Debian alert DSA-543-1 (krb5)
| From: | joey@infodrom.org (Martin Schulze) | |
| To: | bugtraq@securityfocus.com | |
| Subject: | [SECURITY] [DSA 543-1] New krb5 packages fix several vulnerabilities | |
| Date: | Tue, 31 Aug 2004 19:11:20 +0200 (CEST) |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 543-1 security@debian.org http://www.debian.org/security/ Martin Schulze August 31st, 2004 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : krb5 Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-0642 CAN-2004-0643 CAN-2004-0644 CAN-2004-0772 CERT advisory : VU#795632 VU#866472 VU#550464 VU#350792 The MIT Kerberos Development Team has discovered a number of vulnerabilities in the MIT Kerberos Version 5 software. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CAN-2004-0642 [VU#795632] A double-free error may allow unauthenticated remote attackers to execute arbitrary code on KDC or clients. CAN-2004-0643 [VU#866472] Several double-free errors may allow authenticated attackers to execute arbitrary code on Kerberos application servers. CAN-2004-0644 [VU#550464] A remotely eploitable denial of service vulnerability has been found in the KDC and libraries. CAN-2004-0772 [VU#350792] Several double-free errors may allow remote attackers to execute arbitrary code on the server. This does not affect the version in woody. For the stable distribution (woody) these problems have been fixed in version 1.2.4-5woody6. For the unstable distribution (sid) these problems have been fixed in version 1.3.4-3. We recommend that you upgrade your krb5 packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/k/krb5/krb5_... Size/MD5 checksum: 750 ac9c3b7f0d3e5187c7e13cb4c3a4dc8a http://security.debian.org/pool/updates/main/k/krb5/krb5_... Size/MD5 checksum: 81598 913379c70d82a8229383a36cf0b4d77f http://security.debian.org/pool/updates/main/k/krb5/krb5_... Size/MD5 checksum: 5443051 663add9b5942be74a86fa860a3fa4167 Architecture independent components: http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 512766 d1fe8d1575287b2afd7a45c0dbae0ef5 Alpha architecture: http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 253608 8603d10da2d300e45ff67bd7cac1a5d6 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 217370 b4f44f5b653d3df770eea062bdeb2498 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 62880 a5d09242a0d5954214bda59f338d2b99 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 251970 489657290fa5204f08ec988cf8a0560c http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 76244 a3e9dce7bc89de97d5a6c9a035b7d909 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 58906 b78c904ed4dff722d2752a726b30b262 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 207342 3e96a9770f5219d8c674f8650414be55 http://security.debian.org/pool/updates/main/k/krb5/libka... Size/MD5 checksum: 83608 0d29998a8afed416a4bd3c5dee6396a9 http://security.debian.org/pool/updates/main/k/krb5/libkr... Size/MD5 checksum: 633124 9557407fc033ddd591e78df0ced731f2 http://security.debian.org/pool/updates/main/k/krb5/libkr... Size/MD5 checksum: 367242 149bebb9742b8d1647209a5c30d03bdb ARM architecture: http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 197104 bd754064fe97c177e7c9e5e0f046cf63 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 160404 63390af5be6576156fdd3830e00d5626 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 48606 eefb21731dc950aa8ad148216883a44d http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 198408 c2729cfa90b8f655f34da568a3ebc803 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 63506 805d9210508c5a423cb32bf26866c703 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 49192 a085a53b5e50fa5e5f1010dd037d4b71 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 165842 efa2619df8bb9385bbb49a33d3c8178e http://security.debian.org/pool/updates/main/k/krb5/libka... Size/MD5 checksum: 73324 7e6e9084e0d194590eb82e3dcb0943c0 http://security.debian.org/pool/updates/main/k/krb5/libkr... Size/MD5 checksum: 493068 f37d7fa8f15a7af6ed13cfa9c2d8a701 http://security.debian.org/pool/updates/main/k/krb5/libkr... Size/MD5 checksum: 294962 c97e9d358069ad98ec7fb0771b52dd30 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 179102 d11420d24cdc0d4613237a8fe83d5e01 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 152130 ec341bf00aed916fe9d45e05dd71b5a4 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 46160 3a09f707fbccb2e6d409866958cde8eb http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 178388 c1ce90707fa1f2cf8f7695c04fddb764 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 61144 8efda42613125215fed06202328da482 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 46432 95c352c0ad6fa0941c2b17c1a41d96d0 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 156406 db64d19e008e4e4948165408dbfccdbe http://security.debian.org/pool/updates/main/k/krb5/libka... Size/MD5 checksum: 71752 4bd872b9143b135425df4d9ae520d508 http://security.debian.org/pool/updates/main/k/krb5/libkr... Size/MD5 checksum: 433674 7d3f123c7b2d8021800e844f46942e8f http://security.debian.org/pool/updates/main/k/krb5/libkr... Size/MD5 checksum: 293454 1999f149b41a8d99fd1378d82c3e7a4e Intel IA-64 architecture: http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 322184 c370d49aaaa9af7e6a675a827e2f64c9 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 266360 44ec183d22418da592d6d19ea23bbb68 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 73530 dec8676e0aec415b9997c681c1787028 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 322148 4a402a5cc8943c25a8a7b5cf8ed8b639 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 91834 20faeb949b9a8ae856c82cf55ab3ab6b http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 70482 ebbc992bada546922aa57ca184343b47 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 256068 a13a696aec6972d80324fa9efb8679d8 http://security.debian.org/pool/updates/main/k/krb5/libka... Size/MD5 checksum: 107214 76294f8a872e37633198bdb5e94e3898 http://security.debian.org/pool/updates/main/k/krb5/libkr... Size/MD5 checksum: 705500 f1ba029421709d98e6aa423e2f573d0e http://security.debian.org/pool/updates/main/k/krb5/libkr... Size/MD5 checksum: 474648 96b244e8b34976f164e36303c012dcec HP Precision architecture: http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 214458 8c48524b63dcdf52277ff14d89c48b66 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 189702 601bb249f6f3fbed88b2a4503ea58887 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 53860 3fccc0b2d873e152f82261f8f72d1367 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 213930 e4fbfff502607fae70b662e92c72e0f9 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 68592 8368406da4509ebf7352ffba5b2551d6 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 55692 179c48b8240ae0e6acb33d4fc78bbec1 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 182868 6fbeb34da8433d3d5bc40bf234e8b5e8 http://security.debian.org/pool/updates/main/k/krb5/libka... Size/MD5 checksum: 84822 dbea51aac58e82c349d3c4175b8a26fe http://security.debian.org/pool/updates/main/k/krb5/libkr... Size/MD5 checksum: 557692 1a9ffef5852992690611240068927926 http://security.debian.org/pool/updates/main/k/krb5/libkr... Size/MD5 checksum: 361958 be64b64d90d9becf26fb3cff4733c850 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 164184 3b2e8e114f38e42a3ad3a00753885a92 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 144682 df4087c48b4498a02952a8ef6eb8067b http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 44308 c08e47ea2c8f4b343ec226fac2e80dac http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 163902 07539c1abc32983b08b7daf6a4f7cdd6 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 56838 ef970b995d8e45560e16f0c12a024aff http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 44628 150196caa13aac7658f1329e75135891 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 145966 c28052612efd159617790a1aa3b0e76a http://security.debian.org/pool/updates/main/k/krb5/libka... Size/MD5 checksum: 69760 887174300de4016d12e07ef6b9daa8ef http://security.debian.org/pool/updates/main/k/krb5/libkr... Size/MD5 checksum: 408702 b1839eee1df0f6ef404b05a749128ea8 http://security.debian.org/pool/updates/main/k/krb5/libkr... Size/MD5 checksum: 277046 e45a5c7dc4cb1212b217ad9ae0aed680 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 206544 ebdc1bebbc641c5a53039a3fcb4fa4f4 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 191090 db1679f7b7149316126b5ea81bef57a0 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 53304 ee4c9fe07db159acf8a1a6e27d23af6c http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 209558 495aad87af9922d422d88fe84731d09a http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 66396 65682abac3f3c01968a474053685e4d8 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 54866 d5c93e6b91f864b799cd7a2a99b342fd http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 175278 4604b92785a65e75ed23c50b3407f771 http://security.debian.org/pool/updates/main/k/krb5/libka... Size/MD5 checksum: 71996 bff40fc321c4cae9c3a93845b5423cf1 http://security.debian.org/pool/updates/main/k/krb5/libkr... Size/MD5 checksum: 541250 f831cda17c7e09e8b67c7554bc613b60 http://security.debian.org/pool/updates/main/k/krb5/libkr... Size/MD5 checksum: 308292 b4582479cd2364cfae3eea77577072f7 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 210652 33c19fbfce4cc15976a8e1d0010f3bb5 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 190812 3d33b0ee50e9cf54d598e8db6335bdc6 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 53496 3ee11c426a2877abe4e52ffc26361d3c http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 213172 60bfc45d4e98b6a4fcefea365eddcba5 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 66734 6a4bbc6d939246690068bec073bb110c http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 54738 ba4ae70337671a364805048f185746c5 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 177100 da428e631537fbcfcff676c9e74d9ffb http://security.debian.org/pool/updates/main/k/krb5/libka... Size/MD5 checksum: 71802 343446e1eee3e55f431a32bda22bf65c http://security.debian.org/pool/updates/main/k/krb5/libkr... Size/MD5 checksum: 541324 d50e3ab3fb2eb336ccfeb2e11b108bc0 http://security.debian.org/pool/updates/main/k/krb5/libkr... Size/MD5 checksum: 306984 4dfc580461b9b361497041c737c27241 PowerPC architecture: http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 188236 c57636a24bad474e17adecbb630b3313 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 163936 e60810e54adcd83d7f4a3e104ab8f79a http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 49158 25b464d12a8f17fc6035643fd0f8ef59 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 189318 de66be91801bc2cab96f44a7e4cd00d7 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 62512 221b6977a950f09462cdaec5cd831717 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 49118 1cf91914293306cc903c9c524f0692bb http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 162590 7fde6ff1a31817535ef511bf478fc8dc http://security.debian.org/pool/updates/main/k/krb5/libka... Size/MD5 checksum: 73736 6d7bab2375bd28e01addfcea924d691c http://security.debian.org/pool/updates/main/k/krb5/libkr... Size/MD5 checksum: 490588 51f50c1d2739e368dfe868da6b8940a1 http://security.debian.org/pool/updates/main/k/krb5/libkr... Size/MD5 checksum: 303354 4bdb3ffc5c3958c96fd732832e118176 IBM S/390 architecture: http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 189108 5921c17d311905cdee11a276820bc8dc http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 166216 7c3da30e38aae6797f5aa2e37f97737a http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 50098 79489f66aeeaff0002c248c16c810168 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 190424 ff53903e68084010566b3521f3f0bbc8 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 66888 883d8aeb0f8eccf8ab481c9f7084d06b http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 50064 b1b243f9272e76b58172e770d5516055 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 164196 c782d0f35a16cc5519265b3f5daea2af http://security.debian.org/pool/updates/main/k/krb5/libka... Size/MD5 checksum: 76286 b71917b2a71a6bfd8c4dd669e8bb8213 http://security.debian.org/pool/updates/main/k/krb5/libkr... Size/MD5 checksum: 453112 348f85f633bc76b1b3d2352f9c74e2db http://security.debian.org/pool/updates/main/k/krb5/libkr... Size/MD5 checksum: 319462 fa95c685010c25fdbdd0fa7edd844aee Sun Sparc architecture: http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 183226 37012c1c58e216f6b9943439183ad520 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 172820 b2919342dec99991257c54580756ea4f http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 49572 f93fb8ce382307afb5b902b9f3805299 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 184134 73e6ae9febbdf9add8b407e74ff4b4e7 http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 64184 52dcd6dfd0078e75241feb10ce62876a http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 49560 3734b8c93cd06c65a0ba094679cd33ae http://security.debian.org/pool/updates/main/k/krb5/krb5-... Size/MD5 checksum: 159332 46fc4ae6ac3a19ff018e19b572d98e45 http://security.debian.org/pool/updates/main/k/krb5/libka... Size/MD5 checksum: 73096 c109c7ad61d11d9d7ba0fe5dcbb819cb http://security.debian.org/pool/updates/main/k/krb5/libkr... Size/MD5 checksum: 462712 848372a1fa3fc9a5a902147f7dacf354 http://security.debian.org/pool/updates/main/k/krb5/libkr... Size/MD5 checksum: 301200 80c2b5d6f5f1864e5018bcfa50b9857b These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBNLE3W5ql+IAeqTIRAuIrAKCxVgbi2wZUpBY9cUQ5hjmAALksKQCfSb/Z Jm2xEUJkK9cVa4aUhJFIo2c= =EPcf -----END PGP SIGNATURE-----
(Log in to post comments)