krb5-1.20.1 and krb5-1.19.4 are released

Greg Hudson ghudson at mit.edu
Tue Nov 15 12:04:40 EST 2022


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

The MIT Kerberos Team announces the availability of MIT Kerberos 5
Releases 1.20.1 and 1.19.4.  Please see below for a list of some major
changes included, or consult the README file in the source tree for a
more detailed list of significant changes.

Retrieving krb5-1.20.1 and krb5-1.19.4
======================================

You may retrieve the krb5-1.20.1 and krb5-1.19.4 sources from the
following URL:

        https://kerberos.org/dist/

The homepages for the krb5-1.20.1 and krb5-1.19.4 releases are:

        https://web.mit.edu/kerberos/krb5-1.20/
        https://web.mit.edu/kerberos/krb5-1.19/

Further information about Kerberos 5 may be found at the following
URL:

        https://web.mit.edu/kerberos/


Triple-DES transition
=====================

Beginning with the krb5-1.19 release, a warning will be issued if
initial credentials are acquired using the des3-cbc-sha1 encryption
type.  In future releases, this encryption type will be disabled by
default and eventually removed.

Beginning with the krb5-1.18 release, single-DES encryption types have
been removed.


Major changes in 1.20.1 and 1.19.4 (2022-11-15)
===============================================

These are bug fix releases.

* Fix integer overflows in PAC parsing [CVE-2022-42898].

* Fix null deref in KDC when decoding invalid NDR.

* Fix memory leak in OTP kdcpreauth module.

* Fix PKCS11 module path search.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmNzxmgACgkQDLoIV1+D
ct/AtRAAiQ8LFqalOMok97OuagdHipmdHRxD8cXgOyb06Zbe4ZddOG3PIErNyAYA
3sDTD/u8jrZ6hA5EWVJMPc13onV8jA1VDRrmDOgN2CekKxZATHMfuQ4Chm+HUUcf
/FGjpKmGuPeZoDOnW0CBvzsGkaqRbv6cohQmuBb8FrjJnYUycPpVQr/+qWgmjbGu
wGOE+k/weZpzWEolKa3q2S9Uho3DletUkX6mqkFlYI+aKPjQAg008r7P6tR7dkUk
RX+JgE0SwrmWF9vKpvU/JV5fJGNJ5X0tTJqSrCuvxme56ClKqmaOxFhsRcS6miMY
csBeczRyHvJjZmpIP9e4WwKI9wLrR7GCYCQqL/x4RNaRDdIzF2dgeS5QFDoOJIe7
vsuxdOR5+nArkv7cyCYf7AmCZjc8Yx7ucrDq+d25fniv8dT9tIpogJyJfKIwIGHh
MVNEg1vqnHZ3VOP1i+FOhzp6fOegNzKMsN7MtvIZKbZIV9V8F+7XhZtCgWgdNlWW
nZ/DFr+SwgXiyOVN+cor4E1rMP7brNu59rI4aA5lVlJIfMsYVXnWzQ5H1hDOC5w/
snkPXtgkRdcCO9HTiTwNWC4nK2dbguu90/EnoFtP1mjmemmQU5U0QJ19JUQ9CHbK
Hmprwhs11AeImoc/ePUYfmvYCCuxgPcp3VPEZwgDsF2VCDWbrJw=
=ZJWv
-----END PGP SIGNATURE-----


More information about the kerberos-announce mailing list