Red Hat Product Errata RHSA-2008:0182 - Security Advisory
Issued:
2008-03-18
Updated:
2008-03-18

RHSA-2008:0182 - Security Advisory

Synopsis

Critical: krb5 security update

Type/Severity

Security Advisory: Critical

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated krb5 packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 4.5 Extended Update Support.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Description

Kerberos is a network authentication system which allows clients and
servers to authenticate to each other through use of symmetric encryption
and a trusted third party, the KDC.

A flaw was found in the way the MIT Kerberos Authentication Service and Key
Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets.
An unauthenticated remote attacker could use this flaw to crash the
krb5kdc daemon, disclose portions of its memory, or possibly execute
arbitrary code using malformed or truncated Kerberos v4 protocol
requests. (CVE-2008-0062, CVE-2008-0063)

This issue only affected krb5kdc with Kerberos v4 protocol compatibility
enabled, which is the default setting on Red Hat Enterprise Linux 4.
Kerberos v4 protocol support can be disabled by adding "v4_mode=none"
(without the quotes) to the "[kdcdefaults]" section of
/var/kerberos/krb5kdc/kdc.conf.

Red Hat would like to thank MIT for reporting these issues.

All krb5 users are advised to update to these erratum packages which
contain backported fixes to correct these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 i386
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5 ppc

Fixes

  • BZ - 432620 - CVE-2008-0062 krb5: uninitialized pointer use in krb5kdc
  • BZ - 432621 - CVE-2008-0063 krb5: possible leak of sensitive data from krb5kdc using krb4 request

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5

SRPM
krb5-1.3.4-49.el4_5.1.src.rpm SHA-256: 403cbb99b1076f42fa0bd3ab359f399dc7294b1a43742a62ec880898b92dfbf4
x86_64
krb5-devel-1.3.4-49.el4_5.1.x86_64.rpm SHA-256: 444d8285d5e6342d4b940d252b2c30d0d21a4781d36c74fb51d34271b17ceef2
krb5-devel-1.3.4-49.el4_5.1.x86_64.rpm SHA-256: 444d8285d5e6342d4b940d252b2c30d0d21a4781d36c74fb51d34271b17ceef2
krb5-libs-1.3.4-49.el4_5.1.i386.rpm SHA-256: 5fd5cf9b2868aba06ca539f735a9110a897f08e962f74bfc0c515e2d0776622e
krb5-libs-1.3.4-49.el4_5.1.i386.rpm SHA-256: 5fd5cf9b2868aba06ca539f735a9110a897f08e962f74bfc0c515e2d0776622e
krb5-libs-1.3.4-49.el4_5.1.x86_64.rpm SHA-256: 06b3f7fe4c4ff354870a619f105edab933dc50eaa3a53a0478d08d7dc5e813fb
krb5-libs-1.3.4-49.el4_5.1.x86_64.rpm SHA-256: 06b3f7fe4c4ff354870a619f105edab933dc50eaa3a53a0478d08d7dc5e813fb
krb5-server-1.3.4-49.el4_5.1.x86_64.rpm SHA-256: e9366e1b9078406c361983fee42bcc0c90b0355e3afc936cb28bcaec4de31863
krb5-server-1.3.4-49.el4_5.1.x86_64.rpm SHA-256: e9366e1b9078406c361983fee42bcc0c90b0355e3afc936cb28bcaec4de31863
krb5-workstation-1.3.4-49.el4_5.1.x86_64.rpm SHA-256: 2c4733b4b747c3d021e5a3560edfe43ccf9d42ad49da5c3ef80ba2886b5c1d11
krb5-workstation-1.3.4-49.el4_5.1.x86_64.rpm SHA-256: 2c4733b4b747c3d021e5a3560edfe43ccf9d42ad49da5c3ef80ba2886b5c1d11
ia64
krb5-devel-1.3.4-49.el4_5.1.ia64.rpm SHA-256: 838a2dce90785f0a37a5ac06810c21af08fc8057c1ce0a3016dd8807e1c262b4
krb5-devel-1.3.4-49.el4_5.1.ia64.rpm SHA-256: 838a2dce90785f0a37a5ac06810c21af08fc8057c1ce0a3016dd8807e1c262b4
krb5-libs-1.3.4-49.el4_5.1.i386.rpm SHA-256: 5fd5cf9b2868aba06ca539f735a9110a897f08e962f74bfc0c515e2d0776622e
krb5-libs-1.3.4-49.el4_5.1.i386.rpm SHA-256: 5fd5cf9b2868aba06ca539f735a9110a897f08e962f74bfc0c515e2d0776622e
krb5-libs-1.3.4-49.el4_5.1.ia64.rpm SHA-256: fca943ceb32fae8bdaa31b37ff79d65446a3c7d80b5faf6def63d0740bf1180f
krb5-libs-1.3.4-49.el4_5.1.ia64.rpm SHA-256: fca943ceb32fae8bdaa31b37ff79d65446a3c7d80b5faf6def63d0740bf1180f
krb5-server-1.3.4-49.el4_5.1.ia64.rpm SHA-256: 65eff6b735c496d968a819160d6fa1533c2a72d3149f6ea076091b419d189804
krb5-server-1.3.4-49.el4_5.1.ia64.rpm SHA-256: 65eff6b735c496d968a819160d6fa1533c2a72d3149f6ea076091b419d189804
krb5-workstation-1.3.4-49.el4_5.1.ia64.rpm SHA-256: 16c4cbca6cbe1570e76f0c32854c174bc3a92f6e97e96aedd1a0079a78208b23
krb5-workstation-1.3.4-49.el4_5.1.ia64.rpm SHA-256: 16c4cbca6cbe1570e76f0c32854c174bc3a92f6e97e96aedd1a0079a78208b23
i386
krb5-devel-1.3.4-49.el4_5.1.i386.rpm SHA-256: d8bbcae8d1fdc484195c6cb3794cfecad36c3be2cc6637e1c7a098bbf1cbb290
krb5-devel-1.3.4-49.el4_5.1.i386.rpm SHA-256: d8bbcae8d1fdc484195c6cb3794cfecad36c3be2cc6637e1c7a098bbf1cbb290
krb5-libs-1.3.4-49.el4_5.1.i386.rpm SHA-256: 5fd5cf9b2868aba06ca539f735a9110a897f08e962f74bfc0c515e2d0776622e
krb5-libs-1.3.4-49.el4_5.1.i386.rpm SHA-256: 5fd5cf9b2868aba06ca539f735a9110a897f08e962f74bfc0c515e2d0776622e
krb5-server-1.3.4-49.el4_5.1.i386.rpm SHA-256: 73688304866eb874b8de49c5ecc8c57a56909549f459d16895ecf9e705e7f122
krb5-server-1.3.4-49.el4_5.1.i386.rpm SHA-256: 73688304866eb874b8de49c5ecc8c57a56909549f459d16895ecf9e705e7f122
krb5-workstation-1.3.4-49.el4_5.1.i386.rpm SHA-256: 2f65ced22a80f50099f32f57baf7c77785f3e92886dc53a0d1ad3fe7313edb7e
krb5-workstation-1.3.4-49.el4_5.1.i386.rpm SHA-256: 2f65ced22a80f50099f32f57baf7c77785f3e92886dc53a0d1ad3fe7313edb7e

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5

SRPM
krb5-1.3.4-49.el4_5.1.src.rpm SHA-256: 403cbb99b1076f42fa0bd3ab359f399dc7294b1a43742a62ec880898b92dfbf4
s390x
krb5-devel-1.3.4-49.el4_5.1.s390x.rpm SHA-256: ca3b69527ebcf501cb18575f4d2383d559793176b4d5131736ca76589afa5adc
krb5-libs-1.3.4-49.el4_5.1.s390.rpm SHA-256: 23436d98e9f75992dd549d0bd7f9c9d8dc05c624abc8f521b95d60cfb4a38a33
krb5-libs-1.3.4-49.el4_5.1.s390x.rpm SHA-256: 9e180c26b261f2ff70d4e84325283e3cd4c2affd9c5b6be115e2ebb90016e781
krb5-server-1.3.4-49.el4_5.1.s390x.rpm SHA-256: 3c212217a4dedc45e07aa65f6c756cd3e8e4485f1a16532fed36753e60cc17a0
krb5-workstation-1.3.4-49.el4_5.1.s390x.rpm SHA-256: 7508b95b9ac71fa0105fb2a30238e96d10afc302df2549230b3bcc94d29f2fc4
s390
krb5-devel-1.3.4-49.el4_5.1.s390.rpm SHA-256: 6c7a5c2aa7c4ae37330e8f1d65e0e8a2827f315f50651f6c4f745deafb46c654
krb5-libs-1.3.4-49.el4_5.1.s390.rpm SHA-256: 23436d98e9f75992dd549d0bd7f9c9d8dc05c624abc8f521b95d60cfb4a38a33
krb5-server-1.3.4-49.el4_5.1.s390.rpm SHA-256: ff14a1ebfbb3e04e25ac13f1f755e3645c207540f6c6ef95034e8358bf9c5293
krb5-workstation-1.3.4-49.el4_5.1.s390.rpm SHA-256: 52b59be52a7ba2fbe309b58b67c9dd0c07deebd17d34357660375c16c6e9c8ff

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5

SRPM
krb5-1.3.4-49.el4_5.1.src.rpm SHA-256: 403cbb99b1076f42fa0bd3ab359f399dc7294b1a43742a62ec880898b92dfbf4
ppc
krb5-devel-1.3.4-49.el4_5.1.ppc.rpm SHA-256: bc7e2c3a0fbea7f05cec86496af14befa2e14d1e395a4e54283864c5d2629a87
krb5-libs-1.3.4-49.el4_5.1.ppc.rpm SHA-256: 21e908b85e9352f20b11ce25cb33364f1a29e1c9b97b94f2e7e81d1c2323e947
krb5-libs-1.3.4-49.el4_5.1.ppc64.rpm SHA-256: 6a7e150a1429211051f9da16780386c84fc91e83c277fb4c3499ff5ca4be27ac
krb5-server-1.3.4-49.el4_5.1.ppc.rpm SHA-256: 88bbbb611886b80733d90eec0779d37567d1d42921335c0a09ef478aaad7b2d3
krb5-workstation-1.3.4-49.el4_5.1.ppc.rpm SHA-256: adc7a357e85a2cf74dd07eea30cb3ac5c63f569b70cad3a17162b2bd93d8a061

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.