lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1DGV3F-0007rx-I2@updates.mandrakesoft.com>
Date: Tue, 29 Mar 2005 21:43:33 -0700
From: Mandrakelinux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:061 - Updated krb5 packages fix telnet client vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           krb5
 Advisory ID:            MDKSA-2005:061
 Date:                   March 29th, 2005

 Affected versions:	 10.0, 10.1, Corporate 3.0,
			 Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Two buffer overflow issues were discovered in the way telnet clients
 handle messages from a server.  Because of these issues, an attacker
 may be able to execute arbitray code on the victim's machine if the
 victim can be tricked into connecting to a malicious telnet server.
 The Kerberos package contains a telnet client and is patched to deal
 with these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469
  http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-001-telnet.txt
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 d216766af945b3213fa495721eed9457  10.0/RPMS/ftp-client-krb5-1.3-6.5.100mdk.i586.rpm
 4655dcb4b78bbdb435b07647516197a6  10.0/RPMS/ftp-server-krb5-1.3-6.5.100mdk.i586.rpm
 4875bd7e3527e46a14d03715981debd1  10.0/RPMS/krb5-server-1.3-6.5.100mdk.i586.rpm
 a56ef2f2bdf568b60b1755edf5bf029d  10.0/RPMS/krb5-workstation-1.3-6.5.100mdk.i586.rpm
 83810da26099bef4f9f62dda0bfaac25  10.0/RPMS/libkrb51-1.3-6.5.100mdk.i586.rpm
 f8ddb6ad7c7c00b73705deb466ec6bd6  10.0/RPMS/libkrb51-devel-1.3-6.5.100mdk.i586.rpm
 61d0f706174d181aa85c50e20f6fb5c8  10.0/RPMS/telnet-client-krb5-1.3-6.5.100mdk.i586.rpm
 79e059ee2cc3d074a20b91ce7143ac81  10.0/RPMS/telnet-server-krb5-1.3-6.5.100mdk.i586.rpm
 ec23fa86417932cf45135d0893f0c110  10.0/SRPMS/krb5-1.3-6.5.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 26c8933dd197c552b0f7ea1df7bae8a8  amd64/10.0/RPMS/ftp-client-krb5-1.3-6.5.100mdk.amd64.rpm
 4bde97f1286a8dafa48ee43f4302f193  amd64/10.0/RPMS/ftp-server-krb5-1.3-6.5.100mdk.amd64.rpm
 fdaa11624a29da312e3924016469eefc  amd64/10.0/RPMS/krb5-server-1.3-6.5.100mdk.amd64.rpm
 33d0343e61194c4bb0229df79e6fed26  amd64/10.0/RPMS/krb5-workstation-1.3-6.5.100mdk.amd64.rpm
 828b1af5ad010a37732e37f8007bbc47  amd64/10.0/RPMS/lib64krb51-1.3-6.5.100mdk.amd64.rpm
 b3e0ecc91df33626c4122ab1fb3d0ea9  amd64/10.0/RPMS/lib64krb51-devel-1.3-6.5.100mdk.amd64.rpm
 068087c8e22ebff7328b2a9ade91a9bc  amd64/10.0/RPMS/telnet-client-krb5-1.3-6.5.100mdk.amd64.rpm
 a263757976186907b1a2645fbe315e0e  amd64/10.0/RPMS/telnet-server-krb5-1.3-6.5.100mdk.amd64.rpm
 ec23fa86417932cf45135d0893f0c110  amd64/10.0/SRPMS/krb5-1.3-6.5.100mdk.src.rpm

 Mandrakelinux 10.1:
 819e71fe8e2830787b2e808455b02821  10.1/RPMS/ftp-client-krb5-1.3.4-2.2.101mdk.i586.rpm
 3a48e58ff59a5712778242d376741386  10.1/RPMS/ftp-server-krb5-1.3.4-2.2.101mdk.i586.rpm
 ba2b20121bc71355e6c8107c69cbf0d0  10.1/RPMS/krb5-server-1.3.4-2.2.101mdk.i586.rpm
 f7aeec8d096cd901112e5d2200de456f  10.1/RPMS/krb5-workstation-1.3.4-2.2.101mdk.i586.rpm
 29049325af00777f56ec2f28cd8db39a  10.1/RPMS/libkrb53-1.3.4-2.2.101mdk.i586.rpm
 2adb15276ecbf76e60d851999fab9a1d  10.1/RPMS/libkrb53-devel-1.3.4-2.2.101mdk.i586.rpm
 caf892a19e7be7e745ef8e9aa75789c0  10.1/RPMS/telnet-client-krb5-1.3.4-2.2.101mdk.i586.rpm
 7bc66dfe0330642b5d75fdd34f7b06e5  10.1/RPMS/telnet-server-krb5-1.3.4-2.2.101mdk.i586.rpm
 10b2b7dbc3d5f8cc59c89603d295cfaf  10.1/SRPMS/krb5-1.3.4-2.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 23d8a6b17b39f9381e9b0dd7793ab7b8  x86_64/10.1/RPMS/ftp-client-krb5-1.3.4-2.2.101mdk.x86_64.rpm
 a008345d73abf100b15cad0087f01072  x86_64/10.1/RPMS/ftp-server-krb5-1.3.4-2.2.101mdk.x86_64.rpm
 18a341812ca08af8bd5c494db3ec5ff3  x86_64/10.1/RPMS/krb5-server-1.3.4-2.2.101mdk.x86_64.rpm
 28714dcb521545d74438c91ab3794815  x86_64/10.1/RPMS/krb5-workstation-1.3.4-2.2.101mdk.x86_64.rpm
 035cba17cbc35bd3d822d3758a2698dd  x86_64/10.1/RPMS/lib64krb53-1.3.4-2.2.101mdk.x86_64.rpm
 fc77f44380cfdd2bd1819e8bd8492561  x86_64/10.1/RPMS/lib64krb53-devel-1.3.4-2.2.101mdk.x86_64.rpm
 90f2d0b38cbf9af1d587972cc68d1d6d  x86_64/10.1/RPMS/telnet-client-krb5-1.3.4-2.2.101mdk.x86_64.rpm
 826a853d8dc641bd8bfb28199bbaa64a  x86_64/10.1/RPMS/telnet-server-krb5-1.3.4-2.2.101mdk.x86_64.rpm
 10b2b7dbc3d5f8cc59c89603d295cfaf  x86_64/10.1/SRPMS/krb5-1.3.4-2.2.101mdk.src.rpm

 Corporate Server 2.1:
 486bdb41d4354eed4fcf58eb52a82fa9  corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.9.C21mdk.i586.rpm
 55cc181680ac84751723deb93719decc  corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.9.C21mdk.i586.rpm
 c98550fca5f3eeeabf62a86ddbf92a07  corporate/2.1/RPMS/krb5-devel-1.2.5-1.9.C21mdk.i586.rpm
 b8bb87ae54bdb56458c3388fecb63d6f  corporate/2.1/RPMS/krb5-libs-1.2.5-1.9.C21mdk.i586.rpm
 b8763fea4c3c156938ba784a3edf51b9  corporate/2.1/RPMS/krb5-server-1.2.5-1.9.C21mdk.i586.rpm
 e6a0318b748f65a0507f8c16bc23dc49  corporate/2.1/RPMS/krb5-workstation-1.2.5-1.9.C21mdk.i586.rpm
 327c046ca43c40ab9794398f20a5b38f  corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.9.C21mdk.i586.rpm
 a82c3b4f9eb67504899c5f3f281d9fe5  corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.9.C21mdk.i586.rpm
 259065ab96525bc8d7b77d4c25e13f4b  corporate/2.1/SRPMS/krb5-1.2.5-1.9.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 f6d4eff2a3feb87000460ca695bd51de  x86_64/corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.9.C21mdk.x86_64.rpm
 255d0bc8c3244b27431d226d4999f6d6  x86_64/corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.9.C21mdk.x86_64.rpm
 240f422fe36e908fcb26e90f9170fbc3  x86_64/corporate/2.1/RPMS/krb5-devel-1.2.5-1.9.C21mdk.x86_64.rpm
 772fed2dada99bd8d2ac4643731cf739  x86_64/corporate/2.1/RPMS/krb5-libs-1.2.5-1.9.C21mdk.x86_64.rpm
 26b555deaeced633f99b388c9e03e18b  x86_64/corporate/2.1/RPMS/krb5-server-1.2.5-1.9.C21mdk.x86_64.rpm
 e2f5e23567066ef2546f7c2ce9e1cd8f  x86_64/corporate/2.1/RPMS/krb5-workstation-1.2.5-1.9.C21mdk.x86_64.rpm
 45279cc9a731458a3720a38c99e6f4c3  x86_64/corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.9.C21mdk.x86_64.rpm
 214b7f27352dc9ebf55633422f9572cc  x86_64/corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.9.C21mdk.x86_64.rpm
 259065ab96525bc8d7b77d4c25e13f4b  x86_64/corporate/2.1/SRPMS/krb5-1.2.5-1.9.C21mdk.src.rpm

 Corporate 3.0:
 28d851910a75805853c5c39cba4fffea  corporate/3.0/RPMS/ftp-client-krb5-1.3-6.5.C30mdk.i586.rpm
 ac605c26e631edf484d62d8d97ddda69  corporate/3.0/RPMS/ftp-server-krb5-1.3-6.5.C30mdk.i586.rpm
 c666ec50bdf3a3044ef0f7248ee8e56e  corporate/3.0/RPMS/krb5-server-1.3-6.5.C30mdk.i586.rpm
 e7713877b0e4a4fa6ec709b9fd5e702b  corporate/3.0/RPMS/krb5-workstation-1.3-6.5.C30mdk.i586.rpm
 bb77997163c45e09fc31b15d46139525  corporate/3.0/RPMS/libkrb51-1.3-6.5.C30mdk.i586.rpm
 283c5da56f61674465641cfb354dc491  corporate/3.0/RPMS/libkrb51-devel-1.3-6.5.C30mdk.i586.rpm
 405188eb42b03830b8b11c63e36cda97  corporate/3.0/RPMS/telnet-client-krb5-1.3-6.5.C30mdk.i586.rpm
 0d4f11a5eb627b9e67781d0497cfadb4  corporate/3.0/RPMS/telnet-server-krb5-1.3-6.5.C30mdk.i586.rpm
 c38d8569fd587baf9f7d45db41fe5c93  corporate/3.0/SRPMS/krb5-1.3-6.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 405fd1d117ce34ce2ed7c19f3fc0f014  x86_64/corporate/3.0/RPMS/ftp-client-krb5-1.3-6.5.C30mdk.x86_64.rpm
 e6b5b0dd59bc08bfd1459ce4857a7776  x86_64/corporate/3.0/RPMS/ftp-server-krb5-1.3-6.5.C30mdk.x86_64.rpm
 22b5a0f8b3c83ddb3231ea7ce4fbc736  x86_64/corporate/3.0/RPMS/krb5-server-1.3-6.5.C30mdk.x86_64.rpm
 1027fec85d3450f7b2144d1578f4b0f6  x86_64/corporate/3.0/RPMS/krb5-workstation-1.3-6.5.C30mdk.x86_64.rpm
 96113ec9be72c272cdfeddcd6c2328ad  x86_64/corporate/3.0/RPMS/lib64krb51-1.3-6.5.C30mdk.x86_64.rpm
 733bfb924f9f743d6c9a303e2d6b6ece  x86_64/corporate/3.0/RPMS/lib64krb51-devel-1.3-6.5.C30mdk.x86_64.rpm
 5970d9cd024f5397d985acada35fffcd  x86_64/corporate/3.0/RPMS/telnet-client-krb5-1.3-6.5.C30mdk.x86_64.rpm
 c856eeb8859708c5345a5a19506a3a89  x86_64/corporate/3.0/RPMS/telnet-server-krb5-1.3-6.5.C30mdk.x86_64.rpm
 c38d8569fd587baf9f7d45db41fe5c93  x86_64/corporate/3.0/SRPMS/krb5-1.3-6.5.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCSi51mqjQ0CJFipgRAqwvAKDGGsfIY71sgXy+32G8S+MmbcoAEQCfRXSl
bMknFu0Bau5M1KAiLQI8mVE=
=rQTg
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists