b674a0793 x86_64/krb5-devel-1.3.6-1.x86_64.rpm
b496e0d27c48eaca71e468322a3ca555 x86_64/krb5-libs-1.3.6-1.x86_64.rpm
9c410337f39d59ee8860b32499cdb54b x86_64/krb5-server-1.3.6-1.x86_64.rpm
a524c1d52a7eca353114db7028c5bbc7 x86_64/krb5-workstation-1.3.6-1.x86_64.rpm
186c7300eca2536d2b84be68c8496ce1 x86_64/debug/krb5-debuginfo-1.3.6-1.x86_6
4.rpm
16ca27d33cea69c09f58dbe5facc6770 x86_64/krb5-libs-1.3.6-1.i386.rpm
10342208c7139a8813e8258e1df006da i386/krb5-devel-1.3.6-1.i386.rpm
16ca27d33cea69c09f58dbe5facc6770 i386/krb5-libs-1.3.6-1.i386.rpm
90f808b51955d1c63d07ad9819177897 i386/krb5-server-1.3.6-1.i386.rpm
4b2cfb50548f335bfdeca765d9d6312c i386/krb5-workstation-1.3.6-1.i386.rpm
05dc28d1fb4c0aff6788f921059f1419 i386/debug/krb5-debuginfo-1.3.6-1.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.