krb5-1.19.2 and krb5-1.18.4 are released

Greg Hudson ghudson at mit.edu
Mon Jul 26 15:01:04 EDT 2021


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

The MIT Kerberos Team announces the availability of MIT Kerberos 5
Releases 1.19.2 and 1.18.4.  Please see below for a list of some major
changes included, or consult the README file in the source tree for a
more detailed list of significant changes.

Retrieving krb5-1.19.2 and krb5-1.18.4
======================================

You may retrieve the krb5-1.19.2 and krb5-1.18.4 sources from the
following URL:

        https://kerberos.org/dist/

The homepage for the krb5-1.19.2 and krb5-1.18.4 releases are:

        https://web.mit.edu/kerberos/krb5-1.19/
        https://web.mit.edu/kerberos/krb5-1.18/

Further information about Kerberos 5 may be found at the following
URL:

        https://web.mit.edu/kerberos/


Triple-DES transition
=====================

Beginning with the krb5-1.19 release, a warning will be issued if
initial credentials are acquired using the des3-cbc-sha1 encryption
type.  In future releases, this encryption type will be disabled by
default and eventually removed.

Beginning with the krb5-1.18 release, single-DES encryption types have
been removed.


Major changes in 1.19.2 and 1.18.4 (2021-07-22)
===============================================

These are bug fix releases.

* Fix a denial of service attack against the KDC encrypted challenge
  code [CVE-2021-36222].

* Fix a memory leak when gss_inquire_cred() is called without a
  credential handle.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmD/BgkACgkQDLoIV1+D
ct97ZQ/+LC3g5O11HvP268D0UXG/rKX308J8+AfbSmfQoUkJ/g7FT/ruoV5b9H38
vMZoEeDS0irAl6w4a4Y8HlHJs1McL+5SFo9DG/0dmLt8MVFW5qmDuaiHqkxz1Pzz
n8/54YXDu5/mpVAW5WVyfiMVW5yGx8ty4RnupF9Ko9mv/SbplAL2NwZzweDQUyaH
5F1krQ08fd8AutN+Rl42IwInNOLoiV0+PotQZGPqhJL6OGYyURVUfOb7XexrNFMQ
JwKUOsCyD4SpJ01a7QPl5IKlUzZlomLh+gvZlCIK3Ke9mVpM5DeaGVOmI3F4tHWd
ZFO4g7t6lfnLIqyZO8o2gfCP11G9P7I1OeOPoLBIP0HU2gdMFU/tfq7xqDFPYHAR
Dh3BxBYAKb02LWOY9zZWVEe0GOQ1cano6QYeyYtuVBqJVqqGG0omXdqJsPyFj4BO
HtzRk1PqWRFshAL7ABdmwUYbAg7FXH0tQBte34CzdVQZhOQxBcaSO950K1crn73X
VQh0OUlL9EFG8CJ3Lxck/VUtv4onp+X9mkGFkDd8tTkPhEbhTr7Jx5RZZ/oOvdVn
mAbXBBeLIjqWQfs2MngH9jVytfoG8o5mKA7iQnt68BUL0u0jKPupUTGV4rV0BebB
CwWUyWbIEisuv5rF6aa4CoU2vXcdtnZ12vl89TkwQw3zA+V1vaQ=
=68WE
-----END PGP SIGNATURE-----
_______________________________________________
kerberos-announce mailing list
kerberos-announce at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos-announce


More information about the Kerberos mailing list