-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: krb5 security, bug fix, and enhancement update Advisory ID: RHSA-2016:2591-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2591.html Issue date: 2016-11-03 CVE Names: CVE-2016-3119 CVE-2016-3120 ===================================================================== 1. Summary: An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). The following packages have been upgraded to a newer upstream version: krb5 (1.14.1). (BZ#1292153) Security Fix(es): * A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a null pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module. (CVE-2016-3119) * A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a null pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true. (CVE-2016-3120) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1135427 - kadmin.local -q with wrong value in -e option doesn't return nonzero return code 1146945 - RFE: Kerberos should support dropping configuration snippets to /etc/ and /usr 1183058 - krb5-server requires systemd-sysv when it shouldn't need to 1247261 - ksu asks for password even if called by root 1256735 - krb5kdc.log file is world-readable on IPA 1283902 - Remove krb5-server dependency on initscripts unless it is needed 1284987 - Please backport fix for interposer 1290239 - Update krb5 spec file with changes made in fedora 1292153 - Rebase krb5 to 1.14.x 1296241 - Chrome crash in spnego_gss_inquire_context() 1297591 - [backport] Fix some uses of installed files in the test suite 1313457 - krb5 selinux patch leaks memory 1314493 - Skip unnecessary mech calls in gss_inquire_cred 1319616 - CVE-2016-3119 krb5: null pointer dereference in kadmin 1340304 - otp module incorrectly overwrites as_key 1349042 - Incorrect length calculation in libkrad 1361050 - CVE-2016-3120 krb5: S4U2Self KDC crash when anon is restricted 1363690 - ssh login permission denied when ldap/krb5 is enabled via authconfig 1364993 - MS-KKDCP with TLS SNI requires HTTP Host header 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: krb5-1.14.1-26.el7.src.rpm x86_64: krb5-debuginfo-1.14.1-26.el7.i686.rpm krb5-debuginfo-1.14.1-26.el7.x86_64.rpm krb5-libs-1.14.1-26.el7.i686.rpm krb5-libs-1.14.1-26.el7.x86_64.rpm krb5-pkinit-1.14.1-26.el7.x86_64.rpm krb5-workstation-1.14.1-26.el7.x86_64.rpm libkadm5-1.14.1-26.el7.i686.rpm libkadm5-1.14.1-26.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: krb5-debuginfo-1.14.1-26.el7.i686.rpm krb5-debuginfo-1.14.1-26.el7.x86_64.rpm krb5-devel-1.14.1-26.el7.i686.rpm krb5-devel-1.14.1-26.el7.x86_64.rpm krb5-server-1.14.1-26.el7.x86_64.rpm krb5-server-ldap-1.14.1-26.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: krb5-1.14.1-26.el7.src.rpm x86_64: krb5-debuginfo-1.14.1-26.el7.i686.rpm krb5-debuginfo-1.14.1-26.el7.x86_64.rpm krb5-libs-1.14.1-26.el7.i686.rpm krb5-libs-1.14.1-26.el7.x86_64.rpm krb5-pkinit-1.14.1-26.el7.x86_64.rpm krb5-workstation-1.14.1-26.el7.x86_64.rpm libkadm5-1.14.1-26.el7.i686.rpm libkadm5-1.14.1-26.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: krb5-debuginfo-1.14.1-26.el7.i686.rpm krb5-debuginfo-1.14.1-26.el7.x86_64.rpm krb5-devel-1.14.1-26.el7.i686.rpm krb5-devel-1.14.1-26.el7.x86_64.rpm krb5-server-1.14.1-26.el7.x86_64.rpm krb5-server-ldap-1.14.1-26.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: krb5-1.14.1-26.el7.src.rpm aarch64: krb5-debuginfo-1.14.1-26.el7.aarch64.rpm krb5-devel-1.14.1-26.el7.aarch64.rpm krb5-libs-1.14.1-26.el7.aarch64.rpm krb5-pkinit-1.14.1-26.el7.aarch64.rpm krb5-server-1.14.1-26.el7.aarch64.rpm krb5-server-ldap-1.14.1-26.el7.aarch64.rpm krb5-workstation-1.14.1-26.el7.aarch64.rpm libkadm5-1.14.1-26.el7.aarch64.rpm ppc64: krb5-debuginfo-1.14.1-26.el7.ppc.rpm krb5-debuginfo-1.14.1-26.el7.ppc64.rpm krb5-devel-1.14.1-26.el7.ppc.rpm krb5-devel-1.14.1-26.el7.ppc64.rpm krb5-libs-1.14.1-26.el7.ppc.rpm krb5-libs-1.14.1-26.el7.ppc64.rpm krb5-pkinit-1.14.1-26.el7.ppc64.rpm krb5-server-1.14.1-26.el7.ppc64.rpm krb5-server-ldap-1.14.1-26.el7.ppc64.rpm krb5-workstation-1.14.1-26.el7.ppc64.rpm libkadm5-1.14.1-26.el7.ppc.rpm libkadm5-1.14.1-26.el7.ppc64.rpm ppc64le: krb5-debuginfo-1.14.1-26.el7.ppc64le.rpm krb5-devel-1.14.1-26.el7.ppc64le.rpm krb5-libs-1.14.1-26.el7.ppc64le.rpm krb5-pkinit-1.14.1-26.el7.ppc64le.rpm krb5-server-1.14.1-26.el7.ppc64le.rpm krb5-server-ldap-1.14.1-26.el7.ppc64le.rpm krb5-workstation-1.14.1-26.el7.ppc64le.rpm libkadm5-1.14.1-26.el7.ppc64le.rpm s390x: krb5-debuginfo-1.14.1-26.el7.s390.rpm krb5-debuginfo-1.14.1-26.el7.s390x.rpm krb5-devel-1.14.1-26.el7.s390.rpm krb5-devel-1.14.1-26.el7.s390x.rpm krb5-libs-1.14.1-26.el7.s390.rpm krb5-libs-1.14.1-26.el7.s390x.rpm krb5-pkinit-1.14.1-26.el7.s390x.rpm krb5-server-1.14.1-26.el7.s390x.rpm krb5-server-ldap-1.14.1-26.el7.s390x.rpm krb5-workstation-1.14.1-26.el7.s390x.rpm libkadm5-1.14.1-26.el7.s390.rpm libkadm5-1.14.1-26.el7.s390x.rpm x86_64: krb5-debuginfo-1.14.1-26.el7.i686.rpm krb5-debuginfo-1.14.1-26.el7.x86_64.rpm krb5-devel-1.14.1-26.el7.i686.rpm krb5-devel-1.14.1-26.el7.x86_64.rpm krb5-libs-1.14.1-26.el7.i686.rpm krb5-libs-1.14.1-26.el7.x86_64.rpm krb5-pkinit-1.14.1-26.el7.x86_64.rpm krb5-server-1.14.1-26.el7.x86_64.rpm krb5-server-ldap-1.14.1-26.el7.x86_64.rpm krb5-workstation-1.14.1-26.el7.x86_64.rpm libkadm5-1.14.1-26.el7.i686.rpm libkadm5-1.14.1-26.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: krb5-1.14.1-26.el7.src.rpm x86_64: krb5-debuginfo-1.14.1-26.el7.i686.rpm krb5-debuginfo-1.14.1-26.el7.x86_64.rpm krb5-devel-1.14.1-26.el7.i686.rpm krb5-devel-1.14.1-26.el7.x86_64.rpm krb5-libs-1.14.1-26.el7.i686.rpm krb5-libs-1.14.1-26.el7.x86_64.rpm krb5-pkinit-1.14.1-26.el7.x86_64.rpm krb5-server-1.14.1-26.el7.x86_64.rpm krb5-server-ldap-1.14.1-26.el7.x86_64.rpm krb5-workstation-1.14.1-26.el7.x86_64.rpm libkadm5-1.14.1-26.el7.i686.rpm libkadm5-1.14.1-26.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3119 https://access.redhat.com/security/cve/CVE-2016-3120 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYGvx5XlSAg2UNWIIRAtn9AKCzh2AG4sbXP0rFyreW+sckElGIOwCfTpxf WDRdPzykDNjqeMMinr7XmWM= =Uv3r -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce