Fedora 7 Update: krb5-1.6.1-6.fc7

updates at fedoraproject.org updates at fedoraproject.org
Wed Feb 13 05:15:32 UTC 2008


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-4100
2008-02-13 04:25:18
--------------------------------------------------------------------------------

Name        : krb5
Product     : Fedora 7
Version     : 1.6.1
Release     : 6.fc7
URL         : http://web.mit.edu/kerberos/www/
Summary     : The Kerberos network authentication system.
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.

--------------------------------------------------------------------------------
Update Information:

This update corrects a syntax error in the kadmind init script and fixes a
couple of bugs which could cause credential delegation to appear to fail when it
hadn't, and which made it difficult to use delegated Kerberos credentials when
SPNEGO was used.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 16 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-6
- backport a fix to make handling of returned flags during spnego credential
  delegation more forgiving of apps which don't care about flags but still
  want a delegated credential handle (#314651, RT#5802)
- fix retrieval of krb5 credentials from an spnego delegated handle (#319351,
  RT#5807)
* Mon Sep 17 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-5
- fix incorrect call to "test" in the kadmin init script (Fran Taylor, #287291)
* Thu Sep  6 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-4
- incorporate updated fix for CVE-2007-3999 (CVE-2007-4743)
* Tue Sep  4 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-3
- incorporate fixes for MITKRB5-SA-2007-006 (CVE-2007-3999, CVE-2007-4000)
* Wed Jun 27 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-2.1
- incorporate fixes for MITKRB5-SA-2007-004 (CVE-2007-2442,CVE-2007-2443)
  and MITKRB5-SA-2007-005 (CVE-2007-2798)
* Wed Jun 27 2007 Nalin Dahyabhai <nalin at redhat.com>
- preprocess kerberos.ldif into a format FDS will like better, and include
  that as a doc file as well (from 1.6.1-4)
- drop old, incomplete SELinux patch (from 1.6.1-4)
- add patch from Greg Hudson to make srvtab routines report missing-file errors
  at same point that "file" keytab routines do (from 1.6.1-4, #241805)
* Wed Jun 27 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-2.0
- pull up from devel HEAD's 1.6.1-2
* Thu May 24 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-2
- pull patch from svn to undo unintentional chattiness in ftp
- pull patch from svn to handle NULL krb5_get_init_creds_opt structures
  better in a couple of places where they're expected
* Wed May 23 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.1-1
- update to 1.6.1
  - drop no-longer-needed patches for CVE-2007-0956,CVE-2007-0957,CVE-2007-1216
  - drop patch for sendto bug in 1.6, fixed in 1.6.1
* Fri May 18 2007 Nalin Dahyabhai <nalin at redhat.com>
- kadmind.init: don't fail outright if the default principal database
  isn't there if it looks like we might be using the kldap plugin
- kadmind.init: attempt to extract the key for the host-specific kadmin
  service when we try to create the keytab
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #287291 - kadmin doesn't start when LDAP backend is used
        https://bugzilla.redhat.com/show_bug.cgi?id=287291
  [ 2 ] Bug #252322 - /etc/init.d/kadmin: line 35: [: too many arguments
        https://bugzilla.redhat.com/show_bug.cgi?id=252322
  [ 3 ] Bug #319351 - gss_krb5_copy_ccache can't find delegated Kerberos creds when using SPNEGO
        https://bugzilla.redhat.com/show_bug.cgi?id=319351
  [ 4 ] Bug #314651 - gss_init_sec_context() mechglue wrapper doesn't handle ret_flags right
        https://bugzilla.redhat.com/show_bug.cgi?id=314651
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update krb5' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------




More information about the Fedora-package-announce mailing list