[SECURITY] [DSA 269-1] New heimdal packages fix authentication failure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 269-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze March 26th, 2003http://www.debian.org/security/faq - -- Package: heimdal Vulnerability : Cryptographic weakness Problem-Type : remote Debian-specific: no CVE Id : CAN-2003-0138 CERT advisory : VU#623217 A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate any principal in a realm. Additional cryptographic weaknesses in the krb4 implementation permit the use of cut-and-paste attacks to fabricate krb4 tickets for unauthorized client principals if triple-DES keys are used to key krb4 services. These attacks can subvert a site's entire Kerberos authentication infrastructure. This version of the heimdal package changes the default behavior and disallows cross-realm authentication for Kerberos version 4. Because of the fundamental nature of the problem, cross-realm authentication in Kerberos version 4 cannot be made secure and sites should avoid its use. A new option (--kerberos4-cross-realm) is provided to the kdc command to re-enable version 4 cross-realm authentication for those sites that must use this functionality but desire the other security fixes. For the stable distribution (woody) this problem has been fixed in version 0.4e-7.woody.6 The old stable distribution (potato) is not affected by this problem, since it isn't compiled against kerberos 4. For the unstable distribution (sid) this problem has been fixed in version 0.5.2-1. We recommend that you upgrade your heimdal packages imediately. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.4e-7.woody.6.dsc Size/MD5 checksum: 1063 f925f5c81bef908a62366670f311511e http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.4e-7.woody.6.diff.gz Size/MD5 checksum: 1278560 ea0268363a4b9a986fc731ac64367948 http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.4e.orig.tar.gz Size/MD5 checksum: 2885718 1d27b06ec2f818f5b4ae2b90ca0e9cb8 Architecture independent components: http://security.debian.org/pool/updates/main/h/heimdal/heimdal-docs_0.4e-7.woody.6_all.deb Size/MD5 checksum: 1055480 e22766e034934ac5b6664468d1bd39c4 http://security.debian.org/pool/updates/main/h/heimdal/heimdal-lib_0.4e-7.woody.6_all.deb Size/MD5 checksum:19456 3be2de9ba824fd90ec6f0df606e9d716 Alpha architecture: http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.6_alpha.deb Size/MD5 checksum: 274250 38719c545872e901bd7eeb9dad9d0b80 http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.6_alpha.deb Size/MD5 checksum:60170 f5476c57a24af3c4ef9124bdc7908178 http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.6_alpha.deb Size/MD5 checksum: 572102 a407490c744a95276ff8863672c44dbb http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.6_alpha.deb Size/MD5 checksum: 132516 bac7e612f0d73d341a2a1fa5364051ae http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.6_alpha.deb Size/MD5 checksum: 180996 554ac920d68041805185a036b9013e9c http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.6_alpha.deb Size/MD5 checksum:39004 2795b39db81ef82f66d98ffc37a15466 http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.6_alpha.deb Size/MD5 checksum:64542 699a4851fb0380eece24913650cc72ba http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.6_alpha.deb Size/MD5 checksum:23036 5502e63afbb41f53707344f59901b5f7 http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.6_alpha.deb Size/MD5 checksum:42446 270c023c95cadd077bd2255c4b25a7b4 http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.6_alpha.deb Size/MD5 checksum:40994 4d6d2e9b23beacf3d8c1c4395ac5e16c
[SECURITY] [DSA 270-1] New Linux kernel packages (mips + mipsel) fix local root exploit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 270-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze March 27sh, 2003http://www.debian.org/security/faq - -- Packages : kernel-patch-2.4.17-mips, kernel-patch-2.4.19-mips Vulnerability : local privilege escalation Problem-Type : local Debian-specific: no CVE Id : CAN-2003-0127 The kernel module loader in Linux 2.2 and Linux 2.4 kernels has a flaw in ptrace. This hole allows local users to obtain root privileges by using ptrace to attach to a child process that is spawned by the kernel. Remote exploitation of this hole is not possible. This advisory only covers kernel packages for the big and little endian MIPS architectures. Other architectures will be covered by separate advisories. For the stable distribution (woody) this problem has been fixed in version 2.4.17-0.020226.2.woody1 of kernel-patch-2.4.17-mips (mips+mipsel) and in version 2.4.19-0.020911.1.woody1 of kernel-patch-2.4.19-mips (mips only). The old stable distribution (potato) is not affected by this problem for these architectures since mips and mipsel were first released with Debian GNU/Linux 3.0 (woody). For the unstable distribution (sid) this problem has been fixed in version 2.4.19-0.020911.6 of kernel-patch-2.4.19-mips (mips+mipsel). We recommend that you upgrade your kernel-images packages immediately. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody1.dsc Size/MD5 checksum: 786 937c32a962c27f9461a10d4d2c98c350 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody1.tar.gz Size/MD5 checksum: 1140097 e26c4406aa52e77b00df972335fdbb71 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody1.dsc Size/MD5 checksum: 832 4e431992276bcd65d34bd07b86784200 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody1.tar.gz Size/MD5 checksum: 1035256 cd2e9213d798552a7ebc550903e45bf9 Architecture independent components: http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody1_all.deb Size/MD5 checksum: 1142510 b1c1c6d93281938651b91c0caa85b818 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody1_all.deb Size/MD5 checksum: 1036948 8de25b980c15831460c844a535b76e3a Big endian MIPS architecture: http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody1_mips.deb Size/MD5 checksum: 3494700 3ebb5ff6d044f808b500dfb0f5beccad http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-ip22_2.4.17-0.020226.2.woody1_mips.deb Size/MD5 checksum: 2038950 baae9c9e139d2b5ef035f01adea32171 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r5k-ip22_2.4.17-0.020226.2.woody1_mips.deb Size/MD5 checksum: 2039084 5bb6ad7c4207a6f351612fd4e330a337 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-headers-2.4.19_2.4.19-0.020911.1.woody1_mips.deb Size/MD5 checksum: 3897722 8d096cf0e9286e175127dfb1763bfcd2 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r4k-ip22_2.4.19-0.020911.1.woody1_mips.deb Size/MD5 checksum: 2072292 3f49ce11a63309465f1ee5c31b54a1c4 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r5k-ip22_2.4.19-0.020911.1.woody1_mips.deb Size/MD5 checksum: 2072926 b4ac7b3f74a392c4f7482eb590eadcb2 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/mips-tools_2.4.19-0.020911.1.woody1_mips.deb Size/MD5 checksum:12418 ec83e5bf008c27285768faffcbbd8534 Little endian MIPS architecture:
