krb5-1.5.4 is released

Tom Yu tlyu at MIT.EDU
Tue Jul 10 22:59:54 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The MIT Kerberos Team announces the availability of MIT Kerberos 5
Release 1.5.4.  Please see below for a list of some major changes
included, or consult the README file in the source tree for a more
detailed list of significant changes.  This is a security fix release.
Note that the krb5-1.5.x release series is in maintenance, meaning
that only critical bugs (including security vulnerabilities) will be
fixed.  Please use a release from the krb5-1.6.x series if possible.

RETRIEVING KERBEROS 5 RELEASE 1.5.4
===================================

You may retrieve the Kerberos 5 Release 1.5.4 source from the
following URL:

        http://web.mit.edu/kerberos/dist/

The homepage for the krb5-1.5.4 release is:

        http://web.mit.edu/kerberos/krb5-1.6/

Further information about Kerberos 5 may be found at the following
URL:

        http://web.mit.edu/kerberos/

MAJOR CHANGES
=============

* fix MITKRB5-SA-2007-004: kadmind affected by multiple RPC
  library vulnerabilities [CVE-2007-2442/VU#356961,
  CVE-2007-2443/VU#365313]

* fix MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow
  [CVE-2007-2798/VU#554257]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (SunOS)

iQCVAwUBRpRHtKbDgE/zdoE9AQJvDAP/V2OpphIlAMbv0DIwB/5s9FPzdOBtK117
dRYCXQQJVtFK1Tbe8FS2f3aQGGtVdWca71HQFFDbQOMY/pyv0lu8x6MucBsF/fpA
T1r7ebbinR9lw5bV6fFJGO7wRuTljPNy6j/4xsjceC+vwu9muTCZ6p/8eK6ZuZ+d
z2Zl8IB+/Zg=
=35DZ
-----END PGP SIGNATURE-----



More information about the kerberos-announce mailing list