- Issued:
- 2011-07-21
- Updated:
- 2011-07-21
RHBA-2011:1031 - Bug Fix Advisory
Synopsis
krb5 bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated krb5 packages that fix multiple bugs and add one enhancement are now
available for Red Hat Enterprise Linux 5.
Description
Kerberos is a network authentication system which allows clients and servers to
authenticate to each other with the help of a trusted third party, a KDC.
This update fixes the following bugs:
- Prior to this update,the lock of the realm database could, under certain
circumstances, not be released. Due to this problem, the lock could not be
acquired until the clearing process was stopped or restarted. With this update,
the realm database is successfully locked. (BZ#586032)
- Prior to this update,the Kerberos-aware FTP server did not parse the
"restrict" keyword correctly when it was used in /etc/ftpusers. This update
modifies the code so that the server parses the "restrict" keyword correctly.
(BZ#644215)
- Prior to this update,the Kerberos-aware FTP client did not correctly display
the size of a transferred file on 32-bit systems if the size of the file
exceeded 4GB. This update modifies the type of the variable used to track the
number of bytes transferred. (BZ#648404)
- Prior to this update, the client libraries failed, under certain
circumstances, to parse an error reply message from the server when trying to
change passwords. With this update, the client library can parse the message and
correctly returns the reported error to its caller. (BZ#658871)
- Prior to this update, Kerberos-aware servers leaked memory when replay caching
was disabled. This update modifies the code so that no more memory leaks occur.
(BZ#678205)
- Prior to this update, the SELinux label was not maintained for replay cache
files when expired entries were expunged. This update maintains the reply cache
files in such a case. (BZ#712453)
This update also adds the following enhancement:
- Prior to this update, the Kerberos-aware FTP client was not able to parse user
commands if the length of the command exceeded the limit of 500 characters. This
update allows for the Kerberos-aware FTP client to parse user commands without
character limit. (BZ#665833)
All Kerberos users are advised to upgrade to these updated packages, which fix
these bugs and add this enhancement.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259/
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 586032 - kadmind fails to lock db during password change: Cannot lock database
- BZ - 644215 - krb5ftpd off by one error when reading /etc/ftpusers for restricted users
- BZ - 648404 - Kerberos ftp shows wrong transferred bytes when transferring a file in size of more than 4GiB.
- BZ - 658871 - krb5-lib wrongly considers KRB5KRB_AP_ERR_REPEAT error from MS AD as correct application reply leading to wrong error "Requested protocol version not supported"
- BZ - 712453 - application linked to krb5-libs creates /var/tmp/host_0 with wrong selinux context
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
krb5-1.6.1-62.el5.src.rpm | SHA-256: abb9a993ba1b8d3cb6835fc1870d1957503eadd654dc4e2bd78054b6e2faa6c2 |
x86_64 | |
krb5-devel-1.6.1-62.el5.i386.rpm | SHA-256: 4cded338f4f9bf30cd29a69e9a2c061c6bace68551608d28b1aa9360ff7e837c |
krb5-devel-1.6.1-62.el5.x86_64.rpm | SHA-256: 9f6c3b30f9db8d5a6f17d21c757b9c3b55696d1a798f931a49470fa8fca8b5f0 |
krb5-libs-1.6.1-62.el5.i386.rpm | SHA-256: da12f8224c8256a872acaa584bae35a893d19d221e7980fdda21a1feea3b48db |
krb5-libs-1.6.1-62.el5.x86_64.rpm | SHA-256: 236c575cef90687b5d2f6e97c2614ed12a2531678b621e326d35f514da255663 |
krb5-server-1.6.1-62.el5.x86_64.rpm | SHA-256: ada8186b00c83d16c8675cce83295e6fed0998baa7524d4fdc780cce13389b58 |
krb5-server-ldap-1.6.1-62.el5.x86_64.rpm | SHA-256: 8b340b6d10af8b527333ecbd3dc48b581e0efc890f815e13149ef560fa5a10f8 |
krb5-workstation-1.6.1-62.el5.x86_64.rpm | SHA-256: e19706944e31dabb1dca16c797d6282a0d6032202b1ca75975231b7d9714afca |
ia64 | |
krb5-devel-1.6.1-62.el5.ia64.rpm | SHA-256: 1c468cb66ea89acac539a4a9c6859006eb8f259dce4553f6784ab5ae2658b0c0 |
krb5-libs-1.6.1-62.el5.i386.rpm | SHA-256: da12f8224c8256a872acaa584bae35a893d19d221e7980fdda21a1feea3b48db |
krb5-libs-1.6.1-62.el5.ia64.rpm | SHA-256: d70ee282c56c7094e2a4f98f43f3a7577eed475cfb6aabbc5240c65efe520bbb |
krb5-server-1.6.1-62.el5.ia64.rpm | SHA-256: 173e8d77e13bb64de4ae0d45c71a4fabd19b06b07b65cea6f277c077ea106c42 |
krb5-server-ldap-1.6.1-62.el5.ia64.rpm | SHA-256: 8466e44d344d4a81794f79574731369ebeb63b759ff78adba07412cff4e8e85e |
krb5-workstation-1.6.1-62.el5.ia64.rpm | SHA-256: 5f74c8b6f42809b14e5a7dab73ac9751dc75bc729733ac2597460fe9dc7ad26d |
i386 | |
krb5-devel-1.6.1-62.el5.i386.rpm | SHA-256: 4cded338f4f9bf30cd29a69e9a2c061c6bace68551608d28b1aa9360ff7e837c |
krb5-libs-1.6.1-62.el5.i386.rpm | SHA-256: da12f8224c8256a872acaa584bae35a893d19d221e7980fdda21a1feea3b48db |
krb5-server-1.6.1-62.el5.i386.rpm | SHA-256: 44ba72eb8a22ad3fd862e6f9d052a3541266d490be795db3bed34ff09f171621 |
krb5-server-ldap-1.6.1-62.el5.i386.rpm | SHA-256: 7b8ef36f4ebf5edd78bb80b748993645a1033cca79e725606a0ee0066e4f0fc1 |
krb5-workstation-1.6.1-62.el5.i386.rpm | SHA-256: ac3b3ea76e47a45030f6b9199b6aaa7a39b243890076d5bf02d8ce94b78166ec |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
krb5-1.6.1-62.el5.src.rpm | SHA-256: abb9a993ba1b8d3cb6835fc1870d1957503eadd654dc4e2bd78054b6e2faa6c2 |
x86_64 | |
krb5-devel-1.6.1-62.el5.i386.rpm | SHA-256: 4cded338f4f9bf30cd29a69e9a2c061c6bace68551608d28b1aa9360ff7e837c |
krb5-devel-1.6.1-62.el5.x86_64.rpm | SHA-256: 9f6c3b30f9db8d5a6f17d21c757b9c3b55696d1a798f931a49470fa8fca8b5f0 |
krb5-libs-1.6.1-62.el5.i386.rpm | SHA-256: da12f8224c8256a872acaa584bae35a893d19d221e7980fdda21a1feea3b48db |
krb5-libs-1.6.1-62.el5.x86_64.rpm | SHA-256: 236c575cef90687b5d2f6e97c2614ed12a2531678b621e326d35f514da255663 |
krb5-server-1.6.1-62.el5.x86_64.rpm | SHA-256: ada8186b00c83d16c8675cce83295e6fed0998baa7524d4fdc780cce13389b58 |
krb5-server-ldap-1.6.1-62.el5.x86_64.rpm | SHA-256: 8b340b6d10af8b527333ecbd3dc48b581e0efc890f815e13149ef560fa5a10f8 |
krb5-workstation-1.6.1-62.el5.x86_64.rpm | SHA-256: e19706944e31dabb1dca16c797d6282a0d6032202b1ca75975231b7d9714afca |
i386 | |
krb5-devel-1.6.1-62.el5.i386.rpm | SHA-256: 4cded338f4f9bf30cd29a69e9a2c061c6bace68551608d28b1aa9360ff7e837c |
krb5-libs-1.6.1-62.el5.i386.rpm | SHA-256: da12f8224c8256a872acaa584bae35a893d19d221e7980fdda21a1feea3b48db |
krb5-server-1.6.1-62.el5.i386.rpm | SHA-256: 44ba72eb8a22ad3fd862e6f9d052a3541266d490be795db3bed34ff09f171621 |
krb5-server-ldap-1.6.1-62.el5.i386.rpm | SHA-256: 7b8ef36f4ebf5edd78bb80b748993645a1033cca79e725606a0ee0066e4f0fc1 |
krb5-workstation-1.6.1-62.el5.i386.rpm | SHA-256: ac3b3ea76e47a45030f6b9199b6aaa7a39b243890076d5bf02d8ce94b78166ec |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
krb5-1.6.1-62.el5.src.rpm | SHA-256: abb9a993ba1b8d3cb6835fc1870d1957503eadd654dc4e2bd78054b6e2faa6c2 |
x86_64 | |
krb5-libs-1.6.1-62.el5.i386.rpm | SHA-256: da12f8224c8256a872acaa584bae35a893d19d221e7980fdda21a1feea3b48db |
krb5-libs-1.6.1-62.el5.x86_64.rpm | SHA-256: 236c575cef90687b5d2f6e97c2614ed12a2531678b621e326d35f514da255663 |
krb5-workstation-1.6.1-62.el5.x86_64.rpm | SHA-256: e19706944e31dabb1dca16c797d6282a0d6032202b1ca75975231b7d9714afca |
i386 | |
krb5-libs-1.6.1-62.el5.i386.rpm | SHA-256: da12f8224c8256a872acaa584bae35a893d19d221e7980fdda21a1feea3b48db |
krb5-workstation-1.6.1-62.el5.i386.rpm | SHA-256: ac3b3ea76e47a45030f6b9199b6aaa7a39b243890076d5bf02d8ce94b78166ec |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
krb5-1.6.1-62.el5.src.rpm | SHA-256: abb9a993ba1b8d3cb6835fc1870d1957503eadd654dc4e2bd78054b6e2faa6c2 |
s390x | |
krb5-devel-1.6.1-62.el5.s390.rpm | SHA-256: 4c4d817f40c98bf3a71f8f56d21346444e15691fbd3825057b9858d3a6cf5312 |
krb5-devel-1.6.1-62.el5.s390x.rpm | SHA-256: ac24aea2d370f3c840b9f672ea60c8ef146e2192fd0a7a18409abf5ede1051f0 |
krb5-libs-1.6.1-62.el5.s390.rpm | SHA-256: 59dbec9ab0e6665074856bc71fbbd0e551852579172275d0451665cd12d68455 |
krb5-libs-1.6.1-62.el5.s390x.rpm | SHA-256: 533908ddf4a983916684b81053c868229bc0d5631a1a352ec7d4494b89dd172e |
krb5-server-1.6.1-62.el5.s390x.rpm | SHA-256: 739356a6f5acc01a8f37c71df9023d66b486f12752b63f30a170fc6501b2b8a6 |
krb5-server-ldap-1.6.1-62.el5.s390x.rpm | SHA-256: e22bdf22663c1170993aa067b35e6cfb9e0d68b833f4a7fb5d0a365964e8bf3d |
krb5-workstation-1.6.1-62.el5.s390x.rpm | SHA-256: f126467e773ec241242a091eae90c60dfebbb91e1dca27067a74c764117bb771 |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
krb5-1.6.1-62.el5.src.rpm | SHA-256: abb9a993ba1b8d3cb6835fc1870d1957503eadd654dc4e2bd78054b6e2faa6c2 |
ppc | |
krb5-devel-1.6.1-62.el5.ppc.rpm | SHA-256: 1ccce92fbfaf94e4546f7c11783b21de57c6c31f11cdeebe6af7d334100ca1b5 |
krb5-devel-1.6.1-62.el5.ppc64.rpm | SHA-256: 841f75ee937fab8e77e39229d1fbaba224c70a5337e375ce007621b8bdbc3147 |
krb5-libs-1.6.1-62.el5.ppc.rpm | SHA-256: 505d2aff911a3b07d8ecb8114c26ce8c3b8a54ec51e6798c0b9f8ec29396f222 |
krb5-libs-1.6.1-62.el5.ppc64.rpm | SHA-256: d48f600a6aab085d96b8be3ac0c1155b1448f3a849505ba4bb8610bb5ba16579 |
krb5-server-1.6.1-62.el5.ppc.rpm | SHA-256: 50ed859cfb67dd4569f35f603ba6431a7d1df47dd6e37c2b018663a6771a347d |
krb5-server-ldap-1.6.1-62.el5.ppc.rpm | SHA-256: c08a79772a6549d53e438e1fbded4bf4a0369cf8c1fb9d391c073a5107d77011 |
krb5-workstation-1.6.1-62.el5.ppc.rpm | SHA-256: 4be9be22f77de57f05650b7079769bbd74e69f8c06eedb031dafe30331d26b81 |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
krb5-1.6.1-62.el5.src.rpm | SHA-256: abb9a993ba1b8d3cb6835fc1870d1957503eadd654dc4e2bd78054b6e2faa6c2 |
x86_64 | |
krb5-devel-1.6.1-62.el5.i386.rpm | SHA-256: 4cded338f4f9bf30cd29a69e9a2c061c6bace68551608d28b1aa9360ff7e837c |
krb5-devel-1.6.1-62.el5.x86_64.rpm | SHA-256: 9f6c3b30f9db8d5a6f17d21c757b9c3b55696d1a798f931a49470fa8fca8b5f0 |
krb5-libs-1.6.1-62.el5.i386.rpm | SHA-256: da12f8224c8256a872acaa584bae35a893d19d221e7980fdda21a1feea3b48db |
krb5-libs-1.6.1-62.el5.x86_64.rpm | SHA-256: 236c575cef90687b5d2f6e97c2614ed12a2531678b621e326d35f514da255663 |
krb5-server-1.6.1-62.el5.x86_64.rpm | SHA-256: ada8186b00c83d16c8675cce83295e6fed0998baa7524d4fdc780cce13389b58 |
krb5-server-ldap-1.6.1-62.el5.x86_64.rpm | SHA-256: 8b340b6d10af8b527333ecbd3dc48b581e0efc890f815e13149ef560fa5a10f8 |
krb5-workstation-1.6.1-62.el5.x86_64.rpm | SHA-256: e19706944e31dabb1dca16c797d6282a0d6032202b1ca75975231b7d9714afca |
i386 | |
krb5-devel-1.6.1-62.el5.i386.rpm | SHA-256: 4cded338f4f9bf30cd29a69e9a2c061c6bace68551608d28b1aa9360ff7e837c |
krb5-libs-1.6.1-62.el5.i386.rpm | SHA-256: da12f8224c8256a872acaa584bae35a893d19d221e7980fdda21a1feea3b48db |
krb5-server-1.6.1-62.el5.i386.rpm | SHA-256: 44ba72eb8a22ad3fd862e6f9d052a3541266d490be795db3bed34ff09f171621 |
krb5-server-ldap-1.6.1-62.el5.i386.rpm | SHA-256: 7b8ef36f4ebf5edd78bb80b748993645a1033cca79e725606a0ee0066e4f0fc1 |
krb5-workstation-1.6.1-62.el5.i386.rpm | SHA-256: ac3b3ea76e47a45030f6b9199b6aaa7a39b243890076d5bf02d8ce94b78166ec |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.