-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2012-3477 2012-03-10 00:03:01 --------------------------------------------------------------------------------
Name : krb5 Product : Fedora 16 Version : 1.9.3 Release : 1.fc16 URL : http://web.mit.edu/kerberos/www/ Summary : The Kerberos network authentication system Description : Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. -------------------------------------------------------------------------------- Update Information: This update updates the package from version 1.9.2 to 1.9.3, which incorporates the patches for the previously-issued security update and a bug encountered when computing hmac-md5 MAC values with certain cipher types. It also includes fixes for the removal scriptlet for the krb5-workstation subpackage and a fix which once again causes the key version number to be ignored when searching a keytab for a key which can decrypt an AP request, if the specified key version number is 0. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 8 2012 Nalin Dahyabhai <[email protected]> 1.9.3-1 - update to 1.9.3 - drop patch for CVE-2011-1530, incorporated upstream - drop patch for #756139, incorporated into 1.9 as RT#7007 - when removing -workstation, remove our files from the info index while the file is still there, in %preun, rather than %postun, and use the compressed file's name (#801035) * Mon Jan 30 2012 Nalin Dahyabhai <[email protected]> 1.9.2-6 - add patch to accept keytab entries with vno==0 as matches when we're searching for an entry with a specific name/kvno (#230382/#782211,RT#3349) * Tue Dec 13 2011 Nalin Dahyabhai <[email protected]> 1.9.2-5 - backport patch for RT#7046: tag a ccache containing credentials obtained via S4U2Proxy with the principal name of the proxying principal (part of #761317) so that the default principal name can be set to that of the client for which it is proxying, which results in the ccache looking more normal to consumers of the ccache that don't care that there's proxying going on - pull in patch for RT#7047: allow tickets obtained via S4U2Proxy to be cached (more of #761317) - backport patch for RT#7048: allow PAC verification to only bother trying to verify the signature with keys that it's given (still more of #761317) * Tue Dec 6 2011 Nalin Dahyabhai <[email protected]> 1.9.2-4 - apply upstream patch to fix a null pointer dereference when processing TGS requests (CVE-2011-1530, #753748) * Wed Nov 30 2011 Nalin Dahyabhai <[email protected]> 1.9.2-3 - correct a bug in the fix for #754001 so that the file creation context is consistently reset * Tue Nov 22 2011 Nalin Dahyabhai <[email protected]> 1.9.2-2 - pull patch from trunk so that when computing an HMAC, we don't assume that the HMAC output size is the same as the input key length (RT#6994, #756139) * Tue Nov 15 2011 Nalin Dahyabhai <[email protected]> 1.9.2-1 - update to 1.9.2, incorporating the recent security update and some of the things we were previously backporting, among other fixes * Tue Nov 15 2011 Nalin Dahyabhai <[email protected]> 1.9.1-19 - selinux: reset the creation context properly after expunging replay caches if they were previously set to the default value (#754001) -------------------------------------------------------------------------------- References: [ 1 ] Bug #801035 - rpm -e krb5-workstation have an issue/warning https://bugzilla.redhat.com/show_bug.cgi?id=801035 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update krb5' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
