SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for krb5-devel-32bit-1.6.3-132.11.1.x86_64.rpm :
Tue Jan 17 13:00:00 2012 lijewski.stefanAATTzabka.pl
- Fixed a remote code execution in ktelnetd (CVE-2011-4862 / bnc#738632)

Mon Feb 14 13:00:00 2011 wrAATTrosenauer.org
- fix KDC denial of service attacks with LDAP back end
(MITKRB5-SA-2011-002, bnc#663619)
CVE-2011-0281, CVE-2011-0282

Wed Dec 1 13:00:00 2010 mcAATTsuse.de
- Fix multiple checksum handling vulnerabilities
(MITKRB5-SA-2010-007, bnc#650650)
CVE-2010-1323

* krb5 clients may accept unkeyed SAM-2 challenge checksums

* krb5 may accept KRB-SAFE checksums with low-entropy derived keys

Fri Apr 23 14:00:00 2010 mcAATTsuse.de
- fix GSS-API library null pointer dereference
CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826)

Thu Mar 25 13:00:00 2010 mcAATTsuse.de
- fix kadmind denial of service (bnc#591049)
CVE-2010-0629

Tue Dec 8 13:00:00 2009 mcAATTsuse.de
- fix integer underflow in AES and RC4 decryption
CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)

Fri Apr 3 14:00:00 2009 mcAATTsuse.de
- integrate new patches for CVE-2009-0844 and CVE-2009-0845
(bnc#486722)

Thu Mar 19 13:00:00 2009 mcAATTsuse.de
- more Kerberos denial of service issue fixed (bnc#486722)
CVE-2009-0844, CVE-2009-0847
(integrate krb5-1.6-fix-DoS-CVE-2009-0845.dif into
krb5-1.6-MITKRB5-SA-2009-001.dif)
- fix krb5 code exec (bnc#486723)
CVE-2009-0846

Tue Mar 17 13:00:00 2009 mcAATTsuse.de
- fix Kerberos denial of service issue (bnc#485894)
CVE-2009-0845

Wed Jan 14 13:00:00 2009 olhAATTsuse.de
- obsolete also old heimdal-lib-XXbit and heimdal-devel-XXbit

Thu Dec 11 13:00:00 2008 mcAATTsuse.de
- do not query IPv6 addresses if no IPv6 address exists on this host
[bnc#449143]

Wed Dec 10 13:00:00 2008 olhAATTsuse.de
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
(bnc#437293)

Thu Oct 30 13:00:00 2008 olhAATTsuse.de
- obsolete old -XXbit packages (bnc#437293)

Fri Sep 26 14:00:00 2008 mcAATTsuse.de
- in case we use ldap as database backend, ldap should be
started before krb5kdc

Mon Jul 28 14:00:00 2008 mcAATTsuse.de
- add new fixes to post 1.6.3 patch

* fix mem leak in krb5_gss_accept_sec_context()

* keep minor_status

* kadm5_decrypt_key: A ktype of -1 is documented as meaning
\"to be ignored\"

* Reject socket fds > FD_SETSIZE

Fri Jul 25 14:00:00 2008 mcAATTsuse.de
- add patches from SVN post 1.6.3

* krb5_string_to_keysalts: Fix an infinite loop

* fix some mutex issues

* better recovery from corrupt rcache files

* some more small fixes

Wed Jun 18 14:00:00 2008 mcAATTsuse.de
- add case-insensitive.dif (FATE#300771)
- minor fixes for ktutil man page
- reduce rpmlint warnings

Wed May 14 14:00:00 2008 mcAATTsuse.de
- Fall back to TCP on kdc-unresolvable/unreachable errors.
- restore valid sequence number before generating requests
(fix changing passwords in mixed ipv4/ipv6 enviroments)

Thu Apr 10 14:00:00 2008 roAATTsuse.de
- added baselibs.conf file to build xxbit packages
for multilib support

Wed Apr 9 14:00:00 2008 mcAATTsuse.de
- modify krb5-config to not output rpath and cflags in --libs
(bnc#378270)

Fri Mar 14 13:00:00 2008 mcAATTsuse.de
- fix two security bugs:

* MITKRB5-SA-2008-001(CVE-2008-0062, CVE-2008-0063)
fix double free [bnc#361373]

* MITKRB5-SA-2008-002(CVE-2008-0947, CVE-2008-0948)
Memory corruption while too many open file descriptors
[bnc#363151]
- change default config file. Comment out the examples.

Fri Dec 14 13:00:00 2007 mcAATTsuse.de
- fix several security bugs:

* CVE-2007-5894 apparent uninit length

* CVE-2007-5902 integer overflow

* CVE-2007-5971 free of non-heap pointer and double-free

* CVE-2007-5972 double fclose()
[#346745, #346748, #346746, #346749, #346747]

Tue Dec 4 13:00:00 2007 mcAATTsuse.de
- improve GSSAPI error messages

Tue Nov 6 13:00:00 2007 mcAATTsuse.de
- add coreutils to PreReq

Tue Oct 23 14:00:00 2007 mcAATTsuse.de
- update to krb5 version 1.6.3

* fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow

* fix CVE-2007-4000 modify_policy vulnerability

* Add PKINIT support
- remove patches which are upstream now
- enhance init scripts and xinetd profiles

Fri Sep 14 14:00:00 2007 mcAATTsuse.de
- update krb5-1.6.2-post.dif

* If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that
that the client library will not failover to the next KDC.
[#310540]

Tue Sep 11 14:00:00 2007 mcAATTsuse.de
- update krb5-1.6.2-post.dif

* new -S sname option for kvno

* read_entropy_from_device on partial read will not fill buffer

* Bail out if encoded \"ticket\" doesn\'t decode correctly.

* patch for referrals loop

Thu Sep 6 14:00:00 2007 mcAATTsuse.de
- fix a problem with the originally published patch
for MITKRB5-SA-2007-006 - CVE-2007-3999
[#302377]

Wed Sep 5 14:00:00 2007 mcAATTsuse.de
- fix execute arbitrary code
(MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000)
[#302377]

Tue Aug 7 14:00:00 2007 mcAATTsuse.de
- add krb5-1.6.2-post.dif

* during the referrals loop, check to see if the
session key enctype of a returned credential for the final
service is among the enctypes explicitly selected by the
application, and retry with old_use_conf_ktypes if it is not.

* If mkstemp() is available, the new ccache file gets created but
the subsequent open(O_CREAT|O_EXCL) call fails because the file
was already created by mkstemp(). Apply patch from Apple to keep
the file descriptor open.

Thu Jul 12 14:00:00 2007 mcAATTsuse.de
- update to version 1.6.2
- remove krb5-1.6.1-post.dif all fixes are included in this release

Thu Jul 5 14:00:00 2007 mcAATTsuse.de
- change requires to libcom_err-devel

Mon Jul 2 14:00:00 2007 mcAATTsuse.de
- update krb5-1.6.1-post.dif

* fix leak in krb5_walk_realm_tree

* rd_req_decoded needs to deal with referral realms

* fix buffer overflow in kadmind
(MITKRB5-SA-2007-005 - CVE-2007-2798)
[#278689]

* fix kadmind code execution bug
(MITKRB5-SA-2007-004 - CVE-2007-2442 - CVE-2007-2443)
[#271191]

Thu Jun 14 14:00:00 2007 mcAATTsuse.de
- fix unstripped-binary-or-object rpmlint warning

Mon Jun 11 14:00:00 2007 sschoberAATTsuse.de
- fixing rpmlint warnings and errors:

* merged logrotate scripts kadmin and krb5kdc into a single file
krb5-server.

* moved heimdal2mit-DumpConvert.pl and simple_convert_krb5conf.pl
from /usr/share/doc/packages/krb5 to /usr/lib/mit/helper.
adapted krb5.spec and README.ConvertHeimdalMIT accordingly.

* added surpression filter for
\"devel-file-in-non-devel-package /usr/lib/libgssapi_krb5.so\"
(see [#147912]).

* set default runlevel of init scripts in chkconfig line to 3 and
5

Wed May 9 14:00:00 2007 mcAATTsuse.de
- fix uninitialized salt length
- add extra check for keytab file

Thu May 3 14:00:00 2007 mcAATTsuse.de
- adding krb5-1.6.1-post.dif

* fix segfault in krb5_get_init_creds_password

* remove debug output in ftp client

* profile stores empty string values without double quotes

Mon Apr 23 14:00:00 2007 mcAATTsuse.de
- update to final 1.6.1 version

Wed Apr 18 14:00:00 2007 mcAATTsuse.de
- add plugin directories to main package

Mon Apr 16 14:00:00 2007 mcAATTsuse.de
- update to version 1.6.1 Beta1
- remove obsolete patches
(krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
- rework compile_pie patch

Wed Apr 11 14:00:00 2007 mcAATTsuse.de
- update krb5-1.6-post.dif

* fix kadmind stack overflow in krb5_klog_syslog
(MITKRB5-SA-2007-002 - CVE-2007-0957)
[#253548]

* fix double free attack in the RPC library
(MITKRB5-SA-2007-003 - CVE-2007-1216)
[#252487]

* fix krb5 telnetd login injection
(MIT-SA-2007-001 - CVE-2007-0956)
[#247765]

Thu Mar 29 14:00:00 2007 mcAATTsuse.de
- add ncurses-devel and bison to BuildRequires
- rework some patches

Mon Mar 5 13:00:00 2007 mcAATTsuse.de
- move SuSEFirewall service definitions to
/etc/sysconfig/SuSEfirewall2.d/services

Thu Feb 22 13:00:00 2007 mcAATTsuse.de
- add firewall definition to krb5-server, FATE #300687

Mon Feb 19 13:00:00 2007 mcAATTsuse.de
- update krb5-1.6-post.dif
- move some applications into the right package

Fri Feb 9 13:00:00 2007 mcAATTsuse.de
- update krb5-1.6-post.dif

Mon Jan 29 13:00:00 2007 mcAATTsuse.de
- krb5-1.6-fix-passwd-tcp.dif and krb5-1.6-fix-sendto_kdc-memset.dif
are now upstream. Remove patches.
- fix leak in krb5_kt_resolve and krb5_kt_wresolve

Tue Jan 23 13:00:00 2007 mcAATTsuse.de
- fix \"local variable used before set\" in ftp.c
[#237684]

Mon Jan 22 13:00:00 2007 mcAATTsuse.de
- krb5-devel should require keyutils-devel

Mon Jan 22 13:00:00 2007 mcAATTsuse.de
- update to version 1.6

* Major changes in 1.6 include

* Partial client implementation to handle server name referrals.

* Pre-authentication plug-in framework, donated by Red Hat.

* LDAP KDB plug-in, donated by Novell.
- remove obsolete patches

Wed Jan 10 13:00:00 2007 mcAATTsuse.de
- fix for
kadmind (via RPC library) calls uninitialized function pointer
(CVE-2006-6143)(Bug #225990)
krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif
- fix for
kadmind (via GSS-API mechglue) frees uninitialized pointers
(CVE-2006-6144)(Bug #225992)
krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif

Tue Jan 2 13:00:00 2007 mcAATTsuse.de
- Fix Requires in krb5-devel
[Bug #231008]

Mon Nov 6 13:00:00 2006 mcAATTsuse.de
- fix \"local variable used before set\" [#217692]
- fix strncat warning

Fri Oct 27 14:00:00 2006 mcAATTsuse.de
- add a default kadm5.dict file
- require $network on daemon start

Wed Sep 13 14:00:00 2006 mcAATTsuse.de
- fix function call with too few arguments [#203837]

Thu Aug 24 14:00:00 2006 mcAATTsuse.de
- update to version 1.5.1
- remove obsolete patches which are now included upstream

* krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif

* trunk-fix-uninitialized-vars.dif

Fri Aug 11 14:00:00 2006 mcAATTsuse.de
- krb5 setuid return check fixes
krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
[#182351]

Mon Aug 7 14:00:00 2006 mcAATTsuse.de
- remove update-messages

Mon Jul 24 14:00:00 2006 mcAATTsuse.de
- add check for krb5_prop in services to kpropd init script.
[#192446]

Mon Jul 3 14:00:00 2006 mcAATTsuse.de
- update to version 1.5

* KDB abstraction layer, donated by Novell.

* plug-in architecture, allowing for extension modules to be
loaded at run-time.

* multi-mechanism GSS-API implementation (\"mechglue\"),
donated by Sun Microsystems

* Simple and Protected GSS-API negotiation mechanism (\"SPNEGO\")
implementation, donated by Sun Microsystems
- remove obsolete patches and add some new


 
ICM