krb5-1.6.3-beta2 is available
Tom Yu
tlyu at MIT.EDU
Fri Oct 5 17:10:03 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MIT krb5-1.6.3-beta2 is now available for download from
http://web.mit.edu/kerberos/dist/
The main MIT Kerberos web page is
http://web.mit.edu/kerberos/
Please send comments to the krbdev list in the next few weeks. The
beta period will be somewhat longer than usual due to the
incorporation of PKINIT.
The only significant changes since krb5-1.6.3-beta1 have involved KfW
support and some PKINIT build issues.
Major changes in 1.6.3 include:
* fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow
* fix CVE-2007-4000 modify_policy vulnerability
The above are two kadmind vulnerabilities described in
MITKRB5-SA-2007-006. CVE-2007-3999 is actually a vulnerability in the
RPC library.
* Add PKINIT support
At this point, PKINIT support should be considered to be ALPHA
code. We would greatly appreciate testing and feedback of PKINIT
support.
For a more complete list of changes, please consult
http://krbdev.mit.edu/rt/NoAuth/krb5-1.6/fixed-1.6.3.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (SunOS)
iQCVAwUBRwaoOabDgE/zdoE9AQJ3PwQAisxohAeCj/7XRcyEV7pdtq1zPjg0oCmg
ZO9+A0+JLqO0hmR3SLjRzJbTLa6pgyeA3wSRaLw5PVxuOak4DBq+eKUQi11mp5lb
9iJT0cl4+a3pk72McbtrqvYI+J0FNyYPk4AfMkbBhLK5JtJ+pDrWoX6fovxg5uJf
qctd/BmHasM=
=KI7x
-----END PGP SIGNATURE-----
More information about the krbdev
mailing list