-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2007-4100 2008-02-13 04:25:18 --------------------------------------------------------------------------------
Name : krb5 Product : Fedora 7 Version : 1.6.1 Release : 6.fc7 URL : http://web.mit.edu/kerberos/www/ Summary : The Kerberos network authentication system. Description : Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. -------------------------------------------------------------------------------- Update Information: This update corrects a syntax error in the kadmind init script and fixes a couple of bugs which could cause credential delegation to appear to fail when it hadn't, and which made it difficult to use delegated Kerberos credentials when SPNEGO was used. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 16 2007 Nalin Dahyabhai <[EMAIL PROTECTED]> 1.6.1-6 - backport a fix to make handling of returned flags during spnego credential delegation more forgiving of apps which don't care about flags but still want a delegated credential handle (#314651, RT#5802) - fix retrieval of krb5 credentials from an spnego delegated handle (#319351, RT#5807) * Mon Sep 17 2007 Nalin Dahyabhai <[EMAIL PROTECTED]> 1.6.1-5 - fix incorrect call to "test" in the kadmin init script (Fran Taylor, #287291) * Thu Sep 6 2007 Nalin Dahyabhai <[EMAIL PROTECTED]> 1.6.1-4 - incorporate updated fix for CVE-2007-3999 (CVE-2007-4743) * Tue Sep 4 2007 Nalin Dahyabhai <[EMAIL PROTECTED]> 1.6.1-3 - incorporate fixes for MITKRB5-SA-2007-006 (CVE-2007-3999, CVE-2007-4000) * Wed Jun 27 2007 Nalin Dahyabhai <[EMAIL PROTECTED]> 1.6.1-2.1 - incorporate fixes for MITKRB5-SA-2007-004 (CVE-2007-2442,CVE-2007-2443) and MITKRB5-SA-2007-005 (CVE-2007-2798) * Wed Jun 27 2007 Nalin Dahyabhai <[EMAIL PROTECTED]> - preprocess kerberos.ldif into a format FDS will like better, and include that as a doc file as well (from 1.6.1-4) - drop old, incomplete SELinux patch (from 1.6.1-4) - add patch from Greg Hudson to make srvtab routines report missing-file errors at same point that "file" keytab routines do (from 1.6.1-4, #241805) * Wed Jun 27 2007 Nalin Dahyabhai <[EMAIL PROTECTED]> 1.6.1-2.0 - pull up from devel HEAD's 1.6.1-2 * Thu May 24 2007 Nalin Dahyabhai <[EMAIL PROTECTED]> 1.6.1-2 - pull patch from svn to undo unintentional chattiness in ftp - pull patch from svn to handle NULL krb5_get_init_creds_opt structures better in a couple of places where they're expected * Wed May 23 2007 Nalin Dahyabhai <[EMAIL PROTECTED]> 1.6.1-1 - update to 1.6.1 - drop no-longer-needed patches for CVE-2007-0956,CVE-2007-0957,CVE-2007-1216 - drop patch for sendto bug in 1.6, fixed in 1.6.1 * Fri May 18 2007 Nalin Dahyabhai <[EMAIL PROTECTED]> - kadmind.init: don't fail outright if the default principal database isn't there if it looks like we might be using the kldap plugin - kadmind.init: attempt to extract the key for the host-specific kadmin service when we try to create the keytab -------------------------------------------------------------------------------- References: [ 1 ] Bug #287291 - kadmin doesn't start when LDAP backend is used https://bugzilla.redhat.com/show_bug.cgi?id=287291 [ 2 ] Bug #252322 - /etc/init.d/kadmin: line 35: [: too many arguments https://bugzilla.redhat.com/show_bug.cgi?id=252322 [ 3 ] Bug #319351 - gss_krb5_copy_ccache can't find delegated Kerberos creds when using SPNEGO https://bugzilla.redhat.com/show_bug.cgi?id=319351 [ 4 ] Bug #314651 - gss_init_sec_context() mechglue wrapper doesn't handle ret_flags right https://bugzilla.redhat.com/show_bug.cgi?id=314651 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update krb5' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce