[Technik] [SECURITY] [DSA 1276-1] New krb5 packages fix several vulnerabilities

Noèl Köthe noel at debian.org
Fri Apr 6 13:28:16 CEST 2007 

Am Dienstag, den 03.04.2007, 23:15 +0200 schrieb Moritz Muehlenhoff:

> Debian Security Advisory DSA 1276-1                    security at debian.org
> http://www.debian.org/security/                         Moritz Muehlenhoff
> April 3th, 2007                         http://www.debian.org/security/faq
> 
> Package        : krb5
> Vulnerability  : several
> Problem-Type   : remote
> Debian-specific: no
> CVE ID         : CVE-2007-0956 CVE-2007-0957 CVE-2007-1216

krb5 auf h01, h02, h03, h04, cupa und wasco aktualisiert.

> For the stable distribution (sarge) these problems have been fixed in
> version 1.3.6-2sarge4.

changelog:
krb5 (1.3.6-2sarge4) stable-security; urgency=emergency

  * MIT-SA-2007-1: telnet allows  login as an arbitrary user when
    presented with a specially crafted username; CVE-2007-0956
  * krb5_klog_syslog has a trivial buffer overflow that can be exploited
    by network data; CVE-2007-0957.  The upstream patch is very intrusive
    because it fixes each call to syslog to have proper length checking as
    well as the actual krb5_klog_syslog internals to use vsnprintf rather
    than vsprintf.  I have chosen to only include the change to
    krb5_klog_syslog for sarge.  This is sufficient to fix the problem but
    is much smaller and less intrusive.   (MIT-SA-2007-2)
  * MIT-SA-2007-3: The GSS-API library can cause a double free if
    applications treat certain errors decoding a message as errors that
    require freeing the output buffer.  At least the gssapi rpc library
    does this, so kadmind is vulnerable.    Fix the gssapi library because
    the spec allows applications to treat errors this way.  CVE-2007-1216

 -- Sam Hartman <hartmans at debian.org>  Sun, 11 Mar 2007 18:52:11 -0400

> For the upcoming stable distribution (etch) these problems have been fixed
> in version 1.4.4-7etch1.

yuma/cree changelog:
krb5 (1.4.4-7etch1) testing-security; urgency=emergency

  * MIT-SA-2007-1: telnet allows  login as an arbitrary user when
    presented with a specially crafted username; CVE-2007-0956
  * krb5_klog_syslog has a trivial buffer overflow that can be exploited
    by network data; CVE-2007-0957.  The upstream patch is very intrusive
    because it fixes each call to syslog to have proper length checking as
    well as the actual krb5_klog_syslog internals to use vsnprintf rather
    than vsprintf.  I have chosen to only include the change to
    krb5_klog_syslog for sarge.  This is sufficient to fix the problem but
    is much smaller and less intrusive.   (MIT-SA-2007-2)
  * MIT-SA-2007-3: The GSS-API library can cause a double free if
    applications treat certain errors decoding a message as errors that
    require freeing the output buffer.  At least the gssapi rpc library
    does this, so kadmind is vulnerable.    Fix the gssapi library because
    the spec allows applications to treat errors this way.  CVE-2007-1216
  * New Japanese translation, thanks TANAKA Atushi, Closes: #414382

 -- Sam Hartman <hartmans at debian.org>  Sun, 11 Mar 2007 19:08:52 -0400

-- 
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20070406/c7fd5c79/attachment.pgp

More information about the Technik mailing list