Dear Heimdal Community, A team consisting of staff from Two Sigma Open Source and AuriStor are pleased to announce the release of Heimdal 7.3.
The release download page is: https://github.com/heimdal/heimdal/releases/tag/heimdal-7.3.0 The source tarball can be downloaded from: https://github.com/heimdal/heimdal/releases/download/heimdal-7.3.0/heimdal-7.3.0.tar.gz https://github.com/heimdal/heimdal/releases/download/heimdal-7.3.0/heimdal-7.3.0.tar.gz.sig SHA256(heimdal-7.3.0.tar.gz)= 351df17c11f723681a4eab832e880af4a28693d1ed6996b02671d676dcb3b7b5 SHA1(heimdal-7.3.0.tar.gz)= e1871eacef5dd8a7ccc10cfc9cc92a7376e27872 The signature key fingerprint is: E659 41B7 1CF3 C459 A34F A89C 45E7 572A 28CD 8CC8 Changes in Heimdal 7.3.0: Security - Fix transit path validation. Commit f469fc6 (2010-10-02) inadvertently caused the previous hop realm to not be added to the transit path of issued tickets. This may, in some cases, enable bypass of capath policy in Heimdal versions 1.5 through 7.2. Note, this may break sites that rely on the bug. With the bug some incomplete [capaths] worked, that should not have. These may now break authentication in some cross-realm configurations. (CVE-2017-6594) For a more complete change history please see: https://github.com/heimdal/heimdal/blob/master/NEWS -- The Heimdal Release Team.