Changelog for
krb5-devel-1.8.3-67.1.i586.rpm :
* Fri Nov 08 2013 ckornackerAATTsuse.de- fix Multi-realm KDC null deref CVE-2013-1418 (bnc#849240) + added bug-849240-CVE-2013-1418-fix-multi-realm-kdc-null-deref.dif
* Fri Jun 28 2013 johann.luceAATTwanadoo.fr- fix a kpasswd UDP ping-pong security bug (CVE-2002-2443) with CVE-2002-2443.patch
* Mon Apr 22 2013 mcAATTsuse.de- fix prep_reprocess_req NULL pointer deref CVE-2013-1416 (bnc#816413) bug-816413-CVE-2013-1416-prep_reprocess_req-NULL-ptr-deref.dif
* Fri Mar 22 2013 wrAATTrosenauer.org- fix PKINIT null pointer deref CVE-2013-1415 (bnc#806715) bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif
* Wed Aug 01 2012 mcAATTsuse.de- fix potentially execute code flaws CVE-2012-1015 (bnc#770172)
* Mon Jun 18 2012 mcAATTsuse.de- fix kadmind denial of service via null pointer dereference CVE-2012-1013 (bnc#765485)
* Mon Oct 17 2011 mcAATTsuse.de- fix kdc remote denial of service (MITKRB5-SA-2011-006, bnc#719393) CVE-2011-1528, CVE-2011-1529
* Thu Apr 14 2011 mcAATTsuse.de- fix kadmind invalid pointer free() (MITKRB5-SA-2011-004, bnc#687469) CVE-2011-0285
* Mon Mar 14 2011 mcAATTsuse.de- Fix vulnerability to a double-free condition in KDC daemon (MITKRB5-SA-2011-003, bnc#671717) CVE-2011-0284
* Wed Jan 19 2011 mcAATTsuse.de- Fix kpropd denial of service (MITKRB5-SA-2011-001, bnc#662665) CVE-2010-4022- Fix KDC denial of service attacks with LDAP back end (MITKRB5-SA-2011-002, bnc#663619) CVE-2011-0281, CVE-2011-0282
* Wed Dec 01 2010 mcAATTsuse.de- Fix multiple checksum handling vulnerabilities (MITKRB5-SA-2010-007, bnc#650650) CVE-2010-1324
* krb5 GSS-API applications may accept unkeyed checksums
* krb5 application services may accept unkeyed PAC checksums
* krb5 KDC may accept low-entropy KrbFastArmoredReq checksums CVE-2010-1323
* krb5 clients may accept unkeyed SAM-2 challenge checksums
* krb5 may accept KRB-SAFE checksums with low-entropy derived keys CVE-2010-4020
* krb5 may accept authdata checksums with low-entropy derived keys CVE-2010-4021
* krb5 KDC may issue unrequested tickets due to KrbFastReq forgery
* Thu Oct 28 2010 mcAATTsuse.de- fix csh profile (bnc#649856)
* Fri Oct 22 2010 mcAATTsuse.de- update to krb5-1.8.3
* remove patches which are now upstrem - krb5-1.7-MITKRB5-SA-2010-004.dif - krb5-1.8.1-gssapi-error-table.dif - krb5-MITKRB5-SA-2010-005.dif
* Fri Oct 22 2010 mcAATTsuse.de- change environment variable PATH directly for csh (bnc#642080)
* Mon Sep 27 2010 mcAATTsuse.de- fix a dereference of an uninitialized pointer while processing authorization data. CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990)
* Mon Jun 21 2010 lchiquittoAATTnovell.com- add correct error table when initializing gss-krb5 (bnc#606584, bnc#608295)
* Wed May 19 2010 mcAATTsuse.de- fix GSS-API library null pointer dereference CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826)
* Wed Apr 14 2010 mcAATTsuse.de- fix a double free vulnerability in the KDC CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002)
* Fri Apr 09 2010 mcAATTsuse.de- update to version 1.8.1
* include krb5-1.8-POST.dif
* include MITKRB5-SA-2010-002
* Tue Apr 06 2010 mcAATTsuse.de- update krb5-1.8-POST.dif
* Tue Mar 23 2010 mcAATTsuse.de- fix a bug where an unauthenticated remote attacker could cause a GSS-API application including the Kerberos administration daemon (kadmind) to crash. CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557)
* Tue Mar 23 2010 mcAATTsuse.de- add post 1.8 fixes
* Add IPv6 support to changepw.c
* fix two problems in kadm5_get_principal mask handling
* Ignore improperly encoded signedpath AD elements
* handle NT_SRV_INST in service principal referrals
* dereference options while checking KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT
* Fix the kpasswd fallback from the ccache principal name
* Document the ticket_lifetime libdefaults setting
* Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512
* Thu Mar 04 2010 mcAATTsuse.de- update to version 1.8
* Increase code quality
* Move toward improved KDB interface
* Investigate and remedy repeatedly-reported performance bottlenecks.
* Reduce DNS dependence by implementing an interface that allows client library to track whether a KDC supports service principal referrals.
* Disable DES by default
* Account lockout for repeated login failures
* Bridge layer to allow Heimdal HDB modules to act as KDB backend modules
* FAST enhancements
* Microsoft Services for User (S4U) compatibility
* Anonymous PKINIT- fix KDC denial of service CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781)- fix KDC denial of service in cross-realm referral processing CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347)- fix integer underflow in AES and RC4 decryption CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)- moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl
* Mon Dec 14 2009 jengelhAATTmedozas.de- add baselibs.conf as a source
* Fri Nov 13 2009 mcAATTsuse.de- enhance \'$PATH\' only if the directories are available and not empty (bnc#544949)
* Sun Jul 12 2009 cooloAATTnovell.com- readd lost baselibs.conf
* Wed Jun 03 2009 mcAATTsuse.de- update to final 1.7 release
* Wed May 13 2009 mcAATTsuse.de- update to version 1.7 Beta2
* Incremental propagation support for the KDC database.
* Flexible Authentication Secure Tunneling (FAST), a preauthentiation framework that can protect the AS exchange from dictionary attack.
* Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which allows a GSS application to request credential delegation only if permitted by KDC policy.
* Fix CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 -- various vulnerabilities in SPNEGO and ASN.1 code.