Red Hat 9042 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: krb5 security update
Advisory ID: RHSA-2006:0612-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0612.html
Issue date: 2006-08-08
Updated on: 2006-08-08
Product: Red Hat Enterprise Linux
Keywords: setuid
CVE Names: CVE-2006-3083
- ---------------------------------------------------------------------

1. Summary:

Updated krb5 packages are now available for Red Hat Enterprise Linux 4 to
correct a privilege escalation security flaw.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Kerberos is a network authentication system which allows clients and
servers to authenticate to each other through use of symmetric encryption
and a trusted third party, the KDC.

A flaw was found where some bundled Kerberos-aware applications would fail
to check the result of the setuid() call. On Linux 2.6 kernels, the
setuid() call can fail if certain user limits are hit. A local attacker
could manipulate their environment in such a way to get the applications to
continue to run as root, potentially leading to an escalation of
privileges. (CVE-2006-3083).

Users are advised to update to these erratum packages which contain a
backported fix to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

197818 - CVE-2006-3083 krb5 multiple unsafe setuid usage

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/krb5-1.3.4-33.src.rpm
cea37ecb1360d88c2fdc83f5419babc1 krb5-1.3.4-33.src.rpm

i386:
7a3e83832f13a55c39a1ccc079a5c556 krb5-debuginfo-1.3.4-33.i386.rpm
77b0759d3fcc4545c27f34d4e300cc16 krb5-devel-1.3.4-33.i386.rpm
7650a2f59eb97b17b141804e28f09d44 krb5-libs-1.3.4-33.i386.rpm
f3daae1ee3b0631b863635c375afe72a krb5-server-1.3.4-33.i386.rpm
f6a4726c5d77d16ea2f0713c92f10bae krb5-workstation-1.3.4-33.i386.rpm

ia64:
7a3e83832f13a55c39a1ccc079a5c556 krb5-debuginfo-1.3.4-33.i386.rpm
e4d6ec50ae455203023d5e55b0cca4da krb5-debuginfo-1.3.4-33.ia64.rpm
5dc4a77a4b3c4492afa7f74e83d9f5d0 krb5-devel-1.3.4-33.ia64.rpm
7650a2f59eb97b17b141804e28f09d44 krb5-libs-1.3.4-33.i386.rpm
b15d34edd402823f6b5d1d1d0f013d8d krb5-libs-1.3.4-33.ia64.rpm
ce76f409b19d6824f5d1fdda67c323ef krb5-server-1.3.4-33.ia64.rpm
4ad475560c2723d011b6cf0faf8eca86 krb5-workstation-1.3.4-33.ia64.rpm

ppc:
c1739675331b5f8d819eac90ad29c222 krb5-debuginfo-1.3.4-33.ppc.rpm
379c91cb057181e02cdfd6092d3f746c krb5-debuginfo-1.3.4-33.ppc64.rpm
2f5cceda4ec3dcb5a0fca0829055f512 krb5-devel-1.3.4-33.ppc.rpm
de6fdc9b22ed426ba7542018e9174adb krb5-libs-1.3.4-33.ppc.rpm
8759e9dd51c3614a5259db73e57a26a3 krb5-libs-1.3.4-33.ppc64.rpm
55ebf269ef488d8a281ee28fcb450383 krb5-server-1.3.4-33.ppc.rpm
4015802b89b7d6b92023a3da7787e30d krb5-workstation-1.3.4-33.ppc.rpm

s390:
e4a005da7af0377354f69308b9a9acef krb5-debuginfo-1.3.4-33.s390.rpm
55995e2d6b79c58dbb85ec2af716fe78 krb5-devel-1.3.4-33.s390.rpm
811ab87d0c59091d4a0de6e748086d5e krb5-libs-1.3.4-33.s390.rpm
3ec54f81728a0a9ae22afcb2855ed732 krb5-server-1.3.4-33.s390.rpm
fe5ee4916e5aa24d499a1f8992d1036d krb5-workstation-1.3.4-33.s390.rpm

s390x:
e4a005da7af0377354f69308b9a9acef krb5-debuginfo-1.3.4-33.s390.rpm
43c2b4a0cf29aca1247d0c1d6ba4e24a krb5-debuginfo-1.3.4-33.s390x.rpm
4883f400df4d8123c70604a430f92647 krb5-devel-1.3.4-33.s390x.rpm
811ab87d0c59091d4a0de6e748086d5e krb5-libs-1.3.4-33.s390.rpm
1e13d025a766bc5ab50ebe3062586ef9 krb5-libs-1.3.4-33.s390x.rpm
7f3303ba3883bf0c5135cd39ed02122c krb5-server-1.3.4-33.s390x.rpm
1441e757a4e8e58ca29e7270a86d28ef krb5-workstation-1.3.4-33.s390x.rpm

x86_64:
7a3e83832f13a55c39a1ccc079a5c556 krb5-debuginfo-1.3.4-33.i386.rpm
ae306e728d14d34e3cf20aa9b979dcd9 krb5-debuginfo-1.3.4-33.x86_64.rpm
feada102b3dd0995e10f63e7c53ccf65 krb5-devel-1.3.4-33.x86_64.rpm
7650a2f59eb97b17b141804e28f09d44 krb5-libs-1.3.4-33.i386.rpm
368e23d9adef4244a67b2e1951d2b74b krb5-libs-1.3.4-33.x86_64.rpm
e0d823bbf3a2cd51b3e918ab8d669355 krb5-server-1.3.4-33.x86_64.rpm
e1b4250df40a8d392f011b2c89f79966 krb5-workstation-1.3.4-33.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/krb5-1.3.4-33.src.rpm
cea37ecb1360d88c2fdc83f5419babc1 krb5-1.3.4-33.src.rpm

i386:
7a3e83832f13a55c39a1ccc079a5c556 krb5-debuginfo-1.3.4-33.i386.rpm
77b0759d3fcc4545c27f34d4e300cc16 krb5-devel-1.3.4-33.i386.rpm
7650a2f59eb97b17b141804e28f09d44 krb5-libs-1.3.4-33.i386.rpm
f3daae1ee3b0631b863635c375afe72a krb5-server-1.3.4-33.i386.rpm
f6a4726c5d77d16ea2f0713c92f10bae krb5-workstation-1.3.4-33.i386.rpm

x86_64:
7a3e83832f13a55c39a1ccc079a5c556 krb5-debuginfo-1.3.4-33.i386.rpm
ae306e728d14d34e3cf20aa9b979dcd9 krb5-debuginfo-1.3.4-33.x86_64.rpm
feada102b3dd0995e10f63e7c53ccf65 krb5-devel-1.3.4-33.x86_64.rpm
7650a2f59eb97b17b141804e28f09d44 krb5-libs-1.3.4-33.i386.rpm
368e23d9adef4244a67b2e1951d2b74b krb5-libs-1.3.4-33.x86_64.rpm
e0d823bbf3a2cd51b3e918ab8d669355 krb5-server-1.3.4-33.x86_64.rpm
e1b4250df40a8d392f011b2c89f79966 krb5-workstation-1.3.4-33.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/krb5-1.3.4-33.src.rpm
cea37ecb1360d88c2fdc83f5419babc1 krb5-1.3.4-33.src.rpm

i386:
7a3e83832f13a55c39a1ccc079a5c556 krb5-debuginfo-1.3.4-33.i386.rpm
77b0759d3fcc4545c27f34d4e300cc16 krb5-devel-1.3.4-33.i386.rpm
7650a2f59eb97b17b141804e28f09d44 krb5-libs-1.3.4-33.i386.rpm
f3daae1ee3b0631b863635c375afe72a krb5-server-1.3.4-33.i386.rpm
f6a4726c5d77d16ea2f0713c92f10bae krb5-workstation-1.3.4-33.i386.rpm

ia64:
7a3e83832f13a55c39a1ccc079a5c556 krb5-debuginfo-1.3.4-33.i386.rpm
e4d6ec50ae455203023d5e55b0cca4da krb5-debuginfo-1.3.4-33.ia64.rpm
5dc4a77a4b3c4492afa7f74e83d9f5d0 krb5-devel-1.3.4-33.ia64.rpm
7650a2f59eb97b17b141804e28f09d44 krb5-libs-1.3.4-33.i386.rpm
b15d34edd402823f6b5d1d1d0f013d8d krb5-libs-1.3.4-33.ia64.rpm
ce76f409b19d6824f5d1fdda67c323ef krb5-server-1.3.4-33.ia64.rpm
4ad475560c2723d011b6cf0faf8eca86 krb5-workstation-1.3.4-33.ia64.rpm

x86_64:
7a3e83832f13a55c39a1ccc079a5c556 krb5-debuginfo-1.3.4-33.i386.rpm
ae306e728d14d34e3cf20aa9b979dcd9 krb5-debuginfo-1.3.4-33.x86_64.rpm
feada102b3dd0995e10f63e7c53ccf65 krb5-devel-1.3.4-33.x86_64.rpm
7650a2f59eb97b17b141804e28f09d44 krb5-libs-1.3.4-33.i386.rpm
368e23d9adef4244a67b2e1951d2b74b krb5-libs-1.3.4-33.x86_64.rpm
e0d823bbf3a2cd51b3e918ab8d669355 krb5-server-1.3.4-33.x86_64.rpm
e1b4250df40a8d392f011b2c89f79966 krb5-workstation-1.3.4-33.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/krb5-1.3.4-33.src.rpm
cea37ecb1360d88c2fdc83f5419babc1 krb5-1.3.4-33.src.rpm

i386:
7a3e83832f13a55c39a1ccc079a5c556 krb5-debuginfo-1.3.4-33.i386.rpm
77b0759d3fcc4545c27f34d4e300cc16 krb5-devel-1.3.4-33.i386.rpm
7650a2f59eb97b17b141804e28f09d44 krb5-libs-1.3.4-33.i386.rpm
f3daae1ee3b0631b863635c375afe72a krb5-server-1.3.4-33.i386.rpm
f6a4726c5d77d16ea2f0713c92f10bae krb5-workstation-1.3.4-33.i386.rpm

ia64:
7a3e83832f13a55c39a1ccc079a5c556 krb5-debuginfo-1.3.4-33.i386.rpm
e4d6ec50ae455203023d5e55b0cca4da krb5-debuginfo-1.3.4-33.ia64.rpm
5dc4a77a4b3c4492afa7f74e83d9f5d0 krb5-devel-1.3.4-33.ia64.rpm
7650a2f59eb97b17b141804e28f09d44 krb5-libs-1.3.4-33.i386.rpm
b15d34edd402823f6b5d1d1d0f013d8d krb5-libs-1.3.4-33.ia64.rpm
ce76f409b19d6824f5d1fdda67c323ef krb5-server-1.3.4-33.ia64.rpm
4ad475560c2723d011b6cf0faf8eca86 krb5-workstation-1.3.4-33.ia64.rpm

x86_64:
7a3e83832f13a55c39a1ccc079a5c556 krb5-debuginfo-1.3.4-33.i386.rpm
ae306e728d14d34e3cf20aa9b979dcd9 krb5-debuginfo-1.3.4-33.x86_64.rpm
feada102b3dd0995e10f63e7c53ccf65 krb5-devel-1.3.4-33.x86_64.rpm
7650a2f59eb97b17b141804e28f09d44 krb5-libs-1.3.4-33.i386.rpm
368e23d9adef4244a67b2e1951d2b74b krb5-libs-1.3.4-33.x86_64.rpm
e0d823bbf3a2cd51b3e918ab8d669355 krb5-server-1.3.4-33.x86_64.rpm
e1b4250df40a8d392f011b2c89f79966 krb5-workstation-1.3.4-33.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFE2PfZXlSAg2UNWIIRAg2MAKCYFff8ZalaDeqzTbFDsJEGpa6TiACdEbcq
VUZrQsbQp7YpoRNFPuIHXVQ=
=tAhZ
-----END PGP SIGNATURE-----