SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for krb5-devel-1.9.1-24.3.test.1.i586.rpm :

* Mon Nov 21 2011 mcAATTsuse.de- fix KDC null pointer dereference in TGS handling (MITKRB5-SA-2011-007, bnc#730393) CVE-2011-1530
* Mon Nov 21 2011 mcAATTsuse.de- fix KDC HA feature introduced with implementing KDC poll (RT#6951, bnc#731648)
* Fri Nov 18 2011 rhaferAATTsuse.de- fix minor error messages for the IAKERB GSSAPI mechanism (see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7020)
* Mon Oct 17 2011 mcAATTsuse.de- fix kdc remote denial of service (MITKRB5-SA-2011-006, bnc#719393) CVE-2011-1527, CVE-2011-1528, CVE-2011-1529
* Tue Aug 23 2011 mcAATTsuse.de- use --without-pam to build krb5-mini
* Sun Aug 21 2011 mcAATTnovell.com- add patches from Fedora and upstream- fix init scripts (bnc#689006)
* Fri Aug 19 2011 mcAATTnovell.com- update to version 1.9.1
* obsolete patches: MITKRB5-SA-2010-007-1.8.dif krb5-1.8-MITKRB5-SA-2010-006.dif krb5-1.8-MITKRB5-SA-2011-001.dif krb5-1.8-MITKRB5-SA-2011-002.dif krb5-1.8-MITKRB5-SA-2011-003.dif krb5-1.8-MITKRB5-SA-2011-004.dif krb5-1.4.3-enospc.dif
* replace krb5-1.6.1-compile_pie.dif
* Thu Apr 14 2011 mcAATTsuse.de- fix kadmind invalid pointer free() (MITKRB5-SA-2011-004, bnc#687469) CVE-2011-0285
* Tue Mar 01 2011 mcAATTsuse.de- Fix vulnerability to a double-free condition in KDC daemon (MITKRB5-SA-2011-003, bnc#671717) CVE-2011-0284
* Wed Jan 19 2011 mcAATTsuse.de- Fix kpropd denial of service (MITKRB5-SA-2011-001, bnc#662665) CVE-2010-4022- Fix KDC denial of service attacks with LDAP back end (MITKRB5-SA-2011-002, bnc#663619) CVE-2011-0281, CVE-2011-0282
* Wed Dec 01 2010 mcAATTsuse.de- Fix multiple checksum handling vulnerabilities (MITKRB5-SA-2010-007, bnc#650650) CVE-2010-1324
* krb5 GSS-API applications may accept unkeyed checksums
* krb5 application services may accept unkeyed PAC checksums
* krb5 KDC may accept low-entropy KrbFastArmoredReq checksums CVE-2010-1323
* krb5 clients may accept unkeyed SAM-2 challenge checksums
* krb5 may accept KRB-SAFE checksums with low-entropy derived keys CVE-2010-4020
* krb5 may accept authdata checksums with low-entropy derived keys CVE-2010-4021
* krb5 KDC may issue unrequested tickets due to KrbFastReq forgery
* Thu Oct 28 2010 mcAATTsuse.de- fix csh profile (bnc#649856)
* Fri Oct 22 2010 mcAATTsuse.de- update to krb5-1.8.3
* remove patches which are now upstrem - krb5-1.7-MITKRB5-SA-2010-004.dif - krb5-1.8.1-gssapi-error-table.dif - krb5-MITKRB5-SA-2010-005.dif
* Fri Oct 22 2010 mcAATTsuse.de- change environment variable PATH directly for csh (bnc#642080)
* Mon Sep 27 2010 mcAATTsuse.de- fix a dereference of an uninitialized pointer while processing authorization data. CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990)
* Mon Jun 21 2010 lchiquittoAATTnovell.com- add correct error table when initializing gss-krb5 (bnc#606584, bnc#608295)
* Wed May 19 2010 mcAATTsuse.de- fix GSS-API library null pointer dereference CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826)
* Wed Apr 14 2010 mcAATTsuse.de- fix a double free vulnerability in the KDC CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002)
* Fri Apr 09 2010 mcAATTsuse.de- update to version 1.8.1
* include krb5-1.8-POST.dif
* include MITKRB5-SA-2010-002
* Tue Apr 06 2010 mcAATTsuse.de- update krb5-1.8-POST.dif
* Tue Mar 23 2010 mcAATTsuse.de- fix a bug where an unauthenticated remote attacker could cause a GSS-API application including the Kerberos administration daemon (kadmind) to crash. CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557)
* Tue Mar 23 2010 mcAATTsuse.de- add post 1.8 fixes
* Add IPv6 support to changepw.c
* fix two problems in kadm5_get_principal mask handling
* Ignore improperly encoded signedpath AD elements
* handle NT_SRV_INST in service principal referrals
* dereference options while checking KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT
* Fix the kpasswd fallback from the ccache principal name
* Document the ticket_lifetime libdefaults setting
* Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512
* Thu Mar 04 2010 mcAATTsuse.de- update to version 1.8
* Increase code quality
* Move toward improved KDB interface
* Investigate and remedy repeatedly-reported performance bottlenecks.
* Reduce DNS dependence by implementing an interface that allows client library to track whether a KDC supports service principal referrals.
* Disable DES by default
* Account lockout for repeated login failures
* Bridge layer to allow Heimdal HDB modules to act as KDB backend modules
* FAST enhancements
* Microsoft Services for User (S4U) compatibility
* Anonymous PKINIT- fix KDC denial of service CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781)- fix KDC denial of service in cross-realm referral processing CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347)- fix integer underflow in AES and RC4 decryption CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)- moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl
* Mon Dec 14 2009 jengelhAATTmedozas.de- add baselibs.conf as a source
* Fri Nov 13 2009 mcAATTsuse.de- enhance \'$PATH\' only if the directories are available and not empty (bnc#544949)
* Sun Jul 12 2009 cooloAATTnovell.com- readd lost baselibs.conf
* Wed Jun 03 2009 mcAATTsuse.de- update to final 1.7 release
* Wed May 13 2009 mcAATTsuse.de- update to version 1.7 Beta2
* Incremental propagation support for the KDC database.
* Flexible Authentication Secure Tunneling (FAST), a preauthentiation framework that can protect the AS exchange from dictionary attack.
* Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which allows a GSS application to request credential delegation only if permitted by KDC policy.
* Fix CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 -- various vulnerabilities in SPNEGO and ASN.1 code.
  
ICM