Novell Kerberos KDC 1.5-41

This document (5069140) is provided subject to the disclaimer at the end of this document.

patches this patch supersedes

This patch does not supersede any other patches.

patches that supersede this patch

This patch is not superseded by any other patches.

patch attributes

Architecture: x86

Security patch: Yes

Priority: Mandatory

Distribution Type: Public

http://download.novell.com/Download?buildid=i9_BmLPleO0~

document

Revision: 3

Document ID: 5069140

Creation Date: 2010-02-16 18:58:36

Modified Date: 2010-02-19 15:44:58

abstract

This patch is an update to Kerberos 1.5 that shipped prior to OES 2. This is only for standalone installations.

Platforms: Linux.

NOTE: DO NOT INSTALL THIS UPDATE ON AN OES LINUX SERVER!!!!
THE OES CHANNEL MUST BE USED TO UPDATE NMAS FOR OES SERVERS!!!!

The readme and platform install docs have been moved online. Please refer to this online document for the latest updated information for this patch.

File: kerberos-1.5.zip
MD5SUM: 3e184bb4a22d3cb3aeb0d5906db9dd8f

details

ISSUES RESOLVED
- Security vulnerability in the crypto library of MIT Kerberos (Bug 567198) (CVE-2009-4212) (MITKRB5-SA-2009-004)
TID 7002100: http://www.novell.com/support/viewContent.do?externalId=7003100

To resolve this defect as reported by MIT Kerberos both Kerberos and the GSSAPI method must be updated.
Kerberos 1.5: http://download.novell.com/Download?buildid=i9_BmLPleO0~
GSSAPI method: http://download.novell.com/Download?buildid=9Ddu8DuN63Q~

LINUX INSTALLATION

32-Bit eDirectory :
1.Log in as a user with root privileges on the host.
2.Stop NDSD.
/etc/init.d/ndsd stop
3.Remove the older versions of the packages novell-kerberos-base and novell-kerberos-ldap-extensions.
rpm -e --nodeps novell-kerberos-base \
novell-kerberos-ldap-extensions
4.Install the new rpms for 32-bit Linux, from linux32 folder.
rpm -ivh novell-kerberos-base-1.5-41.i586.rpm \
novell-kerberos-ldap-extensions-1.5-41.i586.rpm
5.Start NDSD.
/etc/init.d/ndsd start

64-Bit eDirectory:
1.Log in as a user with root privileges on the host.
2.Stop NDSD.
/etc/init.d/ndsd stop
3.Remove the older versions of the packages novell-kerberos-base and novell-kerberos-ldap-extensions.
rpm -e --nodeps novell-kerberos-base \
novell-kerberos-ldap-extensions
4.Install the new rpms for 64-bit Linux, from linux64 folder.
rpm -ivh novell-kerberos-base-1.5-41.x86_64.rpm \
novell-kerberos-ldap-extensions-1.5-41.x86_64.rpm
5.Start NDSD.
/etc/init.d/ndsd start

security fixes

CVE-2009-4212
MITKRB5-SA-2009-004

file contents

Files Included	Size	Date
kerberos-1.5.zip	1.2 MB (1271558)	2010-02-16 18:26:13
readme_5069140.html	N/A	2010-02-19 15:44:59

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.