Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 2031-1] New krb5 packages fix denial of service (1/4)

From Giuseppe Iuculano@1:229/2 to All on Sun Apr 11 10:50:01 2010

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-2031-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano
April 11, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : krb5
Vulnerability : use-after-free
Problem type : remote
Debian-specific: no
CVE ID : CVE-2010-0629
Debian Bug : 567052

Sol Jerome discovered that kadmind service in krb5, a system for authenticating users and services on a network, allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.

For the stable distribution (lenny), this problem has been fixed in
version 1.6.dfsg.4~beta1-5lenny3.

The testing distribution (squeeze), and the unstable distribution (sid) are
not affected by this issue.

We recommend that you upgrade your krb5 package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/k/krb5/krb5_1.6.dfsg.4~beta1-5lenny3.dsc
Size/MD5 checksum: 1537 5e303b1137773a3151e3c32c3e711707
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.6.dfsg.4~beta1.orig.tar.gz
Size/MD5 checksum: 11647547 08d6ce311204803acbe878ef0bb23c71
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.6.dfsg.4~beta1-5lenny3.diff.gz
Size/MD5 checksum: 852374 02717d2cea45f186eb05cd196d8035ac

Architecture independent packages:

http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.6.dfsg.4~beta1-5lenny3_all.deb
Size/MD5 checksum: 2149738 7d91c163fb39f13e4bb9371d6700ec34

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny3_alpha.deb
Size/MD5 checksum: 72254 5f5136a8eb5b652ff3425220372982d6
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny3_alpha.deb
Size/MD5 checksum: 179752 6bfe9b06aefbd13d82e449001f061f07
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny3_alpha.deb
Size/MD5 checksum: 92810 d28e976f4aaf8a7a3048144198a250fd
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny3_alpha.deb
Size/MD5 checksum: 112938 8a8f3658363a97fb221145454deea825
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny3_alpha.deb
Size/MD5 checksum: 98620 ceb3367cea07913abcb6bf91db125abf
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny3_alpha.deb
Size/MD5 checksum: 538482 5f795f3b40ef6a719b4477c21a331759
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny3_alpha.deb
Size/MD5 checksum: 70284 240ec4c435b3824878d9945807c10e2d
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny3_alpha.deb
Size/MD5 checksum: 149846 059e17811c7ff7be4b3e80fb41b19929
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny3_alpha.deb
Size/MD5 checksum: 1351808 246d6c6583b4112ab05b294ae31674f6
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny3_alpha.deb
Size/MD5 checksum: 255514 949a91a2551f17746d37098298c05e3b
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny3_alpha.deb
Size/MD5 checksum: 219390 8cf3087d18ad516640537ecbefc9a0cd
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny3_alpha.deb
Size/MD5 checksum: 98526 43677b97645fe8fd143ff676a1a7e63f
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny3_alpha.deb
Size/MD5 checksum: 83188 c3630cba3fb62edc816221242cb032aa

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny3_amd64.deb
Size/MD5 checksum: 238796 045b29e14a6188aa596a209a3762b78e
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny3_amd64.deb
Size/MD5 checksum: 169808 099c0806d6f0010d1089d066991b1ad9
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny3_amd64.deb
Size/MD5 checksum: 77192 de479e30e20c2a175cfc486c8fc226b7
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny3_amd64.deb
Size/MD5 checksum: 199376 9dafd2e209a2f8ecce6a10216f09b8ab
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny3_amd64.deb
Size/MD5 checksum: 146824 998e1ab444453ab62c9baa370cc21160
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny3_amd64.deb
Size/MD5 checksum: 519456 c69a4945357d25e72a8066e245ec2542
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny3_amd64.deb
Size/MD5 checksum: 94104 07461a31cd114b3b1534d2a8a1759e12
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny3_amd64.deb
Size/MD5 checksum: 69372 551c1687d0c5014756cec71011ac0f4a
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny3_amd64.deb
Size/MD5 checksum: 92822 db6fc1bd36e8615850e8787c8f0cf66c
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny3_amd64.deb
Size/MD5 checksum: 68402 039b27e70826f5ff2530bb8aecb2a1b2

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Bob Worm
  Mon Jun 8 16:33:22 2026
  from Wales, Uk via Telnet
- Bob Worm
  Mon Jun 8 14:11:46 2026
  from Wales, Uk via Telnet
- Krenn
  Mon Jun 8 11:22:02 2026
  from Sydney, Nsw via Telnet
- Bob Worm
  Mon Jun 8 08:26:26 2026
  from Wales, Uk via Telnet
- Spearb0y
  Mon Jun 8 06:51:02 2026
  from Massachusetts via SSH
- Krenn
  Mon Jun 8 05:45:38 2026
  from Sydney, Nsw via Telnet
- Bob Worm
  Sun Jun 7 20:58:28 2026
  from Wales, Uk via Telnet
- Michal Wronka
  Sun Jun 7 19:26:28 2026
  from Wroclaw, Poland via SSH

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	27:10:41
Calls:	12,106
Calls today:	6
Files:	15,006
Messages:	6,518,203

[SECURITY] [DSA 2031-1] New krb5 packages fix denial of service (1/4)

Who's Online

Recent Visitors

System Info