-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: krb5
Advisory ID: MDKSA-2004:088
Date: August 31st, 2004
Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
A double-free vulnerability exists in the MIT Kerberos 5's KDC program
that could potentially allow a remote attacker to execute arbitrary
code on the KDC host. As well, multiple double-free vulnerabilities
exist in the krb5 library code, which makes client programs and
application servers vulnerable. The MIT Kerberos 5 development team
believes that exploitation of these bugs would be difficult and no
known vulnerabilities are believed to exist. The vulnerability in
krb524d was discovered by Marc Horowitz; the other double-free
vulnerabilities were discovered by Will Fiveash and Nico Williams at
Sun.
Will Fiveash and Nico Williams also found another vulnerability in the
ASN.1 decoder library. This makes krb5 vulnerable to a DoS (Denial of
Service) attack causing an infinite loop in the decoder. The KDC is
vulnerable to this attack.
The MIT Kerberos 5 team has provided patches which have been applied
to the updated software to fix these issues. Mandrakesoft encourages
all users to upgrade immediately.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0772
http://www.kb.cert.org/vuls/id/550464
http://www.kb.cert.org/vuls/id/795632
http://www.kb.cert.org/vuls/id/866472
http://www.kb.cert.org/vuls/id/350792
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-002-dblfree.txt
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-003-asn1.txt
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
73bb98eb62d434558f17831600fb1458 10.0/RPMS/ftp-client-krb5-1.3-6.3.100mdk.i586.rpm
c478483ce848d59f3f3cf392fbc1eb4b 10.0/RPMS/ftp-server-krb5-1.3-6.3.100mdk.i586.rpm
9e373a4d304f7c6158769f7703a76b01 10.0/RPMS/krb5-server-1.3-6.3.100mdk.i586.rpm
c3ec5f6e266efe0df3dea9edcf801358 10.0/RPMS/krb5-workstation-1.3-6.3.100mdk.i586.rpm
34951f4e03deff6e11025f1955035ae0 10.0/RPMS/libkrb51-1.3-6.3.100mdk.i586.rpm
2e1e16e24bcbbed0c6b9b3cd46eca10c 10.0/RPMS/libkrb51-devel-1.3-6.3.100mdk.i586.rpm
b8201603630be58a4fa7facb91c7f154 10.0/RPMS/telnet-client-krb5-1.3-6.3.100mdk.i586.rpm
666908b4dea44b25838965b02f00c1dd 10.0/RPMS/telnet-server-krb5-1.3-6.3.100mdk.i586.rpm
f3aaaf216f7a850eaf8cb598a20ffc10 10.0/SRPMS/krb5-1.3-6.3.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
2af868662b6264e92be5db61ab15d556 amd64/10.0/RPMS/ftp-client-krb5-1.3-6.3.100mdk.amd64.rpm
31bf307767c05eae0ac91a417b8bc1f9 amd64/10.0/RPMS/ftp-server-krb5-1.3-6.3.100mdk.amd64.rpm
319c35d89dddb94c6c5a70d407e466df amd64/10.0/RPMS/krb5-server-1.3-6.3.100mdk.amd64.rpm
080f4241e3b5029ca271491de7fb82c0 amd64/10.0/RPMS/krb5-workstation-1.3-6.3.100mdk.amd64.rpm
dfdff0b6b8e67292226c72abdec54e02 amd64/10.0/RPMS/lib64krb51-1.3-6.3.100mdk.amd64.rpm
155f76064f777a5f2d912ff18b1f0303 amd64/10.0/RPMS/lib64krb51-devel-1.3-6.3.100mdk.amd64.rpm
d20e6f4e4eb501f05d9e6af488add5a9 amd64/10.0/RPMS/telnet-client-krb5-1.3-6.3.100mdk.amd64.rpm
ed5c9891c82e49b28572e7df936f6493 amd64/10.0/RPMS/telnet-server-krb5-1.3-6.3.100mdk.amd64.rpm
f3aaaf216f7a850eaf8cb598a20ffc10 amd64/10.0/SRPMS/krb5-1.3-6.3.100mdk.src.rpm
Corporate Server 2.1:
9d22863c6d09a174166e708b7c6ba939 corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.7.C21mdk.i586.rpm
84cebdea8971d8248f93f3082fb0fe31 corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.7.C21mdk.i586.rpm
41588cb74622aae52f110ac9d15041cb corporate/2.1/RPMS/krb5-devel-1.2.5-1.7.C21mdk.i586.rpm
a0c447a980bbe4690af8bf5cb1676a5c corporate/2.1/RPMS/krb5-libs-1.2.5-1.7.C21mdk.i586.rpm
36d8acaa6d56802ae6c85d62e29ed60f corporate/2.1/RPMS/krb5-server-1.2.5-1.7.C21mdk.i586.rpm
05c39800a5b323e82f670398c77fff08 corporate/2.1/RPMS/krb5-workstation-1.2.5-1.7.C21mdk.i586.rpm
1cd56fccbfa1412f5fb90c0bbcc4647f corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.7.C21mdk.i586.rpm
d716bf6b8fd8836203dac119db0ee0b4 corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.7.C21mdk.i586.rpm
9447bb1a7e7520fcde4ebfc33ab72d6e corporate/2.1/SRPMS/krb5-1.2.5-1.7.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
7cc0c84ac6d19ed0d5ce75409aaf5c32 x86_64/corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.7.C21mdk.x86_64.rpm
2f78604bcb5826934d18761973861c43 x86_64/corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.7.C21mdk.x86_64.rpm
92f08007a0f82334b7510aa51b2462a8 x86_64/corporate/2.1/RPMS/krb5-devel-1.2.5-1.7.C21mdk.x86_64.rpm
812e14a4be8fc9da8c4b8d1796e91537 x86_64/corporate/2.1/RPMS/krb5-libs-1.2.5-1.7.C21mdk.x86_64.rpm
ddbf43767fe84596fd841208e4f52411 x86_64/corporate/2.1/RPMS/krb5-server-1.2.5-1.7.C21mdk.x86_64.rpm
8dd02b95a90960233afc8dcd40d1d057 x86_64/corporate/2.1/RPMS/krb5-workstation-1.2.5-1.7.C21mdk.x86_64.rpm
70dd009c061b6124d49d91464c10d7ea x86_64/corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.7.C21mdk.x86_64.rpm
7d5721b36c4d5df068c60eee73742c8a x86_64/corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.7.C21mdk.x86_64.rpm
9447bb1a7e7520fcde4ebfc33ab72d6e x86_64/corporate/2.1/SRPMS/krb5-1.2.5-1.7.C21mdk.src.rpm
Mandrakelinux 9.1:
097a2e12350a3ade31fae4c932d19e07 9.1/RPMS/ftp-client-krb5-1.2.7-1.4.91mdk.i586.rpm
2c633d7c508d76965cd3810dc031a4db 9.1/RPMS/ftp-server-krb5-1.2.7-1.4.91mdk.i586.rpm
76f2c05668511a7f4ba91bdc386ef4fe 9.1/RPMS/krb5-devel-1.2.7-1.4.91mdk.i586.rpm
9d40edf481b4f422428f85ff74dbc74c 9.1/RPMS/krb5-libs-1.2.7-1.4.91mdk.i586.rpm
ca64ff3f58567d44e15289ef74616f53 9.1/RPMS/krb5-server-1.2.7-1.4.91mdk.i586.rpm
98b098ebc6458fbee8a4f8f8931cbb03 9.1/RPMS/krb5-workstation-1.2.7-1.4.91mdk.i586.rpm
5166992c03e97b9fa55609271747b2ae 9.1/RPMS/telnet-client-krb5-1.2.7-1.4.91mdk.i586.rpm
59a9763e113ad2f319c826b8e13762d0 9.1/RPMS/telnet-server-krb5-1.2.7-1.4.91mdk.i586.rpm
6c62e73e872133b51287c902d15511b1 9.1/SRPMS/krb5-1.2.7-1.4.91mdk.src.rpm
Mandrakelinux 9.1/PPC:
7105c4249b38453bc5fabf2ebe19b870 ppc/9.1/RPMS/ftp-client-krb5-1.2.7-1.4.91mdk.ppc.rpm
5b8bdffbdd3cc36b7763a9fb380e366f ppc/9.1/RPMS/ftp-server-krb5-1.2.7-1.4.91mdk.ppc.rpm
d516817207e2773b33cb823d913e04c3 ppc/9.1/RPMS/krb5-devel-1.2.7-1.4.91mdk.ppc.rpm
32fa10923b950f4a125e2228ad7cabca ppc/9.1/RPMS/krb5-libs-1.2.7-1.4.91mdk.ppc.rpm
6da80b652767d48a9305448470151229 ppc/9.1/RPMS/krb5-server-1.2.7-1.4.91mdk.ppc.rpm
1f7e604cf9a7e305facd53542c3e15df ppc/9.1/RPMS/krb5-workstation-1.2.7-1.4.91mdk.ppc.rpm
b9dee2c91cd387e0d6e062a1ccc00662 ppc/9.1/RPMS/telnet-client-krb5-1.2.7-1.4.91mdk.ppc.rpm
fb648e078c85433de7f9ac7ef90709dc ppc/9.1/RPMS/telnet-server-krb5-1.2.7-1.4.91mdk.ppc.rpm
6c62e73e872133b51287c902d15511b1 ppc/9.1/SRPMS/krb5-1.2.7-1.4.91mdk.src.rpm
Mandrakelinux 9.2:
90415502d5a62a79594f5fef4244e7c8 9.2/RPMS/ftp-client-krb5-1.3-3.3.92mdk.i586.rpm
7d82c32903319720fba066204ab175e1 9.2/RPMS/ftp-server-krb5-1.3-3.3.92mdk.i586.rpm
b1ddf3c172f89fb13fa0f786969ccc31 9.2/RPMS/krb5-server-1.3-3.3.92mdk.i586.rpm
40acba56c3e11c475e31de3a1bae0cb5 9.2/RPMS/krb5-workstation-1.3-3.3.92mdk.i586.rpm
cfd5554e669ef905f74594bcba6ccf4c 9.2/RPMS/libkrb51-1.3-3.3.92mdk.i586.rpm
5ea52458e2d00aa6a300aaa5a50ca389 9.2/RPMS/libkrb51-devel-1.3-3.3.92mdk.i586.rpm
6c081822fb10635aa6794e9930b3a2ea 9.2/RPMS/telnet-client-krb5-1.3-3.3.92mdk.i586.rpm
2a41c73fa2475981a944062984a2dd2d 9.2/RPMS/telnet-server-krb5-1.3-3.3.92mdk.i586.rpm
8799df57f8078659c7942a18da4f180b 9.2/SRPMS/krb5-1.3-3.3.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
cb418490002d5bfc9a063a35e04e4b06 amd64/9.2/RPMS/ftp-client-krb5-1.3-3.3.92mdk.amd64.rpm
6eb46b17f7d259196837767edaf0362e amd64/9.2/RPMS/ftp-server-krb5-1.3-3.3.92mdk.amd64.rpm
bfec6312e1bfe7df0af348238ffb3e54 amd64/9.2/RPMS/krb5-server-1.3-3.3.92mdk.amd64.rpm
8db31b019fed08e22731bcc42528b883 amd64/9.2/RPMS/krb5-workstation-1.3-3.3.92mdk.amd64.rpm
7d167edd4f1586679651851964ce90ea amd64/9.2/RPMS/lib64krb51-1.3-3.3.92mdk.amd64.rpm
e16b452c492c3b38b47e5f7ac29ccb51 amd64/9.2/RPMS/lib64krb51-devel-1.3-3.3.92mdk.amd64.rpm
46e3c90ed9654d144f4c1970857abc44 amd64/9.2/RPMS/telnet-client-krb5-1.3-3.3.92mdk.amd64.rpm
e6ba681247da6ff006841be52ec974d1 amd64/9.2/RPMS/telnet-server-krb5-1.3-3.3.92mdk.amd64.rpm
8799df57f8078659c7942a18da4f180b amd64/9.2/SRPMS/krb5-1.3-3.3.92mdk.src.rpm
Multi Network Firewall 8.2:
e8fb8405db0a463f4f83bad54064770f mnf8.2/RPMS/krb5-libs-1.2.2-17.8.M82mdk.i586.rpm
da83d39d128b15e4ed7c5311c3753ce4 mnf8.2/SRPMS/krb5-1.2.2-17.8.M82mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBNRc0mqjQ0CJFipgRAv+DAKCYaTBXyq5hI+7/A0Tw/2L5Ox+Z2ACeN5Bk
Im34K0OyWO3svhYoEtegTMc=
=SNj3
-----END PGP SIGNATURE-----
