Dear Heimdal Community,
A team consisting of staff from Two Sigma Open Source and AuriStor are
pleased to announce the release of Heimdal 7.5.
The release download page is:
https://github.com/heimdal/heimdal/releases/tag/heimdal-7.5.0
The source tarball can be downloaded from:
https://github.com/heimdal/heimdal/releases/download/heimdal-7.5.0/heimdal-7.5.0.tar.gz
https://github.com/heimdal/heimdal/releases/download/heimdal-7.5.0/heimdal-7.5.0.tar.gz.sig
SHA256(heimdal-7.5.0.tar.gz)=
c5a2a0030fcc728022fa2332bad85569084d1c3b9a59587b7ebe141b0532acad
SHA1(heimdal-7.5.0.tar.gz)= 6c891e7ac0c39de10f894a1680a52fb219453e2f
The signature key fingerprint is: E659 41B7 1CF3 C459 A34F A89C 45E7 572A 28CD
8CC8
Changes in Heimdal 7.5:
Security
- Fix CVE-2017-17439, which is a remote denial of service
vulnerability:
In Heimdal 7.1 through 7.4, remote unauthenticated attackers
are able to crash the KDC by sending a crafted request
containing empty data fields for client name or realm.
Bug fixes
- Handle long input lines when reloading database dumps.
- In pre-forked mode (default on Unix), correctly clear the
process ids of exited children, allowing new child processes
to replace the old.
- Fixed incorrect KDC response when no-cross realm TGT exists,
allowing client requests to fail quickly rather than time
out after trying to get a correct answer from each KDC.
--
The Heimdal Release Team.
