SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for kerberos5-1.4.3-6tr.i586.rpm :
Mon Sep 10 14:00:00 2007 Nived Gopalan 1.4.3-6tr
- SECURITY Fix: A boundary error within the implementation of the
RPCSEC_GSS authentication type exists in the \"svcauth_gss_validate()\"
function in src/lib/rpc/svc_auth_gss.c. This can be exploited to
cause a stack-based buffer overflow by sending a specially crafted
RPC message to a vulnerable server.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-3999 to this issue.

Fri Jun 29 14:00:00 2007 Nived Gopalan 1.4.3-5tr
- SECURITY Fix: Some vulnerabilities have been reported in Kerberos,
which can be exploited by malicious users to compromise a vulnerable
system.
- An error exists within the \"gssrpc__svcauth_gssapi\" function in the
RPC library, which can cause kadmind and possibly other third-party
products to free an uninitialised pointer when receiving an RPC
credential with a length of zero.
- A signedness error exists within the \"gssrpc__svcauth_unix()\" function
in the RPC library, which is used by kadmind and possibly other
third-party products. This can be exploited to cause a stack-based
buffer overflow.
- Fixes stack-based buffer overflow error in kadmind within the
rename_principal_2_svc function which could allow remote authenticated
users to execute arbitrary code via a crafted request to rename a
principal.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-2442, CVE-2007-2443 and CVE-2007-2798
to these issues.

Thu Apr 5 14:00:00 2007 Nived Gopalan 1.4.3-4tr
- SECURITY Fix: Some vulnerabilities have been reported in Kerberos,
which can be exploited by malicious users to cause a DoS or
compromise a vulnerable system.
- An error exists in the MIT krb5 telnet daemon when processing the
username. This can be exploited to log in as an arbitrary user by
providing a specially crafted username beginning with \"-e\".
- A boundary error exists in the \"krb5_klog_syslog()\" function within
the kadm5 library, which is used by KDC, kadmind and probably other
third party products. This can be exploited to cause a stack-based
buffer overflow via an overly long string.
- A double-free error exists in the \"kg_unseal_v1()\" function within
the MIT krb5 GSS-API library, which can potentially be exploited to
execute arbitrary code, but requires valid credentials.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-0956, CVE-2007-0957 and CVE-2007-1216
to these issues.

Mon Feb 26 13:00:00 2007 Nived Gopalan
- Rebuilt

Tue Jan 16 13:00:00 2007 Bipin S 1.4.3-2tr
- Security Fix: The RPC library used in Kerberos administration daemon
(kadmind) and other products that use this library, calls an
uninitialized function pointer in freed memory, which allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via unspecified vectors.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2006-6143 to this issue.

Thu Jun 15 14:00:00 2006 Bipin S 1.4.3-1tr
- Initial version for TSL-3.0.5

Mon Jan 30 13:00:00 2006 Nived Gopalan 1.4.1-6tr
- Added Requires libcom_err-devel for devel package.

Wed Jul 13 14:00:00 2005 Bipin S 1.4.1-5tr
- Double-free in krb5_recvauth (CAN-2005-1689).
Buffer overflow, Heap corruption in KDC (CAN-2005-1174) and (CAN-2005-1175)
Fixed Bug# 1073 and 1075

Thu Jun 30 14:00:00 2005 Hasher Jamaludeen 1.4.1-4tr
- Security Fix: Fix for CAN-2004-0175 to krb5 rcp based on Markus Friedl\'s
fix for OpenSSH scp.

Wed Apr 27 14:00:00 2005 Syed Shabir Zakiullah 1.4.1-2tr
- Added gcc4 patch

Sat Apr 23 14:00:00 2005 Syed Shabir Zakiullah 1.4.1-1tr
- New Upstream

Mon Apr 11 14:00:00 2005 Raghu 1.4-1tr
- New Upstream

Thu Mar 17 13:00:00 2005 Syed Shabir Zakiullah 1.3.6-4tr
- Rebuilt against Official Glibc-2.3.4

Thu Mar 10 13:00:00 2005 Erlend Midttun 1.3.6-3tr
- Nuke installed but not packaged file.

Tue Dec 21 13:00:00 2004 Erlend Midttun 1.3.6-2tr
- New upstream.

Mon Nov 1 13:00:00 2004 Oystein Viggen 1.3.5-2tr
- Patch tempfile issue

Fri Sep 24 14:00:00 2004 Syed Shabir 1.3.5-1tr
- New upstream with updated security bugs

Wed Sep 1 14:00:00 2004 Oystein Viggen 1.3.4-2tr
- Patch security bugs

Thu Jun 17 14:00:00 2004 Chr. Toldnes 1.3.4-1tr
- New upstream version: 1.3.4

Wed Jun 2 14:00:00 2004 Chr. Toldnes 1.3.3-1tr
- New upstream version: 1.3.3
- Added patch to fix buffer overflow.

Wed Feb 11 13:00:00 2004 Tor Hveem 1.3.1-4th
- Fixed stupid error with file wildcards.

Tue Feb 10 13:00:00 2004 Tor Hveem 1.3.1-3th
- New package libs.

Mon Feb 9 13:00:00 2004 Chr. Toldnes 1.3.1-2tr
- Use system et (libcom_err)

Mon Feb 9 13:00:00 2004 Chr. Toldnes 1.3.1-1tr
- Initial release for Trustix
- built shared :) with no stack protection :(


  
ICM