Mandriva 1274 Published by

Updated krb5 packages are available for Mandrakelinux
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: krb5
Advisory ID: MDKSA-2004:056
Date: June 3rd, 2004

Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________

Problem Description:

Multiple buffer overflows exist in the krb5_aname_to_localname() library function that if exploited could lead to unauthorized root privileges. In order to exploit this flaw, an attacker must first successfully authenticate to a vulnerable service, which must be configured to enable the explicit mapping or rules-based mapping functionality of krb5_aname_to_localname, which is not a default configuration.

Mandrakesoft encourages all users to upgrade to these patched krb5 packages.



_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0523
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-001-an_to_ln.txt
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
3f69e19bae9dc3cb4ee59ca7d3be08ab 10.0/RPMS/ftp-client-krb5-1.3-6.1.100mdk.i586.rpm
6a1a0859a8aab0c4d0658209cb1b7f5c 10.0/RPMS/ftp-server-krb5-1.3-6.1.100mdk.i586.rpm
83159f49c7f5c143c5b7498153ec79e4 10.0/RPMS/krb5-server-1.3-6.1.100mdk.i586.rpm
674d93d2240afb54f579920b69484b34 10.0/RPMS/krb5-workstation-1.3-6.1.100mdk.i586.rpm
5e132ecbce927441c7be8e6004080535 10.0/RPMS/libkrb51-1.3-6.1.100mdk.i586.rpm
957327bc8dbd9c7176ac875828e39816 10.0/RPMS/libkrb51-devel-1.3-6.1.100mdk.i586.rpm
68890f7386b9d33d85f5c8ca0f527410 10.0/RPMS/telnet-client-krb5-1.3-6.1.100mdk.i586.rpm
0b507f70e638c93fd0897ff4a0b56e61 10.0/RPMS/telnet-server-krb5-1.3-6.1.100mdk.i586.rpm
990f44e1171410a8a4ff6f9b64a310c7 10.0/SRPMS/krb5-1.3-6.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
9c6e1a4aa3298fc26b743e89ba79fb50 amd64/10.0/RPMS/ftp-client-krb5-1.3-6.1.100mdk.amd64.rpm
dd30b5dcc6d6eafb252bea319c47cd72 amd64/10.0/RPMS/ftp-server-krb5-1.3-6.1.100mdk.amd64.rpm
be24d1822f4c56eb5d514eb7f4620e94 amd64/10.0/RPMS/krb5-server-1.3-6.1.100mdk.amd64.rpm
3315cd08b90a42876cb3fe0df8de7bc1 amd64/10.0/RPMS/krb5-workstation-1.3-6.1.100mdk.amd64.rpm
8003ae014ebe45ec26d332cec6a4e0d8 amd64/10.0/RPMS/lib64krb51-1.3-6.1.100mdk.amd64.rpm
5f45277c5f4979864a14753208762e29 amd64/10.0/RPMS/lib64krb51-devel-1.3-6.1.100mdk.amd64.rpm
3284ca83d423ad7cf00e9f6d7a6eb19f amd64/10.0/RPMS/telnet-client-krb5-1.3-6.1.100mdk.amd64.rpm
963ad02887f98e59894e913f872eb623 amd64/10.0/RPMS/telnet-server-krb5-1.3-6.1.100mdk.amd64.rpm
990f44e1171410a8a4ff6f9b64a310c7 amd64/10.0/SRPMS/krb5-1.3-6.1.100mdk.src.rpm

Corporate Server 2.1:
28d17e73c658b4633dfb80dc5f9e79d0 corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.5.C21mdk.i586.rpm
6d3252882a56eedcf4c1d65d5187da65 corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.5.C21mdk.i586.rpm
392cf7a12b155a7e38a1fcbf57356453 corporate/2.1/RPMS/krb5-devel-1.2.5-1.5.C21mdk.i586.rpm
4c208f2cc19e6ceb06e7748e3589c6ac corporate/2.1/RPMS/krb5-libs-1.2.5-1.5.C21mdk.i586.rpm
4f2574763f5cbc40b43e988016fa7ad5 corporate/2.1/RPMS/krb5-server-1.2.5-1.5.C21mdk.i586.rpm
3c13190ff1dab8751b49d5c3c9588681 corporate/2.1/RPMS/krb5-workstation-1.2.5-1.5.C21mdk.i586.rpm
0c048f9883ce94c1f677fcbfb61496dc corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.5.C21mdk.i586.rpm
0d44ecccb454ade87808de678b060834 corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.5.C21mdk.i586.rpm
219e71f13c936d8d5f7cd14513dcb751 corporate/2.1/SRPMS/krb5-1.2.5-1.5.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
eab4f9bd5751049040cd9c9bd7492b08 x86_64/corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.5.C21mdk.x86_64.rpm
a36e3184a7130674020db161a03dc705 x86_64/corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.5.C21mdk.x86_64.rpm
22322929f255095b2d5f54d338ede660 x86_64/corporate/2.1/RPMS/krb5-devel-1.2.5-1.5.C21mdk.x86_64.rpm
eb09e34102ea6a43b914dedbcd0da178 x86_64/corporate/2.1/RPMS/krb5-libs-1.2.5-1.5.C21mdk.x86_64.rpm
783c614ed1dbbd2405c2e1a70703fc16 x86_64/corporate/2.1/RPMS/krb5-server-1.2.5-1.5.C21mdk.x86_64.rpm
de5a5456f79f795787c6e54a04b6c098 x86_64/corporate/2.1/RPMS/krb5-workstation-1.2.5-1.5.C21mdk.x86_64.rpm
c6b5b17261c7bffb8c5cdad1fc42d099 x86_64/corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.5.C21mdk.x86_64.rpm
250efd6fd7498de490681f257414d312 x86_64/corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.5.C21mdk.x86_64.rpm
219e71f13c936d8d5f7cd14513dcb751 x86_64/corporate/2.1/SRPMS/krb5-1.2.5-1.5.C21mdk.src.rpm

Mandrakelinux 9.1:
2ced4496f263fced47a1507a82c2cb1e 9.1/RPMS/ftp-client-krb5-1.2.7-1.2.91mdk.i586.rpm
cab37c9cf0b43e7b6686d7d52246fb38 9.1/RPMS/ftp-server-krb5-1.2.7-1.2.91mdk.i586.rpm
85f06e28d5866ca0019331f06128b9d9 9.1/RPMS/krb5-devel-1.2.7-1.2.91mdk.i586.rpm
7e5fdb86010a2beaca1096d7f5c5a9ec 9.1/RPMS/krb5-libs-1.2.7-1.2.91mdk.i586.rpm
a6262aca95a4dc7bfbea9b39cad4297e 9.1/RPMS/krb5-server-1.2.7-1.2.91mdk.i586.rpm
fee32c38e1c94a2b3d951b9eb2c22dae 9.1/RPMS/krb5-workstation-1.2.7-1.2.91mdk.i586.rpm
07bd644f73985078acae9e78b3efb570 9.1/RPMS/telnet-client-krb5-1.2.7-1.2.91mdk.i586.rpm
0288aecc76e64a0756d4c7c040859f5e 9.1/RPMS/telnet-server-krb5-1.2.7-1.2.91mdk.i586.rpm
c9cb232771f711d8dacb9a0247f0f446 9.1/SRPMS/krb5-1.2.7-1.2.91mdk.src.rpm

Mandrakelinux 9.1/PPC:
c15b924256dd15bb6251bbd476fd7b89 ppc/9.1/RPMS/ftp-client-krb5-1.2.7-1.2.91mdk.ppc.rpm
0505bac3bc6cfc52d25313cd8ed74ef8 ppc/9.1/RPMS/ftp-server-krb5-1.2.7-1.2.91mdk.ppc.rpm
803f513a08883b41aae1e25121a180fc ppc/9.1/RPMS/krb5-devel-1.2.7-1.2.91mdk.ppc.rpm
5eb8abff903c9421b4c0e2e5f0a11273 ppc/9.1/RPMS/krb5-libs-1.2.7-1.2.91mdk.ppc.rpm
cd82456b41b41cc34b0f49c5062273e5 ppc/9.1/RPMS/krb5-server-1.2.7-1.2.91mdk.ppc.rpm
085d8b51236fca2fda043f4d05ff91ea ppc/9.1/RPMS/krb5-workstation-1.2.7-1.2.91mdk.ppc.rpm
50bfa53e1d651b12e9c9896097eddbca ppc/9.1/RPMS/telnet-client-krb5-1.2.7-1.2.91mdk.ppc.rpm
dfa7947c5210d71e2337a31efb55783c ppc/9.1/RPMS/telnet-server-krb5-1.2.7-1.2.91mdk.ppc.rpm
c9cb232771f711d8dacb9a0247f0f446 ppc/9.1/SRPMS/krb5-1.2.7-1.2.91mdk.src.rpm

Mandrakelinux 9.2:
3c0064e8fcddb7d92c417d2de44832e6 9.2/RPMS/ftp-client-krb5-1.3-3.1.92mdk.i586.rpm
e8a49c0e3083aa62c78a166e13ad8de7 9.2/RPMS/ftp-server-krb5-1.3-3.1.92mdk.i586.rpm
684a31c9ad1b9cee39c354c24abd8c82 9.2/RPMS/krb5-server-1.3-3.1.92mdk.i586.rpm
9e2df5a8153c7f98252ba9ac8f328747 9.2/RPMS/krb5-workstation-1.3-3.1.92mdk.i586.rpm
36393ba65d19487fdddb561f3d410d34 9.2/RPMS/libkrb51-1.3-3.1.92mdk.i586.rpm
3ea03174e1b8d5034bcda9cff28ce46c 9.2/RPMS/libkrb51-devel-1.3-3.1.92mdk.i586.rpm
526f8a29e2f79646046f67f7e91de657 9.2/RPMS/telnet-client-krb5-1.3-3.1.92mdk.i586.rpm
0ee4ff655a48b36a3caf6b4fc9e58e7b 9.2/RPMS/telnet-server-krb5-1.3-3.1.92mdk.i586.rpm
97a04b5c44799791eb1574d72a77dd5a 9.2/SRPMS/krb5-1.3-3.1.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
dd21326a798dff0e4f18c98d1ee1b25b amd64/9.2/RPMS/ftp-client-krb5-1.3-3.1.92mdk.amd64.rpm
59e661a9d5e28a1662b4278b4099be3e amd64/9.2/RPMS/ftp-server-krb5-1.3-3.1.92mdk.amd64.rpm
e1882034fd1c6a6956c1c36f044bd50a amd64/9.2/RPMS/krb5-server-1.3-3.1.92mdk.amd64.rpm
cabea2b50a85c472ff5c252c4a3b65f5 amd64/9.2/RPMS/krb5-workstation-1.3-3.1.92mdk.amd64.rpm
5ebc0da84930676585725ddebc21ace3 amd64/9.2/RPMS/lib64krb51-1.3-3.1.92mdk.amd64.rpm
06f1e9bfe725e320666a51bd217b067b amd64/9.2/RPMS/lib64krb51-devel-1.3-3.1.92mdk.amd64.rpm
0c3c7637de54d9291c1886be3ac09ac1 amd64/9.2/RPMS/telnet-client-krb5-1.3-3.1.92mdk.amd64.rpm
876cd2e1bc605b8379183a5a7d53334f amd64/9.2/RPMS/telnet-server-krb5-1.3-3.1.92mdk.amd64.rpm
97a04b5c44799791eb1574d72a77dd5a amd64/9.2/SRPMS/krb5-1.3-3.1.92mdk.src.rpm

Multi Network Firewall 8.2:
e469005862622993d741efe18a973b4f mnf8.2/RPMS/krb5-libs-1.2.2-17.6.M82mdk.i586.rpm
007a6133daaec5e1c699ba303651f627 mnf8.2/SRPMS/krb5-1.2.2-17.6.M82mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com