Red Hat Product Errata RHBA-2008:0714 - Bug Fix Advisory
Issued:
2008-07-24
Updated:
2008-07-24

RHBA-2008:0714 - Bug Fix Advisory

Synopsis

krb5 bug fix update

Type/Severity

Bug Fix Advisory

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated krb5 packages that fix several bugs are now available.

Description

Kerberos is a network authentication system, which allows clients and
servers to authenticate to each other through the use of symmetric
encryption and a trusted third party: the Key Distribution Center (KDC).

These updated packages fix the following bugs:

  • the krb5 init scripts returned certain error codes that did not comply

with guidelines for various causes of failure. In these updated packages,
the init scripts have been updated to more closely conform to
distribution-wide guidelines.

  • when a calling application supplied a zero-length password, and a

callback function to the krb5_get_init_creds_password() function, libkrb5
provided that callback function with a zero-length buffer in which to place
answers to any questions being asked. This may have denied users SSH access
if sshd was running with the "PermitEmptyPasswords yes" option configured
in "/etc/ssh/sshd_config". These updated packages included a backported fix
to resolve this issue.

  • when replying to an AS request, the KDC incorrectly reported the client's

account expiration time, instead of the client's password expiration time,
frequently causing the client application to display an erroneous warning
to the user.

  • due to a packaging error, RPM verification failed. RPM incorrectly

flagged, as a possible problem, that the contents of the "/etc/krb5.conf"
configuration file had changed, despite such changes being both expected
and normal.

Users of krb5 are advised to upgrade to these updated packages, which
resolve these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

  • BZ - 242501 - Wrong init script
  • BZ - 244645 - Problem for ssh for kerberos users with PermitEmptyPasswords yes
  • BZ - 327521 - Rpm Verify Fails - krb5.conf needs %verify(not md5 size mtime) in %config
  • BZ - 442772 - ftp case directive botches mget when mixed case filenames exit

CVEs

(none)

References

(none)

Red Hat Enterprise Linux Server 4

SRPM
krb5-1.3.4-60.el4.src.rpm SHA-256: ab88dd3bcf3da0ee672bff2cd8bcb5af8880adede198265c862336a00000a1d0
x86_64
krb5-devel-1.3.4-60.el4.x86_64.rpm SHA-256: a41e7dce0216b1e57a1f090a9e5d204e69942537c61e5c436bdd350ba8223b39
krb5-devel-1.3.4-60.el4.x86_64.rpm SHA-256: a41e7dce0216b1e57a1f090a9e5d204e69942537c61e5c436bdd350ba8223b39
krb5-libs-1.3.4-60.el4.i386.rpm SHA-256: d967118b18cd34e62c04f08b1f200b07303147fb0504c7adcb9cd143946a2063
krb5-libs-1.3.4-60.el4.i386.rpm SHA-256: d967118b18cd34e62c04f08b1f200b07303147fb0504c7adcb9cd143946a2063
krb5-libs-1.3.4-60.el4.x86_64.rpm SHA-256: dccc13be5838cee0327e5727ef41721dc0a5c865f110e17f333e5c3b89edc788
krb5-libs-1.3.4-60.el4.x86_64.rpm SHA-256: dccc13be5838cee0327e5727ef41721dc0a5c865f110e17f333e5c3b89edc788
krb5-server-1.3.4-60.el4.x86_64.rpm SHA-256: 19945e19204824f22ccaa8c60db1ed44cb246aba2d9f6c1d86d0ced72f365efa
krb5-server-1.3.4-60.el4.x86_64.rpm SHA-256: 19945e19204824f22ccaa8c60db1ed44cb246aba2d9f6c1d86d0ced72f365efa
krb5-workstation-1.3.4-60.el4.x86_64.rpm SHA-256: d4d34bc2d1546b6fb6c1ac548ddd28f501186eee9a5569d7d16d175fa0de5292
krb5-workstation-1.3.4-60.el4.x86_64.rpm SHA-256: d4d34bc2d1546b6fb6c1ac548ddd28f501186eee9a5569d7d16d175fa0de5292
ia64
krb5-devel-1.3.4-60.el4.ia64.rpm SHA-256: ac1806d8f6b54e6585d14d548531dd428c5ad903318d8947f4b8f13180805a86
krb5-devel-1.3.4-60.el4.ia64.rpm SHA-256: ac1806d8f6b54e6585d14d548531dd428c5ad903318d8947f4b8f13180805a86
krb5-libs-1.3.4-60.el4.i386.rpm SHA-256: d967118b18cd34e62c04f08b1f200b07303147fb0504c7adcb9cd143946a2063
krb5-libs-1.3.4-60.el4.i386.rpm SHA-256: d967118b18cd34e62c04f08b1f200b07303147fb0504c7adcb9cd143946a2063
krb5-libs-1.3.4-60.el4.ia64.rpm SHA-256: 6ec8f9d364580646bdb9d5dc1978aeadfba0ea171b95974f6a53beadcea644d5
krb5-libs-1.3.4-60.el4.ia64.rpm SHA-256: 6ec8f9d364580646bdb9d5dc1978aeadfba0ea171b95974f6a53beadcea644d5
krb5-server-1.3.4-60.el4.ia64.rpm SHA-256: 98ac4f9ab820af7d449fba6482cb9a8c0df3d1808ea73447dd436a18c9205fef
krb5-server-1.3.4-60.el4.ia64.rpm SHA-256: 98ac4f9ab820af7d449fba6482cb9a8c0df3d1808ea73447dd436a18c9205fef
krb5-workstation-1.3.4-60.el4.ia64.rpm SHA-256: 459cbb27dffbd3aa33181212bd093a97734edb5a6484db2362798e68ef674ab6
krb5-workstation-1.3.4-60.el4.ia64.rpm SHA-256: 459cbb27dffbd3aa33181212bd093a97734edb5a6484db2362798e68ef674ab6
i386
krb5-devel-1.3.4-60.el4.i386.rpm SHA-256: 1325bb83213c5060f61281ea47bf3694fc79c12510a5f95e4f9fc847d5c6a823
krb5-devel-1.3.4-60.el4.i386.rpm SHA-256: 1325bb83213c5060f61281ea47bf3694fc79c12510a5f95e4f9fc847d5c6a823
krb5-libs-1.3.4-60.el4.i386.rpm SHA-256: d967118b18cd34e62c04f08b1f200b07303147fb0504c7adcb9cd143946a2063
krb5-libs-1.3.4-60.el4.i386.rpm SHA-256: d967118b18cd34e62c04f08b1f200b07303147fb0504c7adcb9cd143946a2063
krb5-server-1.3.4-60.el4.i386.rpm SHA-256: 08da5653ae0f46ceaf4213c3ba8ea10f7252112e8b9987197fc57770e26ef24f
krb5-server-1.3.4-60.el4.i386.rpm SHA-256: 08da5653ae0f46ceaf4213c3ba8ea10f7252112e8b9987197fc57770e26ef24f
krb5-workstation-1.3.4-60.el4.i386.rpm SHA-256: 2129b9c2ff12bd31c1d3be78cdb008ed1ba5b5ab4857a5ddd86c4cb10c3a8edd
krb5-workstation-1.3.4-60.el4.i386.rpm SHA-256: 2129b9c2ff12bd31c1d3be78cdb008ed1ba5b5ab4857a5ddd86c4cb10c3a8edd

Red Hat Enterprise Linux Workstation 4

SRPM
krb5-1.3.4-60.el4.src.rpm SHA-256: ab88dd3bcf3da0ee672bff2cd8bcb5af8880adede198265c862336a00000a1d0
x86_64
krb5-devel-1.3.4-60.el4.x86_64.rpm SHA-256: a41e7dce0216b1e57a1f090a9e5d204e69942537c61e5c436bdd350ba8223b39
krb5-libs-1.3.4-60.el4.i386.rpm SHA-256: d967118b18cd34e62c04f08b1f200b07303147fb0504c7adcb9cd143946a2063
krb5-libs-1.3.4-60.el4.x86_64.rpm SHA-256: dccc13be5838cee0327e5727ef41721dc0a5c865f110e17f333e5c3b89edc788
krb5-server-1.3.4-60.el4.x86_64.rpm SHA-256: 19945e19204824f22ccaa8c60db1ed44cb246aba2d9f6c1d86d0ced72f365efa
krb5-workstation-1.3.4-60.el4.x86_64.rpm SHA-256: d4d34bc2d1546b6fb6c1ac548ddd28f501186eee9a5569d7d16d175fa0de5292
ia64
krb5-devel-1.3.4-60.el4.ia64.rpm SHA-256: ac1806d8f6b54e6585d14d548531dd428c5ad903318d8947f4b8f13180805a86
krb5-libs-1.3.4-60.el4.i386.rpm SHA-256: d967118b18cd34e62c04f08b1f200b07303147fb0504c7adcb9cd143946a2063
krb5-libs-1.3.4-60.el4.ia64.rpm SHA-256: 6ec8f9d364580646bdb9d5dc1978aeadfba0ea171b95974f6a53beadcea644d5
krb5-server-1.3.4-60.el4.ia64.rpm SHA-256: 98ac4f9ab820af7d449fba6482cb9a8c0df3d1808ea73447dd436a18c9205fef
krb5-workstation-1.3.4-60.el4.ia64.rpm SHA-256: 459cbb27dffbd3aa33181212bd093a97734edb5a6484db2362798e68ef674ab6
i386
krb5-devel-1.3.4-60.el4.i386.rpm SHA-256: 1325bb83213c5060f61281ea47bf3694fc79c12510a5f95e4f9fc847d5c6a823
krb5-libs-1.3.4-60.el4.i386.rpm SHA-256: d967118b18cd34e62c04f08b1f200b07303147fb0504c7adcb9cd143946a2063
krb5-server-1.3.4-60.el4.i386.rpm SHA-256: 08da5653ae0f46ceaf4213c3ba8ea10f7252112e8b9987197fc57770e26ef24f
krb5-workstation-1.3.4-60.el4.i386.rpm SHA-256: 2129b9c2ff12bd31c1d3be78cdb008ed1ba5b5ab4857a5ddd86c4cb10c3a8edd

Red Hat Enterprise Linux Desktop 4

SRPM
krb5-1.3.4-60.el4.src.rpm SHA-256: ab88dd3bcf3da0ee672bff2cd8bcb5af8880adede198265c862336a00000a1d0
x86_64
krb5-devel-1.3.4-60.el4.x86_64.rpm SHA-256: a41e7dce0216b1e57a1f090a9e5d204e69942537c61e5c436bdd350ba8223b39
krb5-libs-1.3.4-60.el4.i386.rpm SHA-256: d967118b18cd34e62c04f08b1f200b07303147fb0504c7adcb9cd143946a2063
krb5-libs-1.3.4-60.el4.x86_64.rpm SHA-256: dccc13be5838cee0327e5727ef41721dc0a5c865f110e17f333e5c3b89edc788
krb5-server-1.3.4-60.el4.x86_64.rpm SHA-256: 19945e19204824f22ccaa8c60db1ed44cb246aba2d9f6c1d86d0ced72f365efa
krb5-workstation-1.3.4-60.el4.x86_64.rpm SHA-256: d4d34bc2d1546b6fb6c1ac548ddd28f501186eee9a5569d7d16d175fa0de5292
i386
krb5-devel-1.3.4-60.el4.i386.rpm SHA-256: 1325bb83213c5060f61281ea47bf3694fc79c12510a5f95e4f9fc847d5c6a823
krb5-libs-1.3.4-60.el4.i386.rpm SHA-256: d967118b18cd34e62c04f08b1f200b07303147fb0504c7adcb9cd143946a2063
krb5-server-1.3.4-60.el4.i386.rpm SHA-256: 08da5653ae0f46ceaf4213c3ba8ea10f7252112e8b9987197fc57770e26ef24f
krb5-workstation-1.3.4-60.el4.i386.rpm SHA-256: 2129b9c2ff12bd31c1d3be78cdb008ed1ba5b5ab4857a5ddd86c4cb10c3a8edd

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
krb5-1.3.4-60.el4.src.rpm SHA-256: ab88dd3bcf3da0ee672bff2cd8bcb5af8880adede198265c862336a00000a1d0
s390x
krb5-devel-1.3.4-60.el4.s390x.rpm SHA-256: 352617df6ead54c3e868754dfb49e8c9f693a7a25e77c54d8ffcb36d3d5ed9d7
krb5-libs-1.3.4-60.el4.s390.rpm SHA-256: 09bf958309f675e1387a00f24908ec3abdb02d2dbbd2460ada758d8834bcf6ef
krb5-libs-1.3.4-60.el4.s390x.rpm SHA-256: e76e07201acc77efaeb2edec9695383b5a32da824f5dde104e4e19922fff8907
krb5-server-1.3.4-60.el4.s390x.rpm SHA-256: b4a47769253a8c41e581a5bcbcb4a5a0ad5e922595c5a68f781f41ba99f2daa1
krb5-workstation-1.3.4-60.el4.s390x.rpm SHA-256: c2e90b574692a72c9977b9d45ed253c3d30d3c8c463ea1230abe31cf83d5f07e
s390
krb5-devel-1.3.4-60.el4.s390.rpm SHA-256: e72b520221e5e954e279c03584c28b8267ed16b3b26a43d14e2216aaaac6a8f1
krb5-libs-1.3.4-60.el4.s390.rpm SHA-256: 09bf958309f675e1387a00f24908ec3abdb02d2dbbd2460ada758d8834bcf6ef
krb5-server-1.3.4-60.el4.s390.rpm SHA-256: 380ebc615cb9ddab6d76c638dee0dd73daffc7fcb8446be4a81e37700c9eaed6
krb5-workstation-1.3.4-60.el4.s390.rpm SHA-256: 012f84b662b6ade9144f35abe059f2c22768f750d7f695f91674a8e16c2046f8

Red Hat Enterprise Linux for Power, big endian 4

SRPM
krb5-1.3.4-60.el4.src.rpm SHA-256: ab88dd3bcf3da0ee672bff2cd8bcb5af8880adede198265c862336a00000a1d0
ppc
krb5-devel-1.3.4-60.el4.ppc.rpm SHA-256: 833330a8e3104a2bef6598c559256744746cbfaaca020a30378dad8794a100d3
krb5-libs-1.3.4-60.el4.ppc.rpm SHA-256: 3956a259e7f0daad26303b6826c847b8d8bc52021e0d18b70eb494e2f1862885
krb5-libs-1.3.4-60.el4.ppc64.rpm SHA-256: c195ae7fe06a15359f2d35dd49a2a24047328d750fc9dd1fcd0491fbff1e00cf
krb5-server-1.3.4-60.el4.ppc.rpm SHA-256: 47110101903e343716ebd7e29b0aa64151037695c0cede85b23582f283db774a
krb5-workstation-1.3.4-60.el4.ppc.rpm SHA-256: 69f1ec7ce90365dc34cfb9d9ed608262b52a3d0dc48b9771d090641d55f2146d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.