Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Advisories: March 29, 2005

Mar 30, 2005, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 697-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
March 29th, 2005 http://www.debian.org/security/faq


Package : netkit-telnet
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0469

iDEFENSE researchers discovered a buffer overflow in the handling of the LINEMODE suboptions in telnet clients. This can lead to the execution of arbitrary code when connected to a malicious server.

For the stable distribution (woody) this problem has been fixed in version 0.17-18woody3.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your telnet package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/n/netkit-telnet/netkit-telnet_0.17-18woody3.dsc
Size/MD5 checksum: 602 2fe6640e0719f7aa44a7815a89a12a41
http://security.debian.org/pool/updates/main/n/netkit-telnet/netkit-telnet_0.17-18woody3.diff.gz
Size/MD5 checksum: 22327 943fcd9a5048df83ce6d4f00c5b64853
http://security.debian.org/pool/updates/main/n/netkit-telnet/netkit-telnet_0.17.orig.tar.gz
Size/MD5 checksum: 133749 d6beabaaf53fe6e382c42ce3faa05a36

Alpha architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_alpha.deb
Size/MD5 checksum: 84292 0b84a10dfc8714c16dbbb022f3344616
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_alpha.deb
Size/MD5 checksum: 45876 7a1893a937dd23489c45cc31d0e1605b

ARM architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_arm.deb
Size/MD5 checksum: 69924 8bb25a534f053a693aa971df0e15d71f
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_arm.deb
Size/MD5 checksum: 39618 2cfc8d96f00bb739333adf0659caceb6

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_i386.deb
Size/MD5 checksum: 70736 838259bf5d62e438959162e53aad0fa0
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_i386.deb
Size/MD5 checksum: 38616 b70a384a508e0405e91f3790f0668081

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_ia64.deb
Size/MD5 checksum: 102868 70da46fb55cb87eb86e926ffbd9d0bb2
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_ia64.deb
Size/MD5 checksum: 52542 8a459f0368d5f861f9bf4ab35ce6a8c3

HP Precision architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_hppa.deb
Size/MD5 checksum: 70048 f14aa30e55f6ea4d40f6c4164d3db8bb
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_hppa.deb
Size/MD5 checksum: 43568 11ecc34f1825ceecda70fb89265b688e

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_m68k.deb
Size/MD5 checksum: 67226 572135d4d9d8978bc0a1ea6202f7c1be
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_m68k.deb
Size/MD5 checksum: 37524 1c061c7ee5e3879b88eadda2b21eb463

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_mips.deb
Size/MD5 checksum: 80896 7de7f5ad30e0f95a5661b2cfe44f95ab
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_mips.deb
Size/MD5 checksum: 42678 a77278475feb6cb0ec3b605a5a904218

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_mipsel.deb
Size/MD5 checksum: 80828 70c559a8b71a8c03350eeccf53f3e25d
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_mipsel.deb
Size/MD5 checksum: 42670 51cb8ffb5f3c4b525682e78d7ae1481e

PowerPC architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_powerpc.deb
Size/MD5 checksum: 73288 38517e77c45ed6c66fddb4d817b4829a
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_powerpc.deb
Size/MD5 checksum: 40326 9ca930698e43c7bf55865fca839d57e4

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_s390.deb
Size/MD5 checksum: 73250 e2f4333b7dc6bf55dd3c46ed98734499
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_s390.deb
Size/MD5 checksum: 41272 7cce38638c1e4a9564369ff5e7e68a69

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_sparc.deb
Size/MD5 checksum: 74240 5a83b9953328c8de75a76682ce30da35
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_sparc.deb
Size/MD5 checksum: 45374 167f760979a1eb531461178ed576b82c

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 698-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
March 29th, 2005 http://www.debian.org/security/faq


Package : mc
Vulnerability : buffer overflow
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0763

An unfixed buffer overflow has been discovered by Andrew V. Samoilov in mc, the midnight commander, a file browser and manager. This update also fixes a regression from DSA 497.

For the stable distribution (woody) this problem has been fixed in version 4.5.55-1.2woody6.

For the unstable distribution (sid) this problem has already been fixed.

We recommend that you upgrade your mc packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6.dsc
Size/MD5 checksum: 798 8e99dd740d8ffae2c41a90a6b116f229
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6.diff.gz
Size/MD5 checksum: 52176 73bc0707bc6bda5e3ba6066985dc774e
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55.orig.tar.gz
Size/MD5 checksum: 4850321 82772e729bb2ecfe486a6c219ebab09f

Alpha architecture:

http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_alpha.deb
Size/MD5 checksum: 1186538 9239cbf4199a6544b3ca6332fd52db6f
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_alpha.deb
Size/MD5 checksum: 562996 72dbc715e7a7283e11e29fea64552f30
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_alpha.deb
Size/MD5 checksum: 1351898 63a8e1afcbba209db727d92d4955a8c9

ARM architecture:

http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_arm.deb
Size/MD5 checksum: 1028408 8826cb0c5a44b5af496dfeba6d607d55
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_arm.deb
Size/MD5 checksum: 480688 f6a09cce37d13577e92b373b75cc574c
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_arm.deb
Size/MD5 checksum: 1352032 5dfd20bcf483f407c6731773070c87c3

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_i386.deb
Size/MD5 checksum: 994490 459f7317ab45b42d003116efacfa196e
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_i386.deb
Size/MD5 checksum: 455232 aab393d3264175b8575cfaf66220f753
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_i386.deb
Size/MD5 checksum: 1351810 e1471d6e5f49bcd92e12ca9a73b74c33

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_ia64.deb
Size/MD5 checksum: 1435522 a3a000b0de5e6fa4cafaaf58263e47f7
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_ia64.deb
Size/MD5 checksum: 689234 441e904cc527473e05b47b78d5c4bd2f
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_ia64.deb
Size/MD5 checksum: 1351796 3e61ead9025a69305e554d63d7abf636

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_hppa.deb
Size/MD5 checksum: 1144534 4c2c57ec173ceed338bc9e44c882f670
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_hppa.deb
Size/MD5 checksum: 541246 2dbf858ac3c53d54baccca0ca3d04031
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_hppa.deb
Size/MD5 checksum: 1352288 cea79758caf2b6f33f989614d924c965

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_m68k.deb
Size/MD5 checksum: 957858 d7028898ea3a35f85f78a7f087e694b2
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_m68k.deb
Size/MD5 checksum: 437062 cd05897db0003c22f7bb18aecd1eec27
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_m68k.deb
Size/MD5 checksum: 1352326 367211fbc6fa342d715416b958ec07b1

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_mips.deb
Size/MD5 checksum: 1087190 3216349530cf0a9b2b73902084fea281
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_mips.deb
Size/MD5 checksum: 536944 281b9d6b996d040e2664355571bd0c7a
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_mips.deb
Size/MD5 checksum: 1352256 1ca47ba59015ff24fc0d324db184de31

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_mipsel.deb
Size/MD5 checksum: 1081322 02bdddc905c6d80ebcc17b746a5f47b7
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_mipsel.deb
Size/MD5 checksum: 535794 c59f3a0071d2c751a1f5f320fd03c932
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_mipsel.deb
Size/MD5 checksum: 1352084 5ad918e829a9a31725de8dd687d7a742

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_powerpc.deb
Size/MD5 checksum: 1043086 6d6cb89274647fb8eb0a8f8d089dd7bd
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_powerpc.deb
Size/MD5 checksum: 490208 716ce6d995b02f20452afaf96185fa59
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_powerpc.deb
Size/MD5 checksum: 1352208 3fe36051681012611989f15301b13e1a

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_s390.deb
Size/MD5 checksum: 1030020 7d9b20ece50fd41ee2de10cb79826bc3
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_s390.deb
Size/MD5 checksum: 479574 5be9988d0c5fb89e1061fa06d5256327
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_s390.deb
Size/MD5 checksum: 1352116 bdcdd74197972f260d0aced37f324751

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_sparc.deb
Size/MD5 checksum: 1029098 aadd9cfef3188c17de809a51c2c11037
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_sparc.deb
Size/MD5 checksum: 483630 176d603f21a2cc5253facafc5d86dcb2
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_sparc.deb
Size/MD5 checksum: 1352214 5dfcd273857ed952157083c4d33fbcba

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 699-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
March 29th, 2005 http://www.debian.org/security/faq


Package : netkit-telnet-ssl
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0469

iDEFENSE researchers discovered a buffer overflow in the handling of the LINEMODE suboptions in telnet clients. This can lead to the execution of arbitrary code when connected to a malicious server.

For the stable distribution (woody) this problem has been fixed in version 0.17.17+0.1-2woody4.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your telnet-ssl package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1-2woody4.dsc
Size/MD5 checksum: 669 edcae9a56571c23861cc772d116f6d9b
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1-2woody4.diff.gz
Size/MD5 checksum: 9099 0c6a68a7522269cb7c7f18e08e9f3228
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1.orig.tar.gz
Size/MD5 checksum: 167658 faf2d112bc4d44f522bad3bc73da8d6d

Alpha architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_alpha.deb
Size/MD5 checksum: 101196 46f45337d4a60eb738b077770e3aa2a4
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_alpha.deb
Size/MD5 checksum: 57024 b2a33f4b5143da8a36ee78b75850c6c2

ARM architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_arm.deb
Size/MD5 checksum: 85194 1db7e7432d8025531b869ae5c737014b
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_arm.deb
Size/MD5 checksum: 48596 ad29db7a35ad3ee4e3d2c5c411b0edb9

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_i386.deb
Size/MD5 checksum: 85608 6b9e94d7acf3274a62a78e98b069060b
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_i386.deb
Size/MD5 checksum: 46730 09bf8699c1af6a5f4f9e913d7ef92759

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_ia64.deb
Size/MD5 checksum: 123272 d81d94ec52c655bb8496bf126c9077aa
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_ia64.deb
Size/MD5 checksum: 66728 e1879d40f611846bb7f787245feb8fee

HP Precision architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_hppa.deb
Size/MD5 checksum: 86624 677730710e0adac9cb6cbe1d1cca742b
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_hppa.deb
Size/MD5 checksum: 54054 df3349ebb866ada9bc08a3dabf681bcc

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_m68k.deb
Size/MD5 checksum: 81534 9007bc1b9ce71d54eda4da588269e39b
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_m68k.deb
Size/MD5 checksum: 45494 8bd015cf665ed260e8943aaf9a88d5a9

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_mips.deb
Size/MD5 checksum: 97454 ad228bd9d0353478740fde78095b8332
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_mips.deb
Size/MD5 checksum: 52346 b22cdea93cc2d406144f7797918ba348

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_mipsel.deb
Size/MD5 checksum: 97292 fe280b5296350918ef3f99bd86c1e3e8
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_mipsel.deb
Size/MD5 checksum: 52334 816d5bce2968f676d3261a1d3e9e5e21

PowerPC architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_powerpc.deb
Size/MD5 checksum: 88238 c0b09580e81ff24c5e04d7ae0e859645
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_powerpc.deb
Size/MD5 checksum: 48882 f1ab39899f6b2892cae81b8b4dfb2d16

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_s390.deb
Size/MD5 checksum: 88746 b4a754f74fe3bc462488c62a137fa422
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_s390.deb
Size/MD5 checksum: 50562 fe91806b369af4ff31030c1079b7b9bd

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_sparc.deb
Size/MD5 checksum: 89356 dd5d9462b3b86d40f0f67a9ec86adc57
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_sparc.deb
Size/MD5 checksum: 54646 5d694a26621ef73ce5d2c0e6ed9bc887

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Fedora Core


Fedora Update Notification
FEDORA-2005-270
2005-03-29

Product : Fedora Core 3
Name : krb5
Version : 1.3.6
Release : 5
Summary : The Kerberos network authentication system.

Description :
Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords.


Update Information:

Updated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available.

Kerberos is a networked authentication system which uses a trusted third party (a KDC) to authenticate clients and servers to each other.

The krb5-workstation package includes a Kerberos-aware telnet client. Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim's machine if the victim can be tricked into connecting to a malicious telnet server. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names CAN-2005-0468 and CAN-2005-0469 to these issues.


  • Mon Mar 28 2005 Nalin Dahyabhai <nalin@redhat.com> 1.3.6-5
    • rebuild
  • Wed Mar 23 2005 Nalin Dahyabhai <nalin@redhat.com> 1.3.6-4
    • drop krshd patch
  • Thu Mar 17 2005 Nalin Dahyabhai <nalin@redhat.com>
    • add draft fix from Tom Yu for slc_add_reply() buffer overflow (CAN-2005-0469)
    • add draft fix from Tom Yu for env_opt_add() buffer overflow (CAN-2005-0468)

This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

15bad9c44ba4da14de7d5527a02c1a90 SRPMS/krb5-1.3.6-5.src.rpm
41314d054ab13a935cd57466a99bb03e x86_64/krb5-devel-1.3.6-5.x86_64.rpm
c99ffb83d090d156e59a0348e8162b6e x86_64/krb5-libs-1.3.6-5.x86_64.rpm
9ed53c214ae3b20aa8cb3a3f339b46ad x86_64/krb5-server-1.3.6-5.x86_64.rpm
1f03b24107cb22cfca368d59fb9c40ee x86_64/krb5-workstation-1.3.6-5.x86_64.rpm
0c354d4e12fcfe83c2cd6fbfb96abc16 x86_64/debug/krb5-debuginfo-1.3.6-5.x86_64.rpm
f07344531de5e52ff9b5a0d20bdc91be x86_64/krb5-libs-1.3.6-5.i386.rpm
0af73edbe1464ecceaf3a30789c5d400 i386/krb5-devel-1.3.6-5.i386.rpm
f07344531de5e52ff9b5a0d20bdc91be i386/krb5-libs-1.3.6-5.i386.rpm
d737538d9eb42347efc297930f17241c i386/krb5-server-1.3.6-5.i386.rpm
92a3d0a3000bd0a78abcf11da80009ba i386/krb5-workstation-1.3.6-5.i386.rpm
d8b1635e05c1b0bb6d76cb9f7a810d78 i386/debug/krb5-debuginfo-1.3.6-5.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.



Fedora Update Notification
FEDORA-2005-269
2005-03-29

Product : Fedora Core 2
Name : krb5
Version : 1.3.6
Release : 4
Summary : The Kerberos network authentication system.

Description :
Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords.


Update Information:

Updated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available.

Kerberos is a networked authentication system which uses a trusted third party (a KDC) to authenticate clients and servers to each other.

The krb5-workstation package includes a Kerberos-aware telnet client. Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim's machine if the victim can be tricked into connecting to a malicious telnet server. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names CAN-2005-0468 and CAN-2005-0469 to these issues.


  • Wed Mar 23 2005 Nalin Dahyabhai <nalin@redhat.com> 1.3.6-4
    • drop krshd patch
  • Thu Mar 17 2005 Nalin Dahyabhai <nalin@redhat.com>
    • add draft fix from Tom Yu for slc_add_reply() buffer overflow (CAN-2005-0469)
    • add draft fix from Tom Yu for env_opt_add() buffer overflow (CAN-2005-0468)

This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

3c210dbdcfb5f01a35f52632abbd3e58 SRPMS/krb5-1.3.6-4.src.rpm
2b4e4f7ffe208989572b173efa18c4b4 x86_64/krb5-devel-1.3.6-4.x86_64.rpm
67a3ffb77c8f92b235d503380ff54b32 x86_64/krb5-libs-1.3.6-4.x86_64.rpm
5d8e752002f27ca2ea7c8f40a6247b37 x86_64/krb5-server-1.3.6-4.x86_64.rpm
b01504865b91a46e9f6dab345a939bf6 x86_64/krb5-workstation-1.3.6-4.x86_64.rpm
72def6a5e69a30e63ab071f581ad1729 x86_64/debug/krb5-debuginfo-1.3.6-4.x86_6= 4.rpm
891e77b16aa127543976583a0b134464 x86_64/krb5-libs-1.3.6-4.i386.rpm
e26b5c97144daa666babf9e01bc90b25 i386/krb5-devel-1.3.6-4.i386.rpm
891e77b16aa127543976583a0b134464 i386/krb5-libs-1.3.6-4.i386.rpm
16a523103910c903de48a8c2e33c6524 i386/krb5-server-1.3.6-4.i386.rpm
f36537a81b6330e72c01de759196fb35 i386/krb5-workstation-1.3.6-4.i386.rpm
123d9371167ecbe81399b256ece22399 i386/debug/krb5-debuginfo-1.3.6-4.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.


Ubuntu Linux


Ubuntu Security Notice USN-102-1 March 29, 2005
sharutils vulnerabilities
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=242597
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=265904

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

sharutils

The problem can be corrected by upgrading the affected package to version 1:4.2.1-10ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Shaun Colley discovered a buffer overflow in "shar" that was triggered by output files (specified with -o) with names longer than 49 characters. This could be exploited to run arbitrary attacker specified code on systems that automatically process uploaded files with shar.

Ulf Harnhammar discovered that shar does not check the data length returned by the 'wc' command. However, it is believed that this cannot actually be exploited on real systems.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1-10ubuntu0.1.diff.gz
Size/MD5: 7692 7d0ac5f9d30e814f3bb8a920a384efd0
http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1-10ubuntu0.1.dsc
Size/MD5: 634 400f8c2b587de06d80b961f416069c40
http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1.orig.tar.gz
Size/MD5: 306022 b8ba1d409f07edcb335ff72a27bd9828

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils-doc_4.2.1-10ubuntu0.1_all.deb
Size/MD5: 27834 f95e85a0a3bc6b8998161e4ae0e19020

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1-10ubuntu0.1_amd64.deb
Size/MD5: 113868 20cc7d70f9c93d46772bd8a2eaceaa80

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1-10ubuntu0.1_i386.deb
Size/MD5: 110696 c96e763f35d05965f189cf97b9d7a323

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1-10ubuntu0.1_powerpc.deb
Size/MD5: 112594 d458759940e4a6396622b3da7866ef84