krb5-1.8.2-beta1 is available
Tom Yu
tlyu at MIT.EDU
Wed Jun 2 08:10:21 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MIT krb5-1.8.2-beta1 is now available for download from
http://web.mit.edu/kerberos/dist/testing.html
The main MIT Kerberos web page is
http://web.mit.edu/kerberos/
This is the code freeze for the krb5-1.8.2 release, which will
probably have a final release early next week.
The README file contains a more extensive list of changes.
The Data Encryption Standard (DES) is widely recognized as weak. The
krb5-1.7 release contains measures to encourage sites to migrate away
- From using single-DES cryptosystems. Among these is a configuration
variable that enables "weak" enctypes, which now defaults to "false"
beginning with krb5-1.8. The krb5-1.8 release includes additional
measures to ease the transition away from single-DES. These
additional measures include:
* enctype config enhancements (so you can do "DEFAULT +des", etc.)
* new API to allow applications (e.g. AFS) to explicitly reenable weak
crypto
* easier kadmin history key changes
Major changes in 1.8.2
- ----------------------
This is primarily a bugfix release.
* Fix vulnerabilities:
** CVE-2010-1320 KDC double free caused by ticket renewal
(MITKRB5-SA-2010-004)
** CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005)
* Allow numeric IPv6 addresses for configuring KDC locations.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)
iEYEARECAAYFAkwGSjMACgkQSO8fWy4vZo6iGwCcC0ITvJFGeu5yTLEpwnZ/Anee
ec0An2e6O2MF4RWw6vMX4Dcl/RFUZ/q/
=TYhk
-----END PGP SIGNATURE-----
More information about the krbdev
mailing list