krb5-1.2.8 is released

Tom Yu tlyu at MIT.EDU
Tue Apr 8 23:32:03 EDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The MIT Kerberos Team announces the availability of MIT Kerberos 5
Release 1.2.8.  This release is primarily a security patch release;
other bugfixes and feature requests have not been incorporated.
Please see below for a list of some changes since release 1.2.7, or
consult the README file in the source tree for a more detailed list of
significant changes.

RETRIEVING KERBEROS 5 RELEASE 1.2.8
===================================
You may retrieve the Kerberos 5 Release 1.2.8 source from the
following URL:


	http://web.mit.edu/network/kerberos-form.html

Further information about Kerberos 5 may be found at the following
URL:

	http://web.mit.edu/kerberos/www/index.html

MAJOR CHANGES SINCE RELEASE 1.2.7
=================================

* [1402, 1385, 1395, 1410, 1411] The krb4 protocol vulnerabilities
  [MITKRB5-SA-2003-004] have been worked around.

* [1403, 1393] The xdrmem integer overflows [MITKRB5-SA-2003-003] have
  been fixed.

* [1405, 1397] The krb5_principal buffer bounds problems
  [MITKRB5-SA-2003-005] have been fixed.  Thanks to Nalin Dahyabhai.

=========================
Tom Yu
MIT Information Systems
Kerberos Development Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (SunOS)
Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard <http://www.gnupg.org/>

iD8DBQE+k5Q2SO8fWy4vZo4RAjFKAJ9OIdDmLT+pF+Gv0TCemFtFgGehXwCbBz5Y
kOcDb8cdmECaNalVQFLOFs8=
=wbnt
-----END PGP SIGNATURE-----



More information about the kerberos-announce mailing list