LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Btrfs aims for the mainline

The Android Dev Phone 1

LWN.net Weekly Edition for December 25, 2008

The Grumpy Editor's 2008 retrospective

The 2008 Linux and free software timeline

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Fedora alert FEDORA-2006-1341 (mod_auth_kerb)



From:
    	      "Joe Orton" <jorton@redhat.com>


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora Core 5 Update: mod_auth_kerb-5.3-2.fc5


Date:
    	      Wed, 29 Nov 2006 07:26:01 -0500


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-1341
2006-11-29
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : mod_auth_kerb
Version     : 5.3
Release     : 2.fc5
Summary     : Kerberos authentication module for HTTP
Description :
mod_auth_kerb is module for the Apache HTTP Server designed to
provide Kerberos authentication over HTTP.  The module supports the
Negotiate authentication method, which performs full Kerberos
authentication based on ticket exchanges.

---------------------------------------------------------------------
Update Information:

This update includes the latest upstream release of
mod_auth_kerb, version 5.3, which includes the fix for a
security issue.

An off by one flaw was found in the way mod_auth_kerb
handles certain Kerberos authentication messages. A remote
client could send a specially crafted authentication request
which could crash an httpd child process (CVE-2006-5989).

---------------------------------------------------------------------
* Tue Nov 28 2006 Joe Orton <jorton@redhat.com> 5.3-2.fc5
- fix r->user caching (Enrico Scholz, #214207)
* Thu Nov 23 2006 Joe Orton <jorton@redhat.com> 5.3-1.fc5
- update to 5.3 (CVE-2006-5989, #215443)

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/u...

69de23600ac2b927af4b24498c056be48f6ce707  SRPMS/mod_auth_kerb-5.3-2.fc5.src.rpm
69de23600ac2b927af4b24498c056be48f6ce707  noarch/mod_auth_kerb-5.3-2.fc5.src.rpm
1a7fff3cfb20d2447ba27cab093944d37037b6d6  ppc/debug/mod_auth_kerb-debuginfo-5.3-2.fc5.ppc.rpm
13dd78d44664c5c29672a55ca6e35de534fcb705  ppc/mod_auth_kerb-5.3-2.fc5.ppc.rpm
e77cbc87eab362aa9d71cdac44a727fa9fe5f917  x86_64/mod_auth_kerb-5.3-2.fc5.x86_64.rpm
6e1ccab28dc654035684d3a3ff048bd78f4f7bc3
x86_64/debug/mod_auth_kerb-debuginfo-5.3-2.fc5.x86_64.rpm
d7319c95d15a63cd7ae9dea639a1de657ba854c0  i386/debug/mod_auth_kerb-debuginfo-5.3-2.fc5.i386.rpm
c3c8a4d6adf29a6b94c739a502d7bb7c4e66d200  i386/mod_auth_kerb-5.3-2.fc5.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds