Name : krb5 Product : Fedora 17 Version : 1.10.2 Release : 12.fc17 URL : http://web.mit.edu/kerberos/www/ Summary : The Kerberos network authentication system Description : Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted form.
------------------------------------------------------------------------------- - Update Information:
This update pulls in the upstream fix for a UDP ping-pong vulnerability in the kpasswd service provided by kadmind (CVE-2002-2443). ------------------------------------------------------------------------------- - ChangeLog:
* Mon May 13 2013 Nalin Dahyabhai <nalin@redhat.com> 1.10.2-12 - pull up fix for UDP ping-pong flaw in kpasswd service (CVE-2002-2443, * Mon Apr 15 2013 Nalin Dahyabhai <nalin@redhat.com> 1.10.2-11 - pull fix for keeping track of the message type when parsing FAST requests in the KDC (RT#7605, #951964) * Tue Apr 9 2013 Nalin Dahyabhai <nalin@redhat.com> 1.10.2-10 - incorporate upstream patch to fix a NULL pointer dereference while processing certain TGS requests (CVE-2013-1416, #949984/#949987) * Tue Mar 5 2013 Nalin Dahyabhai <nalin@redhat.com> 1.10.2-9 - add patch to avoid dereferencing a NULL pointer in the KDC when handling a draft9 PKINIT request (#917841, CVE-2012-1016) * Thu Feb 28 2013 Nalin Dahyabhai <nalin@redhat.com> 1.10.2-8 - fix a memory leak when acquiring credentials using a keytab (RT#7586, #911110) * Mon Feb 25 2013 Nalin Dahyabhai <nalin@redhat.com> 1.10.2-7 - incorporate upstream patch to fix a NULL pointer dereference when the client supplies an otherwise-normal-looking PKINIT request (CVE-2013-1415, #914756) * Tue Jul 31 2012 Nalin Dahyabhai <nalin@redhat.com> 1.10.2-6 - go back to not messing with library file paths on Fedora 17: it breaks file path dependencies in other packages, and since Fedora 17 is already released, breaking that is our fault * Tue Jul 31 2012 Nalin Dahyabhai <nalin@redhat.com> 1.10.2-5 - add upstream patch to fix freeing an uninitialized pointer and dereferencing another uninitialized pointer in the KDC (MITKRB5-SA-2012-001, CVE-2012-1014 and CVE-2012-1015, #844779 and #844777) - fix a thinko in whether or not we mess around with devel .so symlinks on systems without a separate /usr (sbose) * Fri Jul 27 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.10.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Fri Jun 22 2012 Nalin Dahyabhai <nalin@redhat.com> 1.10.2-3 - backport a fix to allow a PKINIT client to handle SignedData from a KDC that's signed with a certificate that isn't in the SignedData, but which is available as an anchor or intermediate on the client (RT#7183) * Tue Jun 5 2012 Nalin Dahyabhai <nalin@redhat.com> 1.10.2-2 - back out this labeling change (dwalsh): - when building the new label for a file we're about to create, also mix in the current range, in addition to the current user * Fri Jun 1 2012 Nalin Dahyabhai <nalin@redhat.com> 1.10.2-1 - update to 1.10.2 - when building the new label for a file we're about to create, also mix in the current range, in addition to the current user - also package the PDF format admin, user, and install guides - drop some PDFs that no longer get built right - add a backport of Stef's patch to set the client's list of supported enctypes to match the types of keys that we have when we are using a keytab to try to get initial credentials, so that a KDC won't send us an AS reply that we can't encrypt (RT#2131, #748528) - don't shuffle around any shared libraries on releases with no-separate-/usr, since /usr/lib is the same place as /lib - add explicit buildrequires: on 'hostname', for the tests, on systems where it's in its own package, and require net-tools, which used to provide the command, everywhere * Mon May 7 2012 Nalin Dahyabhai <nalin@redhat.com> - skip the setfscreatecon() if fopen() is passed "rb" as the open mode (part of #819115) * Tue May 1 2012 Nalin Dahyabhai <nalin@redhat.com> 1.10.1-3 - have -server require /usr/share/dict/words, which we set as the default dict_file in kdc.conf (#817089) * Tue Mar 20 2012 Nalin Dahyabhai <nalin@redhat.com> 1.10.1-2 - change back dns_lookup_kdc to the default setting (Stef Walter, #805318) - comment out example.com examples in default krb5.conf (Stef Walter, #805320) * Fri Mar 9 2012 Nalin Dahyabhai <nalin@redhat.com> 1.10.1-1 - update to 1.10.1 - drop the KDC crash fix - drop the KDC lookaside cache fix - drop the fix for kadmind RPC ACLs (CVE-2012-1012) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #962531 - CVE-2002-2443 krb5: UDP ping-pong flaw in kpasswd https://bugzilla.redhat.com/show_bug.cgi?id=962531 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update krb5' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|