Critical: krb5 security update

2007-04-04T00:00:00
ID ELSA-2007-0095
Type oraclelinux
Reporter Oracle
Modified 2007-04-04T00:00:00

Description

[1.3.4-46] - fix bug ID in changelog

[1.3.4-45] - add preliminary patch to fix buffer overflow in krb5kdc and kadmind (#231528, CVE-2007-0957) - add preliminary patch to fix double-free in kadmind (#231537, CVE-2007-1216)

[1.3.4-44] - temporarily disable bug fixes for #143289, #179062, #180671, #202191, #223669 for security update - add preliminary patch to correct unauthorized access via krb5-aware telnet daemon (#229782, CVE-2007-0956)

[1.3.4-43] - re-enable fixes for #143289, #223669 and rebuild

[1.3.4-42] - temporarily back out fixes for #143289, #223669 and rebuild

[1.3.4-41] - update rcp non-fatal error patch to fix hangs on write errors, too (Jose Plans, #223669)

[1.3.4-40] - report a non-fatal error to the remote rcp when the client fails to open a file for writing (#223669)

[1.3.4-39] - refrain from killing any lingering members of our child's process group when logging that the child process has exited (Jose Plans, #143289)

[1.3.4-38] - correct syntax error in krb5-config.sh

[1.3.4-37] - update to revised upstream patches for CVE-2006-3083 and CVE-2006-3084 (MITKRB5-SA-2006-001) to avoid unnecessary error messages from ksu (#209512)

[1.3.4-36] - add missing shebang headers to krsh and krlogin wrapper scripts (#209238)

[1.3.4-35] - backport changes to make krb5-devel multilib-safe (#202191, prereq for

[1.3.4-34] - reapply changes for #198633, #179062, #180671

[1.3.4-33] - temporarily revert changes for #198633

[ 1.3.4-32] - rebuild

[1.3.4-31] - temporarily revert changes for #179062 - temporarily revert changes for #180671 - apply patch to fix unchecked calls to setuid() (CVE-2006-3083) and seteuid() (CVE-2006-3084) (#197818)

[1.3.4-30] - incorporate fixes for hangs in the rsh client and server (#198633)

[1.3.4-29] - if we fail to determine the name of a master KDC in krb5_get_init_creds_keytab(), return the error we got from the non-master rather than the can't-determine-the-name error, which isn't so useful, matching the current release's behavior (#180671)

[1.3.4-28] - reenable the fix for #179062