lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <E1DGV3F-0007rx-I2@updates.mandrakesoft.com> Date: Tue, 29 Mar 2005 21:43:33 -0700 From: Mandrakelinux Security Team <security@...ux-mandrake.com> To: bugtraq@...urityfocus.com Subject: MDKSA-2005:061 - Updated krb5 packages fix telnet client vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandrakelinux Security Update Advisory _______________________________________________________________________ Package name: krb5 Advisory ID: MDKSA-2005:061 Date: March 29th, 2005 Affected versions: 10.0, 10.1, Corporate 3.0, Corporate Server 2.1 ______________________________________________________________________ Problem Description: Two buffer overflow issues were discovered in the way telnet clients handle messages from a server. Because of these issues, an attacker may be able to execute arbitray code on the victim's machine if the victim can be tricked into connecting to a malicious telnet server. The Kerberos package contains a telnet client and is patched to deal with these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-001-telnet.txt ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: d216766af945b3213fa495721eed9457 10.0/RPMS/ftp-client-krb5-1.3-6.5.100mdk.i586.rpm 4655dcb4b78bbdb435b07647516197a6 10.0/RPMS/ftp-server-krb5-1.3-6.5.100mdk.i586.rpm 4875bd7e3527e46a14d03715981debd1 10.0/RPMS/krb5-server-1.3-6.5.100mdk.i586.rpm a56ef2f2bdf568b60b1755edf5bf029d 10.0/RPMS/krb5-workstation-1.3-6.5.100mdk.i586.rpm 83810da26099bef4f9f62dda0bfaac25 10.0/RPMS/libkrb51-1.3-6.5.100mdk.i586.rpm f8ddb6ad7c7c00b73705deb466ec6bd6 10.0/RPMS/libkrb51-devel-1.3-6.5.100mdk.i586.rpm 61d0f706174d181aa85c50e20f6fb5c8 10.0/RPMS/telnet-client-krb5-1.3-6.5.100mdk.i586.rpm 79e059ee2cc3d074a20b91ce7143ac81 10.0/RPMS/telnet-server-krb5-1.3-6.5.100mdk.i586.rpm ec23fa86417932cf45135d0893f0c110 10.0/SRPMS/krb5-1.3-6.5.100mdk.src.rpm Mandrakelinux 10.0/AMD64: 26c8933dd197c552b0f7ea1df7bae8a8 amd64/10.0/RPMS/ftp-client-krb5-1.3-6.5.100mdk.amd64.rpm 4bde97f1286a8dafa48ee43f4302f193 amd64/10.0/RPMS/ftp-server-krb5-1.3-6.5.100mdk.amd64.rpm fdaa11624a29da312e3924016469eefc amd64/10.0/RPMS/krb5-server-1.3-6.5.100mdk.amd64.rpm 33d0343e61194c4bb0229df79e6fed26 amd64/10.0/RPMS/krb5-workstation-1.3-6.5.100mdk.amd64.rpm 828b1af5ad010a37732e37f8007bbc47 amd64/10.0/RPMS/lib64krb51-1.3-6.5.100mdk.amd64.rpm b3e0ecc91df33626c4122ab1fb3d0ea9 amd64/10.0/RPMS/lib64krb51-devel-1.3-6.5.100mdk.amd64.rpm 068087c8e22ebff7328b2a9ade91a9bc amd64/10.0/RPMS/telnet-client-krb5-1.3-6.5.100mdk.amd64.rpm a263757976186907b1a2645fbe315e0e amd64/10.0/RPMS/telnet-server-krb5-1.3-6.5.100mdk.amd64.rpm ec23fa86417932cf45135d0893f0c110 amd64/10.0/SRPMS/krb5-1.3-6.5.100mdk.src.rpm Mandrakelinux 10.1: 819e71fe8e2830787b2e808455b02821 10.1/RPMS/ftp-client-krb5-1.3.4-2.2.101mdk.i586.rpm 3a48e58ff59a5712778242d376741386 10.1/RPMS/ftp-server-krb5-1.3.4-2.2.101mdk.i586.rpm ba2b20121bc71355e6c8107c69cbf0d0 10.1/RPMS/krb5-server-1.3.4-2.2.101mdk.i586.rpm f7aeec8d096cd901112e5d2200de456f 10.1/RPMS/krb5-workstation-1.3.4-2.2.101mdk.i586.rpm 29049325af00777f56ec2f28cd8db39a 10.1/RPMS/libkrb53-1.3.4-2.2.101mdk.i586.rpm 2adb15276ecbf76e60d851999fab9a1d 10.1/RPMS/libkrb53-devel-1.3.4-2.2.101mdk.i586.rpm caf892a19e7be7e745ef8e9aa75789c0 10.1/RPMS/telnet-client-krb5-1.3.4-2.2.101mdk.i586.rpm 7bc66dfe0330642b5d75fdd34f7b06e5 10.1/RPMS/telnet-server-krb5-1.3.4-2.2.101mdk.i586.rpm 10b2b7dbc3d5f8cc59c89603d295cfaf 10.1/SRPMS/krb5-1.3.4-2.2.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 23d8a6b17b39f9381e9b0dd7793ab7b8 x86_64/10.1/RPMS/ftp-client-krb5-1.3.4-2.2.101mdk.x86_64.rpm a008345d73abf100b15cad0087f01072 x86_64/10.1/RPMS/ftp-server-krb5-1.3.4-2.2.101mdk.x86_64.rpm 18a341812ca08af8bd5c494db3ec5ff3 x86_64/10.1/RPMS/krb5-server-1.3.4-2.2.101mdk.x86_64.rpm 28714dcb521545d74438c91ab3794815 x86_64/10.1/RPMS/krb5-workstation-1.3.4-2.2.101mdk.x86_64.rpm 035cba17cbc35bd3d822d3758a2698dd x86_64/10.1/RPMS/lib64krb53-1.3.4-2.2.101mdk.x86_64.rpm fc77f44380cfdd2bd1819e8bd8492561 x86_64/10.1/RPMS/lib64krb53-devel-1.3.4-2.2.101mdk.x86_64.rpm 90f2d0b38cbf9af1d587972cc68d1d6d x86_64/10.1/RPMS/telnet-client-krb5-1.3.4-2.2.101mdk.x86_64.rpm 826a853d8dc641bd8bfb28199bbaa64a x86_64/10.1/RPMS/telnet-server-krb5-1.3.4-2.2.101mdk.x86_64.rpm 10b2b7dbc3d5f8cc59c89603d295cfaf x86_64/10.1/SRPMS/krb5-1.3.4-2.2.101mdk.src.rpm Corporate Server 2.1: 486bdb41d4354eed4fcf58eb52a82fa9 corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.9.C21mdk.i586.rpm 55cc181680ac84751723deb93719decc corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.9.C21mdk.i586.rpm c98550fca5f3eeeabf62a86ddbf92a07 corporate/2.1/RPMS/krb5-devel-1.2.5-1.9.C21mdk.i586.rpm b8bb87ae54bdb56458c3388fecb63d6f corporate/2.1/RPMS/krb5-libs-1.2.5-1.9.C21mdk.i586.rpm b8763fea4c3c156938ba784a3edf51b9 corporate/2.1/RPMS/krb5-server-1.2.5-1.9.C21mdk.i586.rpm e6a0318b748f65a0507f8c16bc23dc49 corporate/2.1/RPMS/krb5-workstation-1.2.5-1.9.C21mdk.i586.rpm 327c046ca43c40ab9794398f20a5b38f corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.9.C21mdk.i586.rpm a82c3b4f9eb67504899c5f3f281d9fe5 corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.9.C21mdk.i586.rpm 259065ab96525bc8d7b77d4c25e13f4b corporate/2.1/SRPMS/krb5-1.2.5-1.9.C21mdk.src.rpm Corporate Server 2.1/X86_64: f6d4eff2a3feb87000460ca695bd51de x86_64/corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.9.C21mdk.x86_64.rpm 255d0bc8c3244b27431d226d4999f6d6 x86_64/corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.9.C21mdk.x86_64.rpm 240f422fe36e908fcb26e90f9170fbc3 x86_64/corporate/2.1/RPMS/krb5-devel-1.2.5-1.9.C21mdk.x86_64.rpm 772fed2dada99bd8d2ac4643731cf739 x86_64/corporate/2.1/RPMS/krb5-libs-1.2.5-1.9.C21mdk.x86_64.rpm 26b555deaeced633f99b388c9e03e18b x86_64/corporate/2.1/RPMS/krb5-server-1.2.5-1.9.C21mdk.x86_64.rpm e2f5e23567066ef2546f7c2ce9e1cd8f x86_64/corporate/2.1/RPMS/krb5-workstation-1.2.5-1.9.C21mdk.x86_64.rpm 45279cc9a731458a3720a38c99e6f4c3 x86_64/corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.9.C21mdk.x86_64.rpm 214b7f27352dc9ebf55633422f9572cc x86_64/corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.9.C21mdk.x86_64.rpm 259065ab96525bc8d7b77d4c25e13f4b x86_64/corporate/2.1/SRPMS/krb5-1.2.5-1.9.C21mdk.src.rpm Corporate 3.0: 28d851910a75805853c5c39cba4fffea corporate/3.0/RPMS/ftp-client-krb5-1.3-6.5.C30mdk.i586.rpm ac605c26e631edf484d62d8d97ddda69 corporate/3.0/RPMS/ftp-server-krb5-1.3-6.5.C30mdk.i586.rpm c666ec50bdf3a3044ef0f7248ee8e56e corporate/3.0/RPMS/krb5-server-1.3-6.5.C30mdk.i586.rpm e7713877b0e4a4fa6ec709b9fd5e702b corporate/3.0/RPMS/krb5-workstation-1.3-6.5.C30mdk.i586.rpm bb77997163c45e09fc31b15d46139525 corporate/3.0/RPMS/libkrb51-1.3-6.5.C30mdk.i586.rpm 283c5da56f61674465641cfb354dc491 corporate/3.0/RPMS/libkrb51-devel-1.3-6.5.C30mdk.i586.rpm 405188eb42b03830b8b11c63e36cda97 corporate/3.0/RPMS/telnet-client-krb5-1.3-6.5.C30mdk.i586.rpm 0d4f11a5eb627b9e67781d0497cfadb4 corporate/3.0/RPMS/telnet-server-krb5-1.3-6.5.C30mdk.i586.rpm c38d8569fd587baf9f7d45db41fe5c93 corporate/3.0/SRPMS/krb5-1.3-6.5.C30mdk.src.rpm Corporate 3.0/X86_64: 405fd1d117ce34ce2ed7c19f3fc0f014 x86_64/corporate/3.0/RPMS/ftp-client-krb5-1.3-6.5.C30mdk.x86_64.rpm e6b5b0dd59bc08bfd1459ce4857a7776 x86_64/corporate/3.0/RPMS/ftp-server-krb5-1.3-6.5.C30mdk.x86_64.rpm 22b5a0f8b3c83ddb3231ea7ce4fbc736 x86_64/corporate/3.0/RPMS/krb5-server-1.3-6.5.C30mdk.x86_64.rpm 1027fec85d3450f7b2144d1578f4b0f6 x86_64/corporate/3.0/RPMS/krb5-workstation-1.3-6.5.C30mdk.x86_64.rpm 96113ec9be72c272cdfeddcd6c2328ad x86_64/corporate/3.0/RPMS/lib64krb51-1.3-6.5.C30mdk.x86_64.rpm 733bfb924f9f743d6c9a303e2d6b6ece x86_64/corporate/3.0/RPMS/lib64krb51-devel-1.3-6.5.C30mdk.x86_64.rpm 5970d9cd024f5397d985acada35fffcd x86_64/corporate/3.0/RPMS/telnet-client-krb5-1.3-6.5.C30mdk.x86_64.rpm c856eeb8859708c5345a5a19506a3a89 x86_64/corporate/3.0/RPMS/telnet-server-krb5-1.3-6.5.C30mdk.x86_64.rpm c38d8569fd587baf9f7d45db41fe5c93 x86_64/corporate/3.0/SRPMS/krb5-1.3-6.5.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCSi51mqjQ0CJFipgRAqwvAKDGGsfIY71sgXy+32G8S+MmbcoAEQCfRXSl bMknFu0Bau5M1KAiLQI8mVE= =rQTg -----END PGP SIGNATURE-----
Powered by blists - more mailing lists