Synopsis: Moderate: pam_krb5/krb5 security update Issue date: 2008-10-02 CVE Names: CVE-2008-3825 pam_krb5 address the following security issue: A flaw was found in the pam_krb5 "existing_ticket" configuration option. If a system is configured to use an existing credential cache via the "existing_ticket" option, it may be possible for a local user to gain elevated privileges by using a different, local user's credential cache. (CVE-2008-3825) krb5 address the following bug: * In cases where a server application began to sequentially iterate through the contents of a keytab file, if it paused to call certain functions such as krb5_rd_req() which encountered errors, a subsequent call to the krb5_kt_next_entry() function could cause the calling application to crash. The issue has been rectified and updated within these packages so that a call to the krb5_kt_next_entry() function will not crash the calling application. SL 5.x SRPMS: pam_krb5-2.2.14-1.el5_2.1.src.rpm krb5-1.6.1-25.el5_2.1.src.rpm i386: pam_krb5-2.2.14-1.el5_2.1.i386.rpm krb5-devel-1.6.1-25.el5_2.1.i386.rpm krb5-libs-1.6.1-25.el5_2.1.i386.rpm krb5-server-1.6.1-25.el5_2.1.i386.rpm krb5-workstation-1.6.1-25.el5_2.1.i386.rpm x86_64: pam_krb5-2.2.14-1.el5_2.1.i386.rpm pam_krb5-2.2.14-1.el5_2.1.x86_64.rpm krb5-devel-1.6.1-25.el5_2.1.i386.rpm krb5-devel-1.6.1-25.el5_2.1.x86_64.rpm krb5-libs-1.6.1-25.el5_2.1.i386.rpm krb5-libs-1.6.1-25.el5_2.1.x86_64.rpm krb5-server-1.6.1-25.el5_2.1.x86_64.rpm krb5-workstation-1.6.1-25.el5_2.1.x86_64.rpm -Connie Sieh -Troy Dawson