CESA-2008:0164: krb5 security and bugfix update

Description

Kerberos is a network authentication system which allows clients andservers to authenticate to each other through use of symmetric encryptionand a trusted third party, the KDC.A flaw was found in the way the MIT Kerberos Authentication Service and KeyDistribution Center server (krb5kdc) handled Kerberos v4 protocol packets.An unauthenticated remote attacker could use this flaw to crash thekrb5kdc daemon, disclose portions of its memory, or possibly executearbitrary code using malformed or truncated Kerberos v4 protocol requests.(CVE-2008-0062, CVE-2008-0063)This issue only affected krb5kdc with Kerberos v4 protocol compatibilityenabled, which is the default setting on Red Hat Enterprise Linux 4.Kerberos v4 protocol support can be disabled by adding "v4_mode=none"(without the quotes) to the "[kdcdefaults]" section of/var/kerberos/krb5kdc/kdc.conf.Jeff Altman of Secure Endpoints discovered a flaw in the RPC library asused by MIT Kerberos kadmind server. An unauthenticated remote attackercould use this flaw to crash kadmind or possibly execute arbitrary code.This issue only affected systems with certain resource limits configuredand did not affect systems using default resource limits used by Red HatEnterprise Linux 5. (CVE-2008-0947)Red Hat would like to thank MIT for reporting these issues.Multiple memory management flaws were discovered in the GSSAPI library usedby MIT Kerberos. These flaws could possibly result in use of already freedmemory or an attempt to free already freed memory blocks (double-freeflaw), possibly causing a crash or arbitrary code execution.(CVE-2007-5901, CVE-2007-5971)In addition to the security issues resolved above, the following bugs werealso fixed:All krb5 users are advised to upgrade to these updated packages, whichcontain backported fixes to address these vulnerabilities and fix thesebugs.