krb5-1.8.2-beta1 is available

Tom Yu tlyu at MIT.EDU
Wed Jun 2 08:10:21 EDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MIT krb5-1.8.2-beta1 is now available for download from

         http://web.mit.edu/kerberos/dist/testing.html

The main MIT Kerberos web page is

         http://web.mit.edu/kerberos/

This is the code freeze for the krb5-1.8.2 release, which will
probably have a final release early next week.

The README file contains a more extensive list of changes.

The Data Encryption Standard (DES) is widely recognized as weak.  The
krb5-1.7 release contains measures to encourage sites to migrate away
- From using single-DES cryptosystems.  Among these is a configuration
variable that enables "weak" enctypes, which now defaults to "false"
beginning with krb5-1.8.  The krb5-1.8 release includes additional
measures to ease the transition away from single-DES.  These
additional measures include:

* enctype config enhancements (so you can do "DEFAULT +des", etc.)
* new API to allow applications (e.g. AFS) to explicitly reenable weak
  crypto
* easier kadmin history key changes

Major changes in 1.8.2
- ----------------------

This is primarily a bugfix release.

* Fix vulnerabilities:
  ** CVE-2010-1320 KDC double free caused by ticket renewal
     (MITKRB5-SA-2010-004)
  ** CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005)

* Allow numeric IPv6 addresses for configuring KDC locations.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)

iEYEARECAAYFAkwGSjMACgkQSO8fWy4vZo6iGwCcC0ITvJFGeu5yTLEpwnZ/Anee
ec0An2e6O2MF4RWw6vMX4Dcl/RFUZ/q/
=TYhk
-----END PGP SIGNATURE-----




More information about the krbdev mailing list