krb5-1.6.3-beta1 is available
Tom Yu
tlyu at MIT.EDU
Wed Sep 19 20:31:09 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MIT krb5-1.6.3-beta1 is now available for download from
http://web.mit.edu/kerberos/dist/
The main MIT Kerberos web page is
http://web.mit.edu/kerberos/
Please send comments to the krbdev list in the next few weeks. The
beta period will be somewhat longer than usual due to the
incorporation of PKINIT. Major changes in krb5-1.6.3 include:
Major changes in 1.6.3 include
* fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow
* fix CVE-2007-4000 modify_policy vulnerability
The above are two kadmind vulnerabilities described in
MITKRB5-SA-2007-006. CVE-2007-3999 is actually a vulnerability in the
RPC library.
* Add PKINIT support
At this point, PKINIT support should be considered to be ALPHA
code. We would greatly appreciate testing and feedback of PKINIT
support.
For a more complete list of changes, please consult
http://krbdev.mit.edu/rt/NoAuth/krb5-1.6/fixed-1.6.3.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (SunOS)
iQCVAwUBRvG/UKbDgE/zdoE9AQKIWwP/YNVXLRmRbSoWbQRvAr27LhP/O2VfQtSe
HJqegjWupE+t2xrNDNSPCzDKBPEijRpuqiuiQifls+emtzuPomJoRFezoKmM9VgH
lCX0gU+fVbh3AW37IhF+lKbpZdaVhWGSsIiPwIyxRqnVNzHVMFIatNLfIrZO3xOM
upTP0wteJ0s=
=rPbE
-----END PGP SIGNATURE-----
More information about the krbdev
mailing list