Date: Thu, 06 Sep 2007 21:49:05 -0400
From: Foresight Linux Essential Announcement Service <foresight-security-noreply@foresightlinux.org.>
To: [email protected]Subject: FLEA-2007-0050-1 krb5 krb5-workstation
Message-ID: <46e0ae11.5TDlFUUsrPVeBCIf%[email protected]>
User-Agent: nail 11.22 3/20/05
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Foresight Linux Essential Advisory: 2007-0050-1
Published: 2007-09-06
Rating: Critical
Updated Versions:
krb5=/conary.rpath.com at rpl:devel//1/1.4.1-7.8-1
krb5-workstation=/conary.rpath.com at rpl:devel//1/1.4.1-7.8-1
group-dist=/foresight.rpath.org@fl:1-devel//1/1.3.2-0.17-2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4743
https://issues.rpath.com/browse/RPL-1696
Description:
Previous versions of the krb5 package are vulnerable to an
unauthenticated remote arbitrary code execution attack against
the kadmind server. Foresight Linux systems are not automatically
configured with kadmind enabled. Systems configured as kerberos
administrative servers are vulnerable.
6 September 2007 Update: CVE-2007-4743 was also assigned to this
vulnerability due to a problem with the originally published patch
(for CVE-2007-3999), which did not fully correct the vulnerability.
The update provided for rPath Linux used the revised patch, which
fully corrected the vulnerability.
Note: Foresight Linux is not vulnerable to CVE-2007-4000 (which was
announced coincident with CVE-2007-3999); it does not apply to the
version of kerberos included in Foresight Linux.
Copyright 2007 rPath, Inc.
Copyright 2007 Foresight Linux Project
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFG4K4LWu/kq4lN9jkRAl1zAJ44a1AngaYyWlv9mPITGnsNSYJyPACdEVzK
EdHwXvfT1cW5CVzitF2IDGU=
=pz+K
-----END PGP SIGNATURE-----