SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for krb5-devel-1.8.3-63.1.i586.rpm :
Fri Jun 28 14:00:00 2013 johann.luceAATTwanadoo.fr
- fix a kpasswd UDP ping-pong security bug (CVE-2002-2443) with
CVE-2002-2443.patch

Mon Apr 22 14:00:00 2013 mcAATTsuse.de
- fix prep_reprocess_req NULL pointer deref
CVE-2013-1416 (bnc#816413)
bug-816413-CVE-2013-1416-prep_reprocess_req-NULL-ptr-deref.dif

Fri Mar 22 13:00:00 2013 wrAATTrosenauer.org
- fix PKINIT null pointer deref
CVE-2013-1415 (bnc#806715)
bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif

Wed Aug 1 14:00:00 2012 mcAATTsuse.de
- fix potentially execute code flaws
CVE-2012-1015 (bnc#770172)

Mon Jun 18 14:00:00 2012 mcAATTsuse.de
- fix kadmind denial of service via null pointer dereference
CVE-2012-1013 (bnc#765485)

Mon Oct 17 14:00:00 2011 mcAATTsuse.de
- fix kdc remote denial of service
(MITKRB5-SA-2011-006, bnc#719393)
CVE-2011-1528, CVE-2011-1529

Thu Apr 14 14:00:00 2011 mcAATTsuse.de
- fix kadmind invalid pointer free()
(MITKRB5-SA-2011-004, bnc#687469)
CVE-2011-0285

Mon Mar 14 13:00:00 2011 mcAATTsuse.de
- Fix vulnerability to a double-free condition in KDC daemon
(MITKRB5-SA-2011-003, bnc#671717)
CVE-2011-0284

Wed Jan 19 13:00:00 2011 mcAATTsuse.de
- Fix kpropd denial of service
(MITKRB5-SA-2011-001, bnc#662665)
CVE-2010-4022
- Fix KDC denial of service attacks with LDAP back end
(MITKRB5-SA-2011-002, bnc#663619)
CVE-2011-0281, CVE-2011-0282

Wed Dec 1 13:00:00 2010 mcAATTsuse.de
- Fix multiple checksum handling vulnerabilities
(MITKRB5-SA-2010-007, bnc#650650)
CVE-2010-1324

* krb5 GSS-API applications may accept unkeyed checksums

* krb5 application services may accept unkeyed PAC checksums

* krb5 KDC may accept low-entropy KrbFastArmoredReq checksums
CVE-2010-1323

* krb5 clients may accept unkeyed SAM-2 challenge checksums

* krb5 may accept KRB-SAFE checksums with low-entropy derived keys
CVE-2010-4020

* krb5 may accept authdata checksums with low-entropy derived keys
CVE-2010-4021

* krb5 KDC may issue unrequested tickets due to KrbFastReq forgery

Thu Oct 28 14:00:00 2010 mcAATTsuse.de
- fix csh profile (bnc#649856)

Fri Oct 22 14:00:00 2010 mcAATTsuse.de
- update to krb5-1.8.3

* remove patches which are now upstrem
- krb5-1.7-MITKRB5-SA-2010-004.dif
- krb5-1.8.1-gssapi-error-table.dif
- krb5-MITKRB5-SA-2010-005.dif

Fri Oct 22 14:00:00 2010 mcAATTsuse.de
- change environment variable PATH directly for csh
(bnc#642080)

Mon Sep 27 14:00:00 2010 mcAATTsuse.de
- fix a dereference of an uninitialized pointer while processing
authorization data.
CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990)

Mon Jun 21 14:00:00 2010 lchiquittoAATTnovell.com
- add correct error table when initializing gss-krb5 (bnc#606584,
bnc#608295)

Wed May 19 14:00:00 2010 mcAATTsuse.de
- fix GSS-API library null pointer dereference
CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826)

Wed Apr 14 14:00:00 2010 mcAATTsuse.de
- fix a double free vulnerability in the KDC
CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002)

Fri Apr 9 14:00:00 2010 mcAATTsuse.de
- update to version 1.8.1

* include krb5-1.8-POST.dif

* include MITKRB5-SA-2010-002

Tue Apr 6 14:00:00 2010 mcAATTsuse.de
- update krb5-1.8-POST.dif

Tue Mar 23 13:00:00 2010 mcAATTsuse.de
- fix a bug where an unauthenticated remote attacker could cause
a GSS-API application including the Kerberos administration
daemon (kadmind) to crash.
CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557)

Tue Mar 23 13:00:00 2010 mcAATTsuse.de
- add post 1.8 fixes

* Add IPv6 support to changepw.c

* fix two problems in kadm5_get_principal mask handling

* Ignore improperly encoded signedpath AD elements

* handle NT_SRV_INST in service principal referrals

* dereference options while checking
KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT

* Fix the kpasswd fallback from the ccache principal name

* Document the ticket_lifetime libdefaults setting

* Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512

Thu Mar 4 13:00:00 2010 mcAATTsuse.de
- update to version 1.8

* Increase code quality

* Move toward improved KDB interface

* Investigate and remedy repeatedly-reported performance
bottlenecks.

* Reduce DNS dependence by implementing an interface that allows
client library to track whether a KDC supports service
principal referrals.

* Disable DES by default

* Account lockout for repeated login failures

* Bridge layer to allow Heimdal HDB modules to act as KDB
backend modules

* FAST enhancements

* Microsoft Services for User (S4U) compatibility

* Anonymous PKINIT
- fix KDC denial of service
CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781)
- fix KDC denial of service in cross-realm referral processing
CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347)
- fix integer underflow in AES and RC4 decryption
CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)
- moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl

Mon Dec 14 13:00:00 2009 jengelhAATTmedozas.de
- add baselibs.conf as a source

Fri Nov 13 13:00:00 2009 mcAATTsuse.de
- enhance \'$PATH\' only if the directories are available
and not empty (bnc#544949)

Sun Jul 12 14:00:00 2009 cooloAATTnovell.com
- readd lost baselibs.conf

Wed Jun 3 14:00:00 2009 mcAATTsuse.de
- update to final 1.7 release

Wed May 13 14:00:00 2009 mcAATTsuse.de
- update to version 1.7 Beta2

* Incremental propagation support for the KDC database.

* Flexible Authentication Secure Tunneling (FAST), a preauthentiation
framework that can protect the AS exchange from dictionary attack.

* Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which
allows a GSS application to request credential delegation only if
permitted by KDC policy.

* Fix CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 --
various vulnerabilities in SPNEGO and ASN.1 code.


 
ICM