Ubuntu alert USN-334-1 (krb5)
| From: | Martin Pitt <martin.pitt@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-334-1] krb5 vulnerabilities | |
| Date: | Wed, 16 Aug 2006 09:47:28 +0200 | |
| Cc: | full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com |
=========================================================== Ubuntu Security Notice USN-334-1 August 16, 2006 krb5 vulnerabilities CVE-2006-3083, CVE-2006-3084 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: krb5-clients 1.3.6-1ubuntu0.2 krb5-ftpd 1.3.6-1ubuntu0.2 krb5-rsh-server 1.3.6-1ubuntu0.2 krb5-user 1.3.6-1ubuntu0.2 Ubuntu 5.10: krb5-clients 1.3.6-4ubuntu0.1 krb5-ftpd 1.3.6-4ubuntu0.1 krb5-rsh-server 1.3.6-4ubuntu0.1 krb5-user 1.3.6-4ubuntu0.1 Ubuntu 6.06 LTS: krb5-clients 1.4.3-5ubuntu0.1 krb5-ftpd 1.4.3-5ubuntu0.1 krb5-rsh-server 1.4.3-5ubuntu0.1 krb5-user 1.4.3-5ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Michael Calmer and Marcus Meissner discovered that several krb5 tools did not check the return values from setuid() system calls. On systems that have configured user process limits, it may be possible for an attacker to cause setuid() to fail via resource starvation. In that situation, the tools will not reduce their privilege levels, and will continue operation as the root user. By default, Ubuntu does not ship with user process limits. Please note that these packages are not officially supported by Ubuntu (they are in the 'universe' component of the archive). Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1... Size/MD5: 664713 e5a4861877e15cb91f6dbf5935158137 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1... Size/MD5: 788 edf046e890d05828180fceec79299544 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1... Size/MD5: 6526510 7974d0fc413802712998d5fc5eec2919 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-d... Size/MD5: 718394 62fe4ea415da1b040b8d2e82ebfca461 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 104526 f265e825f470f7d125e64ca67ab1baa4 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 216450 180d0ee16f7d82fb08cc33c9f57fae83 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 56510 3b99157b1abf76ca65589b57367a9746 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 124206 51bb620898c55c8d4968baf7c915cf82 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 82270 7354364f56ef0c9e3e2852f53aa77827 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 63018 b4399bc4b714ced3315096b816243034 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 137248 37f64a3430eb404463252f5ddf310b9b http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkad... Size/MD5: 177112 a171ce80ad5fe539651ca1d44fcba049 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb... Size/MD5: 652010 095eb7be05716c7817a7062b010944d9 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb... Size/MD5: 368902 d25bcf5493f713f6c04f216b5d536633 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 92760 46dcc0c71e393f712accb32502f5fb27 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 186370 f76907f8e22ea810797121db36ae5a98 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 51138 b0cb6e0d875dd5cbd4501f064ab6c996 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 113422 7c5b2c8965b3a70256652f2a8e7b5de7 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 73622 375bd22b55ce87d9c6735611e2a9b792 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 55582 b475c04c380a75586ce6620e55634abe http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 125516 a033c02351b981ba7c1f14b62c6c94ca http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkad... Size/MD5: 161336 92801e470aca62acea12a56a4ccd9d9f http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb... Size/MD5: 560646 fa64ac088fd2d1a9a5b42dc4e0f98d3d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb... Size/MD5: 341032 2d9358a575da34874d6633fbfb9c08f6 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 105020 dfea844c1df75d83efbcf8e84c4fd3e1 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 217282 b08f0c5d1316edb94cf7372d317cff08 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 56478 b34062e8e7c5e9e67826ca0f24b9600f http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 125652 f799d32a413b27a73fa73bdd98468bdc http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 82164 5dbb8cd1666f9222c1cef923b8df6cce http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 61104 42f7634145ff584c4744a168e94a1773 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 143276 59665e64fb221061e20ff6f601dc3f54 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkad... Size/MD5: 165128 8b18c2e1421292c39ab0c536676a915a http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb... Size/MD5: 634530 2731b2770926d2a909e8c6112e058ba3 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb... Size/MD5: 352576 0db03c098d189cc7f45401c5e5d252a1 Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1... Size/MD5: 683815 1ec3933b6e93acb2b5884d3645086823 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1... Size/MD5: 849 cb40c03fdca7cde12317eae6bf230148 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1... Size/MD5: 6526510 7974d0fc413802712998d5fc5eec2919 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-d... Size/MD5: 825942 b73d106fdae030a199de4bddc79d2a8c amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 108074 f449c1f208261824db42779f51d2437f http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 221366 8e2627cacc0eebc055fc98968444530e http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 57596 1aefe5a5950b6c6cea862b2038cb2e0b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 130510 081c9342edc8a48bbd0fdc42aa7e0461 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 82656 b044febd05bacc9715c7b7f40657ca02 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 65108 15187362f71fd299c45945d623221bbb http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 138856 66492c04c3813dc00f9ea25264ebd468 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkad... Size/MD5: 180326 5615f58042993b486cbe2f6afaba855e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb... Size/MD5: 649270 0959e9874ce1b3183c598b9ee0505c13 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb... Size/MD5: 364144 048aa9a6cf2e5a675e5ed0f43eb7567a i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 95596 a06dc078a6fa44135ab29455e199b9de http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 187522 c6151b32aad7f50b3c34e9b64e3b7baa http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 51910 3da181c873f21dfa783d37f3bd855944 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 117528 f906614b3bab233ad4992229e88382d7 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 73462 231a92c79d139dca69562b67603540d2 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 56572 107d7d0b646f7a1d6baca4b3d24be4ad http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 126342 1f75a18101fea8b750963df2fbc60648 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkad... Size/MD5: 156812 6347877fcd25253e73d65a690ebbdcb5 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb... Size/MD5: 540190 56c29aab438c0c9f150bc08ac887712f http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb... Size/MD5: 328908 ad197271414102c6a0d145c015925a29 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 109232 727090e9f1cb3a6036b85d1021b27c2c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 220718 90a8d79f03c0f2ec8aad328c446252ae http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 56626 577a5062dc0f118d2dbd2474e124f1fc http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 131704 6494e9da3da488d06b26b461ab24ca93 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 82520 9b33529f90b698c4c19358c451bc31a7 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 63470 73afcd05914feb2a093288e261986c7a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 145110 9cd29af05a557e895d24c4694e3c3570 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkad... Size/MD5: 167640 a4b102ac7179daa4aa941d92c106d09f http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb... Size/MD5: 621696 bf5db246d5693b776ff166a579c4d3f7 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb... Size/MD5: 342306 b98b007af374997297db52ddade643b5 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 97820 bc64ee0f53a8ee87338660da8f25bab7 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 198526 0a2070787157cdbc8ed0921f5882cf6c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 53674 65f24d8a48d40ca34547965bb72797cb http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 120338 5eaed55cf80b8e4f6dd193657ab1ceba http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 74792 e4dfcd6aac39c8701e44acc79d164773 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 60278 281eb7a22b50fc904f1ba97f47a65759 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 128640 d5d0c97475cfa3f58649bd9f2735f8ae http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkad... Size/MD5: 156248 5925f82159529a777ac317b047553c03 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb... Size/MD5: 561006 da30d253fae30b41059ccf6caee71b4b http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb... Size/MD5: 316974 1641a454791f13bb2fda6dd1e85ee3e6 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1... Size/MD5: 1447252 865ab4d7389d4445ae8e55cf760f820c http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1... Size/MD5: 850 a2def4f7b8cbdc5beaacff0647b1c684 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1... Size/MD5: 7279788 43fe621ecb849a83ee014dfb856c54af Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-d... Size/MD5: 852586 b57e6bee5218001e28131766f9e72090 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 79548 d7f470590c36b1d0483917ebc2b795f5 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 222588 2254ed7b97fc2c4f751dbe5146f8d47e http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 59724 fe2dabb7f95232accef634b163bc1fb7 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 134404 0d0a278f7da8b542042fc542e62cf884 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 84620 cdaff300da8c62e065e1c54030d56da8 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 66880 4daf696403ae7020ab415602fd9801e3 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 129292 8de3933c99587feb18c860d4ad687bec http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkad... Size/MD5: 190048 2892a6b48f610d612c6bcdf06ebcf39d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb... Size/MD5: 768016 ea2a52eb981849a550a6ac381b97ecf7 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb... Size/MD5: 425060 d70acfbb14d7ba77d6d2f3bfc8e646f5 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 71496 5ae322935e2abbf0dc1a7cb0e8ec17c6 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 186600 0c89076b4619b91f8d815e5c04bfd353 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 53688 9bfb8568f0532e8cfe3647b97b34255b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 120992 2e1ebf92dbb4f32dccc540e7b6b08739 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 75274 f39382718a0230ef146c8d94af16485a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 58044 b8cb4dde9964699d63b4cb7bdd0ca42b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 118374 982788fef8c44b1bbed2e60834622fbe http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkad... Size/MD5: 164984 381ace76ae83e0aa4898b7d9a53be302 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb... Size/MD5: 646376 7df67cf26dcb5e320f6a675e11bbdad3 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb... Size/MD5: 380488 293bde8773cdfda1a3dbaa818f20d8f9 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 79578 75defd0cb404ebd2ff184aa8b71d5e72 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 219926 a935f96764a894b01db176128321894f http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 58936 b92740002e9f08ec82e32bf4facdb247 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 135376 f080a932904bc10ff7c1abdce0b69797 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 84478 84f53a7b3b7a4b3d79acc6a50c3b94e0 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 65260 b9fd80bee6fb08cb0ea5c6505a5ebb63 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 134266 1ae5906375e67a8064487ca36c89a430 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkad... Size/MD5: 176912 2b2f66514f13c3ec04fd82fec6412de3 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb... Size/MD5: 751180 4768add9f74e50f4d75f0d34997d8570 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb... Size/MD5: 395282 9f58047b3e2f597b9d72b01cc2b2fc34 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 72126 7ea79aad632479b191d339701b3f3230 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 196772 f0dd11c6c165b873f3d385b546658788 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 55660 d25c198cf7d4bd5fa974089b115cee66 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 123784 85a6c5f89fc45e372ddb0b32989f9871 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 76278 2a3b9ae1540be8c42eb24b4743edb71d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 61590 4a1838f65c9f8e01f080357d1c2357a7 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/kr... Size/MD5: 119934 9fe244bfaeafe2f792d7104e69dbb313 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkad... Size/MD5: 164432 2ebc06c6e399af7df8c47118facee414 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb... Size/MD5: 677684 90ff88e9481fd3a2fe59164fa0868e8c http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb... Size/MD5: 368070 b2ece991e696234cf1084781be2d1a8d -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...