krb5-1.5.4 is released
Tom Yu
tlyu at MIT.EDU
Tue Jul 10 22:59:54 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The MIT Kerberos Team announces the availability of MIT Kerberos 5
Release 1.5.4. Please see below for a list of some major changes
included, or consult the README file in the source tree for a more
detailed list of significant changes. This is a security fix release.
Note that the krb5-1.5.x release series is in maintenance, meaning
that only critical bugs (including security vulnerabilities) will be
fixed. Please use a release from the krb5-1.6.x series if possible.
RETRIEVING KERBEROS 5 RELEASE 1.5.4
===================================
You may retrieve the Kerberos 5 Release 1.5.4 source from the
following URL:
http://web.mit.edu/kerberos/dist/
The homepage for the krb5-1.5.4 release is:
http://web.mit.edu/kerberos/krb5-1.6/
Further information about Kerberos 5 may be found at the following
URL:
http://web.mit.edu/kerberos/
MAJOR CHANGES
=============
* fix MITKRB5-SA-2007-004: kadmind affected by multiple RPC
library vulnerabilities [CVE-2007-2442/VU#356961,
CVE-2007-2443/VU#365313]
* fix MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow
[CVE-2007-2798/VU#554257]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (SunOS)
iQCVAwUBRpRHtKbDgE/zdoE9AQJvDAP/V2OpphIlAMbv0DIwB/5s9FPzdOBtK117
dRYCXQQJVtFK1Tbe8FS2f3aQGGtVdWca71HQFFDbQOMY/pyv0lu8x6MucBsF/fpA
T1r7ebbinR9lw5bV6fFJGO7wRuTljPNy6j/4xsjceC+vwu9muTCZ6p/8eK6ZuZ+d
z2Zl8IB+/Zg=
=35DZ
-----END PGP SIGNATURE-----
More information about the kerberos-announce
mailing list