SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for krb5-devel-1.10.2-3.20.1.x86_64.rpm :

* Fri Jun 21 2013 mcAATTsuse.de- fix kpasswd UDP ping-pong CVE-2002-2443 (bnc#825985)
* Mon Apr 22 2013 mcAATTsuse.de- fix prep_reprocess_req NULL pointer deref CVE-2013-1416 (bnc#816413) bug-816413-CVE-2013-1416-prep_reprocess_req-NULL-ptr-deref.dif
* Wed Mar 06 2013 mcAATTsuse.de- fix PKINIT null pointer deref in pkinit_check_kdc_pkid() CVE-2012-1016 (bnc#807556) bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif
* Mon Mar 04 2013 mcAATTsuse.de- fix PKINIT null pointer deref CVE-2013-1415 (bnc#806715) bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif
* Fri Feb 15 2013 mcAATTsuse.de- Fix krb5-send-pr (bnc#794784)
* Wed Aug 01 2012 mcAATTsuse.de- fix potentially execute code flaws CVE-2012-1015, CVE-2012-1014 (bnc#770172)
* Wed Jun 13 2012 cooloAATTsuse.com- fix %files section for krb5-mini
* Thu Jun 07 2012 mcAATTsuse.de- fix gcc47 issues
* Wed Jun 06 2012 mcAATTsuse.de- update to version 1.10.2 obsolte patches:
* krb5-1.7-nodeplibs.patch
* krb5-1.9.1-ai_addrconfig.patch
* krb5-1.9.1-ai_addrconfig2.patch
* krb5-1.9.1-sendto_poll.patch
* krb5-1.9-canonicalize-fallback.patch
* krb5-1.9-paren.patch
* krb5-klist_s.patch
* krb5-pkinit-cms2.patch
* krb5-trunk-chpw-err.patch
* krb5-trunk-gss_delete_sec.patch
* krb5-trunk-kadmin-oldproto.patch
* krb5-1.9-MITKRB5-SA-2011-006.dif
* krb5-1.9-gss_display_status-iakerb.patch
* krb5-1.9.1-sendto_poll2.patch
* krb5-1.9.1-sendto_poll3.patch
* krb5-1.9-MITKRB5-SA-2011-007.dif- Fix an interop issue with Windows Server 2008 R2 Read-Only Domain Controllers.- Update a workaround for a glibc bug that would cause DNS PTR queries to occur even when rdns = false.- Fix a kadmind denial of service issue (null pointer dereference), which could only be triggered by an administrator with the \"create\" privilege. [CVE-2012-1013]- Fix access controls for KDB string attributes [CVE-2012-1012]- Make the ASN.1 encoding of key version numbers interoperate with Windows Read-Only Domain Controllers- Avoid generating spurious password expiry warnings in cases where the KDC sends an account expiry time without a password expiry time- Make PKINIT work with FAST in the client library.- Add the DIR credential cache type, which can hold a collection of credential caches.- Enhance kinit, klist, and kdestroy to support credential cache collections if the cache type supports it.- Add the kswitch command, which changes the selected default cache within a collection.- Add heuristic support for choosing client credentials based on the service realm.- Add support for $HOME/.k5identity, which allows credential choice based on configured rules.
* Mon Feb 27 2012 stefan.bruensAATTrwth-aachen.de- add autoconf macro to devel subpackage
* Tue Jan 31 2012 meissnerAATTsuse.de- fix license in krb5-mini
* Tue Dec 20 2011 cooloAATTsuse.com- add autoconf as buildrequire to avoid implicit dependency
* Tue Dec 20 2011 cooloAATTsuse.com- remove call to suse_update_config, very old work around
* Mon Nov 21 2011 mcAATTsuse.de- fix KDC null pointer dereference in TGS handling (MITKRB5-SA-2011-007, bnc#730393) CVE-2011-1530
* Mon Nov 21 2011 mcAATTsuse.de- fix KDC HA feature introduced with implementing KDC poll (RT#6951, bnc#731648)
* Fri Nov 18 2011 rhaferAATTsuse.de- fix minor error messages for the IAKERB GSSAPI mechanism (see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7020)
* Mon Oct 17 2011 mcAATTsuse.de- fix kdc remote denial of service (MITKRB5-SA-2011-006, bnc#719393) CVE-2011-1527, CVE-2011-1528, CVE-2011-1529
* Tue Aug 23 2011 mcAATTsuse.de- use --without-pam to build krb5-mini
* Sun Aug 21 2011 mcAATTnovell.com- add patches from Fedora and upstream- fix init scripts (bnc#689006)
* Fri Aug 19 2011 mcAATTnovell.com- update to version 1.9.1
* obsolete patches: MITKRB5-SA-2010-007-1.8.dif krb5-1.8-MITKRB5-SA-2010-006.dif krb5-1.8-MITKRB5-SA-2011-001.dif krb5-1.8-MITKRB5-SA-2011-002.dif krb5-1.8-MITKRB5-SA-2011-003.dif krb5-1.8-MITKRB5-SA-2011-004.dif krb5-1.4.3-enospc.dif
* replace krb5-1.6.1-compile_pie.dif
* Thu Apr 14 2011 mcAATTsuse.de- fix kadmind invalid pointer free() (MITKRB5-SA-2011-004, bnc#687469) CVE-2011-0285
* Tue Mar 01 2011 mcAATTsuse.de- Fix vulnerability to a double-free condition in KDC daemon (MITKRB5-SA-2011-003, bnc#671717) CVE-2011-0284
* Wed Jan 19 2011 mcAATTsuse.de- Fix kpropd denial of service (MITKRB5-SA-2011-001, bnc#662665) CVE-2010-4022- Fix KDC denial of service attacks with LDAP back end (MITKRB5-SA-2011-002, bnc#663619) CVE-2011-0281, CVE-2011-0282
* Wed Dec 01 2010 mcAATTsuse.de- Fix multiple checksum handling vulnerabilities (MITKRB5-SA-2010-007, bnc#650650) CVE-2010-1324
* krb5 GSS-API applications may accept unkeyed checksums
* krb5 application services may accept unkeyed PAC checksums
* krb5 KDC may accept low-entropy KrbFastArmoredReq checksums CVE-2010-1323
* krb5 clients may accept unkeyed SAM-2 challenge checksums
* krb5 may accept KRB-SAFE checksums with low-entropy derived keys CVE-2010-4020
* krb5 may accept authdata checksums with low-entropy derived keys CVE-2010-4021
* krb5 KDC may issue unrequested tickets due to KrbFastReq forgery
* Thu Oct 28 2010 mcAATTsuse.de- fix csh profile (bnc#649856)
* Fri Oct 22 2010 mcAATTsuse.de- update to krb5-1.8.3
* remove patches which are now upstrem - krb5-1.7-MITKRB5-SA-2010-004.dif - krb5-1.8.1-gssapi-error-table.dif - krb5-MITKRB5-SA-2010-005.dif
* Fri Oct 22 2010 mcAATTsuse.de- change environment variable PATH directly for csh (bnc#642080)
* Mon Sep 27 2010 mcAATTsuse.de- fix a dereference of an uninitialized pointer while processing authorization data. CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990)
* Mon Jun 21 2010 lchiquittoAATTnovell.com- add correct error table when initializing gss-krb5 (bnc#606584, bnc#608295)
* Wed May 19 2010 mcAATTsuse.de- fix GSS-API library null pointer dereference CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826)
* Wed Apr 14 2010 mcAATTsuse.de- fix a double free vulnerability in the KDC CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002)
* Fri Apr 09 2010 mcAATTsuse.de- update to version 1.8.1
* include krb5-1.8-POST.dif
* include MITKRB5-SA-2010-002
* Tue Apr 06 2010 mcAATTsuse.de- update krb5-1.8-POST.dif
* Tue Mar 23 2010 mcAATTsuse.de- fix a bug where an unauthenticated remote attacker could cause a GSS-API application including the Kerberos administration daemon (kadmind) to crash. CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557)
* Tue Mar 23 2010 mcAATTsuse.de- add post 1.8 fixes
* Add IPv6 support to changepw.c
* fix two problems in kadm5_get_principal mask handling
* Ignore improperly encoded signedpath AD elements
* handle NT_SRV_INST in service principal referrals
* dereference options while checking KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT
* Fix the kpasswd fallback from the ccache principal name
* Document the ticket_lifetime libdefaults setting
* Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512
* Thu Mar 04 2010 mcAATTsuse.de- update to version 1.8
* Increase code quality
* Move toward improved KDB interface
* Investigate and remedy repeatedly-reported performance bottlenecks.
* Reduce DNS dependence by implementing an interface that allows client library to track whether a KDC supports service principal referrals.
* Disable DES by default
* Account lockout for repeated login failures
* Bridge layer to allow Heimdal HDB modules to act as KDB backend modules
* FAST enhancements
* Microsoft Services for User (S4U) compatibility
* Anonymous PKINIT- fix KDC denial of service CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781)- fix KDC denial of service in cross-realm referral processing CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347)- fix integer underflow in AES and RC4 decryption CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)- moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl
* Mon Dec 14 2009 jengelhAATTmedozas.de- add baselibs.conf as a source
* Fri Nov 13 2009 mcAATTsuse.de- enhance \'$PATH\' only if the directories are available and not empty (bnc#544949)
* Sun Jul 12 2009 cooloAATTnovell.com- readd lost baselibs.conf
* Wed Jun 03 2009 mcAATTsuse.de- update to final 1.7 release
* Wed May 13 2009 mcAATTsuse.de- update to version 1.7 Beta2
* Incremental propagation support for the KDC database.
* Flexible Authentication Secure Tunneling (FAST), a preauthentiation framework that can protect the AS exchange from dictionary attack.
* Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which allows a GSS application to request credential delegation only if permitted by KDC policy.
* Fix CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 -- various vulnerabilities in SPNEGO and ASN.1 code.
 
ICM