RHSA-2004:448 - Security Advisory
krb5 security update
Security Advisory: Critical
Updated Kerberos (krb5) packages that correct double-free and ASN.1
parsing bugs are now available for Red Hat Enterprise Linux.
Kerberos is a networked authentication system that uses a trusted third
party (a KDC) to authenticate clients and servers to each other.
Several double-free bugs were found in the Kerberos 5 KDC and libraries. A
remote attacker could potentially exploit these flaws to execuate arbitrary
code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2004-0642 and CAN-2004-0643 to these issues.
A double-free bug was also found in the krb524 server (CAN-2004-0772),
however this issue was fixed for Red Hat Enterprise Linux 2.1 users by a
previous erratum, RHSA-2003:052.
An infinite loop bug was found in the Kerberos 5 ASN.1 decoder library. A
remote attacker may be able to trigger this flaw and cause a denial of
service. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0644 to this issue.
All users of krb5 should upgrade to these updated packages, which contain
backported security patches to resolve these issues.
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
- Red Hat Enterprise Linux Server 2 ia64
- Red Hat Enterprise Linux Server 2 i386
- Red Hat Enterprise Linux Workstation 2 ia64
- Red Hat Enterprise Linux Workstation 2 i386
- BZ - 129680 - Upgrading to krb5-libs 1.2.2-27 can cause undefined symbol __dn_expand
Red Hat Enterprise Linux Server 2
Red Hat Enterprise Linux Workstation 2