MITKRB5-SA-2004-002: double-free vulnerabilities
Mike Friedman
mikef at ack.Berkeley.EDU
Tue Aug 31 16:58:22 EDT 2004
On Tue, 31 Aug 2004 at 14:29 (-0400), Tom Yu wrote:
> + If you are running krb5-1.2 through krb5-1.2.7, and have not
> applied the patches to disable krb4 cross-realm functionality,
> apply 2004-002-patch_1.2.7.txt.
I just downloaded the above patch and the corresponding detached PGP
signature. But the signature doesn't verify! (I tried more than once).
I have no problem getting the 2004-003 patch to verify against its
detached signature.
Is there a problem with the 2004-002 patch?
In both cases, I used 'lynx -source' to download directly from the
specified URLs.
Thanks.
Mike
------------------------------------------------------------------------------
Mike Friedman System and Network Security
mikef at ack.Berkeley.EDU 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://ack.Berkeley.EDU/~mikef http://security.berkeley.edu
------------------------------------------------------------------------------
More information about the Kerberos
mailing list