Dear Heimdal Community, A team consisting of staff from Two Sigma Open Source and AuriStor are pleased to announce the release of Heimdal 7.5.
The release download page is: https://github.com/heimdal/heimdal/releases/tag/heimdal-7.5.0 The source tarball can be downloaded from: https://github.com/heimdal/heimdal/releases/download/heimdal-7.5.0/heimdal-7.5.0.tar.gz https://github.com/heimdal/heimdal/releases/download/heimdal-7.5.0/heimdal-7.5.0.tar.gz.sig SHA256(heimdal-7.5.0.tar.gz)= c5a2a0030fcc728022fa2332bad85569084d1c3b9a59587b7ebe141b0532acad SHA1(heimdal-7.5.0.tar.gz)= 6c891e7ac0c39de10f894a1680a52fb219453e2f The signature key fingerprint is: E659 41B7 1CF3 C459 A34F A89C 45E7 572A 28CD 8CC8 Changes in Heimdal 7.5: Security - Fix CVE-2017-17439, which is a remote denial of service vulnerability: In Heimdal 7.1 through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted request containing empty data fields for client name or realm. Bug fixes - Handle long input lines when reloading database dumps. - In pre-forked mode (default on Unix), correctly clear the process ids of exited children, allowing new child processes to replace the old. - Fixed incorrect KDC response when no-cross realm TGT exists, allowing client requests to fail quickly rather than time out after trying to get a correct answer from each KDC. -- The Heimdal Release Team.