Articles / Ubuntu: New Kerberos packag…

Ubuntu: New Kerberos packages fix security vulnerabilities

Felipe Ortega discovered that kadmind did not correctly handle password changing error conditions. An unauthenticated remote attacker could exploit this to crash kadmind, leading to a denial of service. Updated packages are available from security.ubuntu.com.

==========================================================================
Ubuntu Security Notice USN-1116-1
April 19, 2011

krb5 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10

Summary:

An unauthenticated remote user could crash the Kerberos service.

Software Description:
- krb5: MIT Kerberos services

Details:

Felipe Ortega discovered that kadmind did not correctly handle password
changing error conditions. An unauthenticated remote attacker could exploit
this to crash kadmind, leading to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.10:
 krb5-admin-server               1.8.1+dfsg-5ubuntu0.7

Ubuntu 10.04 LTS:
 krb5-admin-server               1.8.1+dfsg-2ubuntu0.9

Ubuntu 9.10:
 krb5-admin-server               1.7dfsg~beta3-1ubuntu0.13

In general, a standard system update will make all the necessary changes.

References:
 CVE-2011-0285

Package Information:
 https://launchpad.net/ubuntu/+source/krb5/1.8.1+dfsg-5ubuntu0.7
 https://launchpad.net/ubuntu/+source/krb5/1.8.1+dfsg-2ubuntu0.9
 https://launchpad.net/ubuntu/+source/krb5/1.7dfsg~beta3-1ubuntu0.13
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.