Alexander Bokovoy <aboko...@redhat.com> writes: > Details for CVE-2020-17049 are still not public so we can only guess > what is the problem. It also means MIT Kerberos cannot be fixed unless > we'll get to know what is the real problem. > > Robbie, was this raised with the upstream beyond our recent discussion > on #kerberos?
To my knowledge Microsoft has not been in contact with us about this vulnerability. Reporting so far suggests that it's a Microsoft-specific issue - i.e., MIT and other Kerberos implementations are not affected. Affected by the vulnerability, that is. There is of course this known issue with Linux clients; my reading of https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-20h2#1522msgdesc is that they plan to fix this on their side somehow. Thanks, --Robbie
signature.asc
Description: PGP signature
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
