| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: krb5-client | Distribution: openSUSE 11.2 |
| Version: 1.7 | Vendor: openSUSE |
| Release: 6.12.1 | Build date: Wed Mar 16 16:11:15 2011 |
| Group: Productivity/Networking/Security | Build host: build17 |
| Size: 168198 | Source RPM: krb5-1.7-6.12.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: http://web.mit.edu/kerberos/www/ | |
| Summary: MIT Kerberos5 implementation - client programs | |
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes some required
client programs, like kinit, kadmin, ...
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
MIT License (or similar)
* Tue Mar 01 2011 mc@suse.de
- Fix vulnerability to a double-free condition in KDC daemon
(MITKRB5-SA-2011-003, bnc#671717)
CVE-2011-0284
* Wed Jan 19 2011 mc@suse.de
- Fix kpropd denial of service
(MITKRB5-SA-2011-001, bnc#662665)
CVE-2010-4022
- Fix KDC denial of service attacks with LDAP back end
(MITKRB5-SA-2011-002, bnc#663619)
CVE-2011-0281, CVE-2011-0282
* Sun Nov 07 2010 mc@suse.de
- Fix multiple checksum handling vulnerabilities
(MITKRB5-SA-2010-007, bnc#650650)
CVE-2010-1324
* krb5 GSS-API applications may accept unkeyed checksums
* krb5 application services may accept unkeyed PAC checksums
* krb5 KDC may accept low-entropy KrbFastArmoredReq checksums
CVE-2010-1323
* krb5 clients may accept unkeyed SAM-2 challenge checksums
* krb5 may accept KRB-SAFE checksums with low-entropy derived keys
CVE-2010-4021
* krb5 KDC may issue unrequested tickets due to KrbFastReq forgery
- add correct error table when initializing gss-krb5 (bnc#606584,
bnc#608295)
* Fri Apr 23 2010 mc@suse.de
- fix GSS-API library null pointer dereference
CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826)
* Wed Apr 14 2010 mc@suse.de
- fix a double free vulnerability in the KDC
CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002)
* Mon Mar 01 2010 mc@suse.de
- fix a bug where an unauthenticated remote attacker could cause
a GSS-API application including the Kerberos administration
daemon (kadmind) to crash.
CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557)
* Thu Jan 21 2010 mc@suse.de
- fix KDC denial of service
CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781)
* Tue Dec 08 2009 mc@suse.de
- fix KDC denial of service in cross-realm referral processing
CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347)
- fix integer underflow in AES and RC4 decryption
CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)
* Sun Jul 12 2009 coolo@novell.com
- readd lost baselibs.conf
* Wed Jun 03 2009 mc@suse.de
- update to final 1.7 release
* Wed May 13 2009 mc@suse.de
- update to version 1.7 Beta2
* Incremental propagation support for the KDC database.
* Flexible Authentication Secure Tunneling (FAST), a preauthentiation
framework that can protect the AS exchange from dictionary attack.
* Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which
allows a GSS application to request credential delegation only if
permitted by KDC policy.
* Fix CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 --
various vulnerabilities in SPNEGO and ASN.1 code.
* Mon Feb 16 2009 mc@suse.de
- update to pre 1.7 version
* Remove support for version 4 of the Kerberos protocol (krb4).
* New libdefaults configuration variable "allow_weak_crypto".
* Client library now follows client principal referrals, for
compatibility with Windows.
* KDC can issue realm referrals for service principals based on domain
names.
* Encryption algorithm negotiation (RFC 4537).
* In the replay cache, use a hash over the complete ciphertext to
avoid false-positive replay indications.
* Microsoft GSS_WrapEX, implemented using the gss_iov API, which is
similar to the equivalent SSPI functionality.
* DCE RPC, including three-leg GSS context setup and unencapsulated
GSS tokens.
* NTLM recognition support in GSS-API, to facilitate dropping in an
NTLM implementation.
* KDC support for principal aliases, if the back end supports them.
* Microsoft set/change password (RFC 3244) protocol in kadmind.
* Master key rollover support.
* Wed Jan 14 2009 olh@suse.de
- obsolete also old heimdal-lib-XXbit and heimdal-devel-XXbit
* Thu Dec 11 2008 mc@suse.de
- do not query IPv6 addresses if no IPv6 address exists on this host
[bnc#449143]
* Wed Dec 10 2008 olh@suse.de
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
(bnc#437293)
* Thu Oct 30 2008 olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
* Fri Sep 26 2008 mc@suse.de
- in case we use ldap as database backend, ldap should be
started before krb5kdc
* Mon Jul 28 2008 mc@suse.de
- add new fixes to post 1.6.3 patch
* fix mem leak in krb5_gss_accept_sec_context()
* keep minor_status
* kadm5_decrypt_key: A ktype of -1 is documented as meaning
"to be ignored"
* Reject socket fds > FD_SETSIZE
* Fri Jul 25 2008 mc@suse.de
- add patches from SVN post 1.6.3
* krb5_string_to_keysalts: Fix an infinite loop
* fix some mutex issues
* better recovery from corrupt rcache files
* some more small fixes
* Wed Jun 18 2008 mc@suse.de
- add case-insensitive.dif (FATE#300771)
- minor fixes for ktutil man page
- reduce rpmlint warnings
* Wed May 14 2008 mc@suse.de
- Fall back to TCP on kdc-unresolvable/unreachable errors.
- restore valid sequence number before generating requests
(fix changing passwords in mixed ipv4/ipv6 enviroments)
* Thu Apr 10 2008 ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support
* Wed Apr 09 2008 mc@suse.de
- modify krb5-config to not output rpath and cflags in --libs
(bnc#378270)
* Fri Mar 14 2008 mc@suse.de
- fix two security bugs:
* MITKRB5-SA-2008-001(CVE-2008-0062, CVE-2008-0063)
fix double free [bnc#361373]
* MITKRB5-SA-2008-002(CVE-2008-0947, CVE-2008-0948)
Memory corruption while too many open file descriptors
[bnc#363151]
- change default config file. Comment out the examples.
* Fri Dec 14 2007 mc@suse.de
- fix several security bugs:
* CVE-2007-5894 apparent uninit length
* CVE-2007-5902 integer overflow
* CVE-2007-5971 free of non-heap pointer and double-free
* CVE-2007-5972 double fclose()
[#346745, #346748, #346746, #346749, #346747]
* Tue Dec 04 2007 mc@suse.de
- improve GSSAPI error messages
* Tue Nov 06 2007 mc@suse.de
- add coreutils to PreReq
* Tue Oct 23 2007 mc@suse.de
- update to krb5 version 1.6.3
* fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow
* fix CVE-2007-4000 modify_policy vulnerability
* Add PKINIT support
- remove patches which are upstream now
- enhance init scripts and xinetd profiles
* Fri Sep 14 2007 mc@suse.de
- update krb5-1.6.2-post.dif
* If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that
that the client library will not failover to the next KDC.
[#310540]
* Tue Sep 11 2007 mc@suse.de
- update krb5-1.6.2-post.dif
* new -S sname option for kvno
* read_entropy_from_device on partial read will not fill buffer
* Bail out if encoded "ticket" doesn't decode correctly.
* patch for referrals loop
* Thu Sep 06 2007 mc@suse.de
- fix a problem with the originally published patch
for MITKRB5-SA-2007-006 - CVE-2007-3999
[#302377]
* Wed Sep 05 2007 mc@suse.de
- fix execute arbitrary code
(MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000)
[#302377]
* Tue Aug 07 2007 mc@suse.de
- add krb5-1.6.2-post.dif
* during the referrals loop, check to see if the
session key enctype of a returned credential for the final
service is among the enctypes explicitly selected by the
application, and retry with old_use_conf_ktypes if it is not.
* If mkstemp() is available, the new ccache file gets created but
the subsequent open(O_CREAT|O_EXCL) call fails because the file
was already created by mkstemp(). Apply patch from Apple to keep
the file descriptor open.
* Thu Jul 12 2007 mc@suse.de
- update to version 1.6.2
- remove krb5-1.6.1-post.dif all fixes are included in this release
* Thu Jul 05 2007 mc@suse.de
- change requires to libcom_err-devel
* Mon Jul 02 2007 mc@suse.de
- update krb5-1.6.1-post.dif
* fix leak in krb5_walk_realm_tree
* rd_req_decoded needs to deal with referral realms
* fix buffer overflow in kadmind
(MITKRB5-SA-2007-005 - CVE-2007-2798)
[#278689]
* fix kadmind code execution bug
(MITKRB5-SA-2007-004 - CVE-2007-2442 - CVE-2007-2443)
[#271191]
* Thu Jun 14 2007 mc@suse.de
- fix unstripped-binary-or-object rpmlint warning
* Mon Jun 11 2007 sschober@suse.de
- fixing rpmlint warnings and errors:
* merged logrotate scripts kadmin and krb5kdc into a single file
krb5-server.
* moved heimdal2mit-DumpConvert.pl and simple_convert_krb5conf.pl
from /usr/share/doc/packages/krb5 to /usr/lib/mit/helper.
adapted krb5.spec and README.ConvertHeimdalMIT accordingly.
* added surpression filter for
"devel-file-in-non-devel-package /usr/lib/libgssapi_krb5.so"
(see [#147912]).
* set default runlevel of init scripts in chkconfig line to 3 and
5
* Wed May 09 2007 mc@suse.de
- fix uninitialized salt length
- add extra check for keytab file
* Thu May 03 2007 mc@suse.de
- adding krb5-1.6.1-post.dif
* fix segfault in krb5_get_init_creds_password
* remove debug output in ftp client
* profile stores empty string values without double quotes
* Mon Apr 23 2007 mc@suse.de
- update to final 1.6.1 version
* Wed Apr 18 2007 mc@suse.de
- add plugin directories to main package
* Mon Apr 16 2007 mc@suse.de
- update to version 1.6.1 Beta1
- remove obsolete patches
(krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
- rework compile_pie patch
* Wed Apr 11 2007 mc@suse.de
- update krb5-1.6-post.dif
* fix kadmind stack overflow in krb5_klog_syslog
(MITKRB5-SA-2007-002 - CVE-2007-0957)
[#253548]
* fix double free attack in the RPC library
(MITKRB5-SA-2007-003 - CVE-2007-1216)
[#252487]
* fix krb5 telnetd login injection
(MIT-SA-2007-001 - CVE-2007-0956)
[#247765]
* Thu Mar 29 2007 mc@suse.de
- add ncurses-devel and bison to BuildRequires
- rework some patches
* Mon Mar 05 2007 mc@suse.de
- move SuSEFirewall service definitions to
/etc/sysconfig/SuSEfirewall2.d/services
* Thu Feb 22 2007 mc@suse.de
- add firewall definition to krb5-server, FATE #300687
* Mon Feb 19 2007 mc@suse.de
- update krb5-1.6-post.dif
- move some applications into the right package
* Fri Feb 09 2007 mc@suse.de
- update krb5-1.6-post.dif
* Mon Jan 29 2007 mc@suse.de
- krb5-1.6-fix-passwd-tcp.dif and krb5-1.6-fix-sendto_kdc-memset.dif
are now upstream. Remove patches.
- fix leak in krb5_kt_resolve and krb5_kt_wresolve
* Tue Jan 23 2007 mc@suse.de
- fix "local variable used before set" in ftp.c
[#237684]
* Mon Jan 22 2007 mc@suse.de
- krb5-devel should require keyutils-devel
* Mon Jan 22 2007 mc@suse.de
- update to version 1.6
* Major changes in 1.6 include
* Partial client implementation to handle server name referrals.
* Pre-authentication plug-in framework, donated by Red Hat.
* LDAP KDB plug-in, donated by Novell.
- remove obsolete patches
* Wed Jan 10 2007 mc@suse.de
- fix for
kadmind (via RPC library) calls uninitialized function pointer
(CVE-2006-6143)(Bug #225990)
krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif
- fix for
kadmind (via GSS-API mechglue) frees uninitialized pointers
(CVE-2006-6144)(Bug #225992)
krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif
* Tue Jan 02 2007 mc@suse.de
- Fix Requires in krb5-devel
[Bug #231008]
* Mon Nov 06 2006 mc@suse.de
- fix "local variable used before set" [#217692]
- fix strncat warning
* Fri Oct 27 2006 mc@suse.de
- add a default kadm5.dict file
- require $network on daemon start
* Wed Sep 13 2006 mc@suse.de
- fix function call with too few arguments [#203837]
* Thu Aug 24 2006 mc@suse.de
- update to version 1.5.1
- remove obsolete patches which are now included upstream
* krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
* trunk-fix-uninitialized-vars.dif
* Fri Aug 11 2006 mc@suse.de
- krb5 setuid return check fixes
krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
[#182351]
* Mon Aug 07 2006 mc@suse.de
- remove update-messages
* Mon Jul 24 2006 mc@suse.de
- add check for krb5_prop in services to kpropd init script.
[#192446]
* Mon Jul 03 2006 mc@suse.de
- update to version 1.5
* KDB abstraction layer, donated by Novell.
* plug-in architecture, allowing for extension modules to be
loaded at run-time.
* multi-mechanism GSS-API implementation ("mechglue"),
donated by Sun Microsystems
* Simple and Protected GSS-API negotiation mechanism ("SPNEGO")
implementation, donated by Sun Microsystems
- remove obsolete patches and add some new
/usr/bin/kinit /usr/bin/klist /usr/lib/mit /usr/lib/mit/bin /usr/lib/mit/bin/k5srvutil /usr/lib/mit/bin/kadmin /usr/lib/mit/bin/kdestroy /usr/lib/mit/bin/kinit /usr/lib/mit/bin/klist /usr/lib/mit/bin/kpasswd /usr/lib/mit/bin/ktutil /usr/lib/mit/bin/kvno /usr/lib/mit/sbin /usr/share/man/man1/k5srvutil.1.gz /usr/share/man/man1/kadmin.1.gz /usr/share/man/man1/kdestroy.1.gz /usr/share/man/man1/kerberos.1.gz /usr/share/man/man1/kinit.1.gz /usr/share/man/man1/klist.1.gz /usr/share/man/man1/kpasswd.1.gz /usr/share/man/man1/ktutil.1.gz /usr/share/man/man1/kvno.1.gz /usr/share/man/man5/.k5login.5.gz /usr/share/man/man5/krb5.conf.5.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Mon Jun 10 05:29:09 2013