Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Numerous Kerberos Vulnerabilities Have Been Fixed in All Ubuntu OSes

  • Please log in to reply
1 reply to this topic

#1 Dazzzler


  • Banned Spammer
  • 45 posts
  • Gender:Male
  • Local time:12:50 PM

Posted 13 November 2015 - 09:14 PM

Canonical published details in a security notice about a number of Kerberos vulnerabilities that have been found and fixed in Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems.
The Ubuntu maintainers for this utility have released a new update for the Kerberos package (MIT Kerberos Network Authentication Protocol), and users should really take this opportunity and upgrade the system.

According to the security notice, "It was discovered that the Kerberos kdcpreauth modules incorrectly tracked certain client requests. A remote attacker could possibly use this issue to bypass intended preauthentication requirements. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04."

This is just one of the problems that have been fixed. For a more detailed description of the vulnerabilities, you can see Canonical's security notification. Users should upgrade their Linux distribution in order to correct this issue.


BC AdBot (Login to Remove)


#2 NickAu


    Bleepin' Fish Doctor

  • Moderator
  • 13,854 posts
  • Gender:Male
  • Location: Australia
  • Local time:06:20 PM

Posted 13 November 2015 - 09:27 PM


Users should upgrade their Linux distribution in order to correct this issue.


To upgrade open terminal and type.

sudo apt-get update
sudo apt-get dist-upgrade
    upgrade is used to install the newest versions of all packages
    currently installed on the system from the sources enumerated in
    /etc/apt/sources.list. Packages currently installed with new
    versions available are retrieved and upgraded; under no
    circumstances are currently installed packages removed, or packages
    not already installed retrieved and installed. New versions of
    currently installed packages that cannot be upgraded without
    changing the install status of another package will be left at
    their current version. An update must be performed first so that
    apt-get knows that new versions of packages are available.

    dist-upgrade in addition to performing the function of upgrade,
    also intelligently handles changing dependencies with new versions
    of packages; apt-get has a "smart" conflict resolution system, and
    it will attempt to upgrade the most important packages at the
    expense of less important ones if necessary. So, dist-upgrade
    command may remove some packages. The /etc/apt/sources.list file
    contains a list of locations from which to retrieve desired package
    files. See also apt_preferences(5) for a mechanism for overriding
    the general settings for individual packages.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users