----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?

Click here to learn more:
http://secunia.com/advisories/business_solutions/

----------------------------------------------------------------------

TITLE:
Debian update for libpam-krb5

SECUNIA ADVISORY ID:
SA33917

VERIFY ADVISORY:
http://secunia.com/advisories/33917/

CRITICAL:
Less critical

IMPACT:
Manipulation of data, Privilege escalation

WHERE:
>From remote

OPERATING SYSTEM:
Debian GNU/Linux 4.0
http://secunia.com/advisories/product/13844/
Debian GNU/Linux unstable alias sid
http://secunia.com/advisories/product/530/

DESCRIPTION:
Debian has issued an update for libpam-krb5. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
overwrite files and to gain escalated privileges.

For more information:
SA33914

SOLUTION:
Apply updated packages.

-- Debian GNU/Linux 4.0 alias etch --

Source archives:

http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1.dsc
Size/MD5 checksum: 670 e24d2e134c78f26f571ae691a4dd3209
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6.orig.tar.gz
Size/MD5 checksum: 119752 5742d0fb75ac148b7748387bc295f472
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1.diff.gz
Size/MD5 checksum: 11016 93ab13d570cbb2938e703fef2f06581e

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_alpha.deb
Size/MD5 checksum: 58440 a526c51fb9e6c4193b8591000ff7b632

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_amd64.deb
Size/MD5 checksum: 57502 d8607f991e0da76e191bc2c468c7ed59

arm architecture (ARM)

http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_arm.deb
Size/MD5 checksum: 55372 e90de3bd06a9fc12d61866e718896c2e

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_hppa.deb
Size/MD5 checksum: 58952 0774be83acdc3e36ddf9c55bbfc9ee16

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_i386.deb
Size/MD5 checksum: 56726 9d3eb6c5e1954393cde41f73b3824190

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_ia64.deb
Size/MD5 checksum: 62910 874687c0aba8ecbce11bd126ff5c2585

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_mips.deb
Size/MD5 checksum: 56894 0f10eccba6afdc540c23a39728df0bc9

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_mipsel.deb
Size/MD5 checksum: 56886 55d1faffac772a008d46674442f480f9

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_powerpc.deb
Size/MD5 checksum: 58572 66ecfa0eb67c381dc8b2a63a1d7dec44

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_s390.deb
Size/MD5 checksum: 57928 73b6597abb7682378667210bd980a8b2

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_sparc.deb
Size/MD5 checksum: 56390 7896f97c1d3b2daa5e94a195a12a11a6

-- Debian GNU/Linux unstable alias sid --

Reportedly, the vulnerabilities will be fixed soon.

ORIGINAL ADVISORY:
DSA-1721-1:
http://lists.debian.org/debian-security-announce/2009/msg00030.html

OTHER REFERENCES:
SA33914:
http://secunia.com/advisories/33914/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------