krb5-1.5.2 is released

Tom Yu tlyu at MIT.EDU
Tue Jan 9 21:11:51 EST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The MIT Kerberos Team announces the availability of MIT Kerberos 5
Release 1.5.2.  Please see below for a list of some major changes
included, or consult the README file in the source tree for a more
detailed list of significant changes.

RETRIEVING KERBEROS 5 RELEASE 1.5.2
===================================

You may retrieve the Kerberos 5 Release 1.5.2 source from the
following URL:

        http://web.mit.edu/kerberos/dist/

The homepage for the krb5-1.5.2 release is:

        http://web.mit.edu/kerberos/krb5-1.5/

Further information about Kerberos 5 may be found at the following
URL:

        http://web.mit.edu/kerberos/

MAJOR CHANGES
=============

* Fix for MITKRB5-SA-2006-002: the RPC library could call an
  uninitialized function pointer, which created a security
  vulnerability for kadmind.

* Fix for MITKRB5-SA-2006-003: the GSS-API mechglue layer could fail
  to initialize some output pointers, causing callers to attempt to
  free uninitialized pointers.  This caused a security vulnerability
  in kadmind.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (SunOS)

iQCVAwUBRaRLaqbDgE/zdoE9AQJBiQP6A3JbgQ4GRVbJVR+v4723XsKDp2Lq23OK
KejjfWyWPU28haiXoXIy652gIqDCmLfENVwfuHkmOQ6fiesPWBqUMvUqO+ER3uxz
oTJc1asgQMcpvWlZ1vnmetz077drNr4yhF18lGeV8rb4TXl6U6RUglhrcHyYfgqm
uYPmB8Zl254=
=HKWc
-----END PGP SIGNATURE-----



More information about the kerberos-announce mailing list