krb5-1.9.1-beta1 is available
Tom Yu
tlyu at MIT.EDU
Mon Apr 25 16:38:01 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MIT krb5-1.9.1-beta1 is now available for download from
http://web.mit.edu/kerberos/dist/testing.html
The main MIT Kerberos web page is
http://web.mit.edu/kerberos/
Please send comments to the krbdev list. The final release will
probably occur in early May. The README file contains a more
extensive list of changes.
Major changes in 1.9.1
- ----------------------
This is primarily a bugfix release.
* Fix vulnerabilities:
** kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022]
** KDC denial of service attacks [MITKRB5-SA-2011-002
CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]
** KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003
CVE-2011-0284]
** kadmind frees invalid pointer [MITKRB5-SA-2011-004 CVE-2011-0285]
* Interoperability:
** Don't reject AP-REQ messages if their PAC doesn't validate;
suppress the PAC instead.
** Correctly validate HMAC-MD5 checksums that use DES keys
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)
iEYEARECAAYFAk21260ACgkQSO8fWy4vZo5QCQCfbkfkNa5E+lIxAa9zrY0JJiIu
5owAoM1syBte2aeCIzKTkPCEsNFZu6U2
=V7Ha
-----END PGP SIGNATURE-----
More information about the krbdev
mailing list