[RHSA-2006:0612-01] Important: krb5 security update

bugzilla at redhat.com bugzilla at redhat.com
Tue Aug 8 20:45:15 UTC 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: krb5 security update
Advisory ID:       RHSA-2006:0612-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0612.html
Issue date:        2006-08-08
Updated on:        2006-08-08
Product:           Red Hat Enterprise Linux
Keywords:          setuid
CVE Names:         CVE-2006-3083 
- ---------------------------------------------------------------------

1. Summary:

Updated krb5 packages are now available for Red Hat Enterprise Linux 4 to
correct a privilege escalation security flaw.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Kerberos is a network authentication system which allows clients and
servers to authenticate to each other through use of symmetric encryption
and a trusted third party, the KDC.

A flaw was found where some bundled Kerberos-aware applications would fail
to check the result of the setuid() call. On Linux 2.6 kernels, the
setuid() call can fail if certain user limits are hit. A local attacker
could manipulate their environment in such a way to get the applications to
continue to run as root, potentially leading to an escalation of
privileges.  (CVE-2006-3083).

Users are advised to update to these erratum packages which contain a
backported fix to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

197818 - CVE-2006-3083 krb5 multiple unsafe setuid usage

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/krb5-1.3.4-33.src.rpm
cea37ecb1360d88c2fdc83f5419babc1  krb5-1.3.4-33.src.rpm

i386:
7a3e83832f13a55c39a1ccc079a5c556  krb5-debuginfo-1.3.4-33.i386.rpm
77b0759d3fcc4545c27f34d4e300cc16  krb5-devel-1.3.4-33.i386.rpm
7650a2f59eb97b17b141804e28f09d44  krb5-libs-1.3.4-33.i386.rpm
f3daae1ee3b0631b863635c375afe72a  krb5-server-1.3.4-33.i386.rpm
f6a4726c5d77d16ea2f0713c92f10bae  krb5-workstation-1.3.4-33.i386.rpm

ia64:
7a3e83832f13a55c39a1ccc079a5c556  krb5-debuginfo-1.3.4-33.i386.rpm
e4d6ec50ae455203023d5e55b0cca4da  krb5-debuginfo-1.3.4-33.ia64.rpm
5dc4a77a4b3c4492afa7f74e83d9f5d0  krb5-devel-1.3.4-33.ia64.rpm
7650a2f59eb97b17b141804e28f09d44  krb5-libs-1.3.4-33.i386.rpm
b15d34edd402823f6b5d1d1d0f013d8d  krb5-libs-1.3.4-33.ia64.rpm
ce76f409b19d6824f5d1fdda67c323ef  krb5-server-1.3.4-33.ia64.rpm
4ad475560c2723d011b6cf0faf8eca86  krb5-workstation-1.3.4-33.ia64.rpm

ppc:
c1739675331b5f8d819eac90ad29c222  krb5-debuginfo-1.3.4-33.ppc.rpm
379c91cb057181e02cdfd6092d3f746c  krb5-debuginfo-1.3.4-33.ppc64.rpm
2f5cceda4ec3dcb5a0fca0829055f512  krb5-devel-1.3.4-33.ppc.rpm
de6fdc9b22ed426ba7542018e9174adb  krb5-libs-1.3.4-33.ppc.rpm
8759e9dd51c3614a5259db73e57a26a3  krb5-libs-1.3.4-33.ppc64.rpm
55ebf269ef488d8a281ee28fcb450383  krb5-server-1.3.4-33.ppc.rpm
4015802b89b7d6b92023a3da7787e30d  krb5-workstation-1.3.4-33.ppc.rpm

s390:
e4a005da7af0377354f69308b9a9acef  krb5-debuginfo-1.3.4-33.s390.rpm
55995e2d6b79c58dbb85ec2af716fe78  krb5-devel-1.3.4-33.s390.rpm
811ab87d0c59091d4a0de6e748086d5e  krb5-libs-1.3.4-33.s390.rpm
3ec54f81728a0a9ae22afcb2855ed732  krb5-server-1.3.4-33.s390.rpm
fe5ee4916e5aa24d499a1f8992d1036d  krb5-workstation-1.3.4-33.s390.rpm

s390x:
e4a005da7af0377354f69308b9a9acef  krb5-debuginfo-1.3.4-33.s390.rpm
43c2b4a0cf29aca1247d0c1d6ba4e24a  krb5-debuginfo-1.3.4-33.s390x.rpm
4883f400df4d8123c70604a430f92647  krb5-devel-1.3.4-33.s390x.rpm
811ab87d0c59091d4a0de6e748086d5e  krb5-libs-1.3.4-33.s390.rpm
1e13d025a766bc5ab50ebe3062586ef9  krb5-libs-1.3.4-33.s390x.rpm
7f3303ba3883bf0c5135cd39ed02122c  krb5-server-1.3.4-33.s390x.rpm
1441e757a4e8e58ca29e7270a86d28ef  krb5-workstation-1.3.4-33.s390x.rpm

x86_64:
7a3e83832f13a55c39a1ccc079a5c556  krb5-debuginfo-1.3.4-33.i386.rpm
ae306e728d14d34e3cf20aa9b979dcd9  krb5-debuginfo-1.3.4-33.x86_64.rpm
feada102b3dd0995e10f63e7c53ccf65  krb5-devel-1.3.4-33.x86_64.rpm
7650a2f59eb97b17b141804e28f09d44  krb5-libs-1.3.4-33.i386.rpm
368e23d9adef4244a67b2e1951d2b74b  krb5-libs-1.3.4-33.x86_64.rpm
e0d823bbf3a2cd51b3e918ab8d669355  krb5-server-1.3.4-33.x86_64.rpm
e1b4250df40a8d392f011b2c89f79966  krb5-workstation-1.3.4-33.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/krb5-1.3.4-33.src.rpm
cea37ecb1360d88c2fdc83f5419babc1  krb5-1.3.4-33.src.rpm

i386:
7a3e83832f13a55c39a1ccc079a5c556  krb5-debuginfo-1.3.4-33.i386.rpm
77b0759d3fcc4545c27f34d4e300cc16  krb5-devel-1.3.4-33.i386.rpm
7650a2f59eb97b17b141804e28f09d44  krb5-libs-1.3.4-33.i386.rpm
f3daae1ee3b0631b863635c375afe72a  krb5-server-1.3.4-33.i386.rpm
f6a4726c5d77d16ea2f0713c92f10bae  krb5-workstation-1.3.4-33.i386.rpm

x86_64:
7a3e83832f13a55c39a1ccc079a5c556  krb5-debuginfo-1.3.4-33.i386.rpm
ae306e728d14d34e3cf20aa9b979dcd9  krb5-debuginfo-1.3.4-33.x86_64.rpm
feada102b3dd0995e10f63e7c53ccf65  krb5-devel-1.3.4-33.x86_64.rpm
7650a2f59eb97b17b141804e28f09d44  krb5-libs-1.3.4-33.i386.rpm
368e23d9adef4244a67b2e1951d2b74b  krb5-libs-1.3.4-33.x86_64.rpm
e0d823bbf3a2cd51b3e918ab8d669355  krb5-server-1.3.4-33.x86_64.rpm
e1b4250df40a8d392f011b2c89f79966  krb5-workstation-1.3.4-33.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/krb5-1.3.4-33.src.rpm
cea37ecb1360d88c2fdc83f5419babc1  krb5-1.3.4-33.src.rpm

i386:
7a3e83832f13a55c39a1ccc079a5c556  krb5-debuginfo-1.3.4-33.i386.rpm
77b0759d3fcc4545c27f34d4e300cc16  krb5-devel-1.3.4-33.i386.rpm
7650a2f59eb97b17b141804e28f09d44  krb5-libs-1.3.4-33.i386.rpm
f3daae1ee3b0631b863635c375afe72a  krb5-server-1.3.4-33.i386.rpm
f6a4726c5d77d16ea2f0713c92f10bae  krb5-workstation-1.3.4-33.i386.rpm

ia64:
7a3e83832f13a55c39a1ccc079a5c556  krb5-debuginfo-1.3.4-33.i386.rpm
e4d6ec50ae455203023d5e55b0cca4da  krb5-debuginfo-1.3.4-33.ia64.rpm
5dc4a77a4b3c4492afa7f74e83d9f5d0  krb5-devel-1.3.4-33.ia64.rpm
7650a2f59eb97b17b141804e28f09d44  krb5-libs-1.3.4-33.i386.rpm
b15d34edd402823f6b5d1d1d0f013d8d  krb5-libs-1.3.4-33.ia64.rpm
ce76f409b19d6824f5d1fdda67c323ef  krb5-server-1.3.4-33.ia64.rpm
4ad475560c2723d011b6cf0faf8eca86  krb5-workstation-1.3.4-33.ia64.rpm

x86_64:
7a3e83832f13a55c39a1ccc079a5c556  krb5-debuginfo-1.3.4-33.i386.rpm
ae306e728d14d34e3cf20aa9b979dcd9  krb5-debuginfo-1.3.4-33.x86_64.rpm
feada102b3dd0995e10f63e7c53ccf65  krb5-devel-1.3.4-33.x86_64.rpm
7650a2f59eb97b17b141804e28f09d44  krb5-libs-1.3.4-33.i386.rpm
368e23d9adef4244a67b2e1951d2b74b  krb5-libs-1.3.4-33.x86_64.rpm
e0d823bbf3a2cd51b3e918ab8d669355  krb5-server-1.3.4-33.x86_64.rpm
e1b4250df40a8d392f011b2c89f79966  krb5-workstation-1.3.4-33.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/krb5-1.3.4-33.src.rpm
cea37ecb1360d88c2fdc83f5419babc1  krb5-1.3.4-33.src.rpm

i386:
7a3e83832f13a55c39a1ccc079a5c556  krb5-debuginfo-1.3.4-33.i386.rpm
77b0759d3fcc4545c27f34d4e300cc16  krb5-devel-1.3.4-33.i386.rpm
7650a2f59eb97b17b141804e28f09d44  krb5-libs-1.3.4-33.i386.rpm
f3daae1ee3b0631b863635c375afe72a  krb5-server-1.3.4-33.i386.rpm
f6a4726c5d77d16ea2f0713c92f10bae  krb5-workstation-1.3.4-33.i386.rpm

ia64:
7a3e83832f13a55c39a1ccc079a5c556  krb5-debuginfo-1.3.4-33.i386.rpm
e4d6ec50ae455203023d5e55b0cca4da  krb5-debuginfo-1.3.4-33.ia64.rpm
5dc4a77a4b3c4492afa7f74e83d9f5d0  krb5-devel-1.3.4-33.ia64.rpm
7650a2f59eb97b17b141804e28f09d44  krb5-libs-1.3.4-33.i386.rpm
b15d34edd402823f6b5d1d1d0f013d8d  krb5-libs-1.3.4-33.ia64.rpm
ce76f409b19d6824f5d1fdda67c323ef  krb5-server-1.3.4-33.ia64.rpm
4ad475560c2723d011b6cf0faf8eca86  krb5-workstation-1.3.4-33.ia64.rpm

x86_64:
7a3e83832f13a55c39a1ccc079a5c556  krb5-debuginfo-1.3.4-33.i386.rpm
ae306e728d14d34e3cf20aa9b979dcd9  krb5-debuginfo-1.3.4-33.x86_64.rpm
feada102b3dd0995e10f63e7c53ccf65  krb5-devel-1.3.4-33.x86_64.rpm
7650a2f59eb97b17b141804e28f09d44  krb5-libs-1.3.4-33.i386.rpm
368e23d9adef4244a67b2e1951d2b74b  krb5-libs-1.3.4-33.x86_64.rpm
e0d823bbf3a2cd51b3e918ab8d669355  krb5-server-1.3.4-33.x86_64.rpm
e1b4250df40a8d392f011b2c89f79966  krb5-workstation-1.3.4-33.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFE2PfZXlSAg2UNWIIRAg2MAKCYFff8ZalaDeqzTbFDsJEGpa6TiACdEbcq
VUZrQsbQp7YpoRNFPuIHXVQ=
=tAhZ
-----END PGP SIGNATURE-----

More information about the Enterprise-watch-list mailing list