From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------- Debian Security Advisory DSA-1766-1
[email protected] http://www.debian.org/security/ Nico Golde April 9th, 2009
http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : krb5
Vulnerability : several
Problem type : local/remote
Debian-specific: no
CVE IDs : CVE-2009-0844, CVE-2009-0845, CVE-2009-0847, CVE-2009-0846 Debian Bug : none
Several vulnerabilities have been found in the MIT reference implementation
of Kerberos V5, a system for authenticating users and services on a network. The Common Vulnerabilities and Exposures project identified the following problems:
The Apple Product Security team discovered that the SPNEGO GSS-API mechanism suffers of a missing bounds check when reading a network input buffer which results in an invalid read crashing the application or possibly leaking information (CVE-2009-0844).
Under certain conditions the SPNEGO GSS-API mechanism references a null pointer which crashes the application using the library (CVE-2009-0845).
An incorrect length check inside the ASN.1 decoder of the MIT krb5 implementation allows an unauthenticated remote attacker to crash of the kinit or KDC program (CVE-2009-0847).
Under certain conditions the the ASN.1 decoder of the MIT krb5 implementation frees an uninitialized pointer which could lead to denial of service and possibly arbitrary code execution (CVE-2009-0846).
For the oldstable distribution (etch), this problem has been fixed in
version 1.4.4-7etch7.
For the stable distribution (lenny), this problem has been fixed in
version 1.6.dfsg.4~beta1-5lenny1.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 1.6.dfsg.4~beta1-13.
We recommend that you upgrade your krb5 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch7.dsc
Size/MD5 checksum: 884 f5b01a80978a9f2a9afd71791db8df78
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch7.diff.gz
Size/MD5 checksum: 1589606 75ed739c4c9b5df2541c52c9464baa05
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4.orig.tar.gz
Size/MD5 checksum: 11017910 a675e5953bb8a29b5c6eb6f4ab0bb32a
Architecture independent packages:
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.4.4-7etch7_all.deb
Size/MD5 checksum: 1806494 c00e02b0993697516bb724b56c2974e1
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch7_alpha.deb
Size/MD5 checksum: 76142 74df50336a1ca446127f29a295444251
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch7_alpha.deb
Size/MD5 checksum: 216248 343544552ce857d0d0c0de04bc2e54c4
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch7_alpha.deb
Size/MD5 checksum: 136734 216bdba877619b34b3365f097dc92408
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch7_alpha.deb
Size/MD5 checksum: 1088500 d38b99163b9ef567ac99d86d594b5535
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch7_alpha.deb
Size/MD5 checksum: 245770 2ca0a02f0e3c01475c976ea1f60ff0b1
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch7_alpha.deb
Size/MD5 checksum: 155448 75d7821f443f5fe8c2eba3ddb20e8632
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch7_alpha.deb
Size/MD5 checksum: 461432 819fed830b782731973509010b1e9167
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch7_alpha.deb
Size/MD5 checksum: 92210 d7201b4ea9fe3ce34866244da922cb9e
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch7_alpha.deb
Size/MD5 checksum: 1017228 a5d1e1d9ed834070463dcc436a3f9f2b
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch7_alpha.deb
Size/MD5 checksum: 89400 286af93b67b793dc280045a070dfeb9d
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch7_alpha.deb
Size/MD5 checksum: 66236 316c395c3e7861ff00fa2bfc4fbbc8db
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch7_amd64.deb
Size/MD5 checksum: 190516 22eee5850acf598deb4f747f7e948348
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch7_amd64.deb
Size/MD5 checksum: 426596 3556af9f05c9cf1a04427ccb10992ded
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch7_amd64.deb
Size/MD5 checksum: 222428 e18ffe5ec72863eb060a55a08f40f1df
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch7_amd64.deb
Size/MD5 checksum: 129968 89da4c40b5094b3e1ff51f27caf7b340
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch7_amd64.deb
Size/MD5 checksum: 1073102 cce7b289ac3b24fe08d3e8a05cfd1599
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)