-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-6108 2010-04-09 00:21:47 --------------------------------------------------------------------------------
Name : krb5 Product : Fedora 11 Version : 1.6.3 Release : 29.fc11 URL : http://web.mit.edu/kerberos/www/ Summary : The Kerberos network authentication system. Description : Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. -------------------------------------------------------------------------------- Update Information: Sol Jerome noticed that the kadmind server daemon could be made to dereference freed memory and crash. This update backports the changeset which contains the fix for this bug (CVE-2010-0629). -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 6 2010 Nalin Dahyabhai <[email protected]> - 1.6.3-29 - add backported patch to fix a few use-after-free bugs, including one in kadmind (CVE-2010-0629, #576011) * Mon Mar 8 2010 Nalin Dahyabhai <[email protected]> - 1.6.3-28 - pull up patch to get the client libraries to correctly perform password changes over IPv6 (Sumit Bose, RT#6661) * Wed Mar 3 2010 Nalin Dahyabhai <[email protected]> - 1.6.3-27 - fix a null pointer dereference and crash introduced in our PAM patch that would happen if ftpd was given the name of a user who wasn't known to the local system, limited to being triggerable by gssapi-authenticated clients by the default xinetd config (Olivier Fourdan, #569472) * Tue Mar 2 2010 Nalin Dahyabhai <[email protected]> - 1.6.3-26 - fix a regression (not labeling a kdb database lock file correctly, #569902) - add a workaround to build with OpenSSL 1.0, which changed the signature of EVP_PKEY_decrypt() * Fri Jan 22 2010 Nalin Dahyabhai <[email protected]> - 1.6.3-25 - use portreserve correctly -- portrelease takes the basename of the file whose entries should be released, so we need three files, not one * Thu Jan 14 2010 Nalin Dahyabhai <[email protected]> - 1.6.3-24 - use portreserve to make sure the KDC can always bind to the kerberos-iv port, kpropd can always bind to the krb5_prop port, and that kadmind can always bind to the kerberos-adm port (#555279) - backport the LSB headers for the init scripts - make the kpropd init script treat 'reload' as 'restart' (part of #225974) * Tue Jan 12 2010 Nalin Dahyabhai <[email protected]> - 1.6.3-23 - add upstream patch for integer underflow during AES and RC4 decryption (CVE-2009-4212), via Tom Yu (#545015) * Tue Jun 30 2009 Nalin Dahyabhai <[email protected]> - pam_rhosts_auth.so's been gone, use pam_rhosts.so instead * Mon Jun 8 2009 Nalin Dahyabhai <[email protected]> 1.6.3-22 - put %{krb5prefix}/sbin in everyone's path, too (#504525) * Tue May 26 2009 Nalin Dahyabhai <[email protected]> 1.6.3-21 - don't depend on the execute bit being set on scripts that are sources -------------------------------------------------------------------------------- References: [ 1 ] Bug #576011 - CVE-2010-0629 krb5: kadmind use-after-free remote crash (MITKRB5-SA-2010-003) https://bugzilla.redhat.com/show_bug.cgi?id=576011 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update krb5' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
