Fedora 20 Update: krb5-1.11.3-38.fc20

updates at fedoraproject.org updates at fedoraproject.org
Tue Jan 7 09:45:14 UTC 2014 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-23721
2013-12-21 01:15:36
--------------------------------------------------------------------------------

Name        : krb5
Product     : Fedora 20
Version     : 1.11.3
Release     : 38.fc20
URL         : http://web.mit.edu/kerberos/www/
Summary     : The Kerberos network authentication system
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of sending passwords over the network in unencrypted form.

--------------------------------------------------------------------------------
Update Information:

This update refreshes backported OTP functionality to more closely match the behavior of the recent 1.12 upstream release.

The main notable change is that in the krb5.conf file, the "secret" configuration setting, which was previously used to hold the secret that is shared between a KDC and a RADIUS server which it uses for checking one-time passwords, is now interpreted as the pathname for a file which contains that secret.

This update also backports a fix to prevent applications which use the krb5_copy_context() function from crashing.

The package also contains backported interoperability, memory management, and error reporting fixes for the SPNEGO GSSAPI mechanism, and a memory leak fix for servers using GSSAPI when they encounter certain errors.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 19 2013 Nalin Dahyabhai <nalin at redhat.com> - 1.11.3-38
- pull in fix from master to make reporting of errors encountered by the SPNEGO
  mechanism work better (RT#7045, part of #1043962)
* Thu Dec 19 2013 Nalin Dahyabhai <nalin at redhat.com>
- update a test wrapper to properly handle things that the new libkrad does,
  and add python-pyrad as a build requirement so that we can run its tests
* Wed Dec 18 2013 Nalin Dahyabhai <nalin at redhat.com> - 1.11.3-37
- backport fixes to krb5_copy_context (RT#7807, #1044735/#1044739)
* Wed Dec 18 2013 Nalin Dahyabhai <nalin at redhat.com> - 1.11.3-36
- backport fix to avoid double-freeing in the client when we're configured
  to use a clpreauth module that isn't actually a clpreauth module (#1035203)
* Wed Dec 18 2013 Nalin Dahyabhai <nalin at redhat.com> - 1.11.3-35
- pull in fix from master to return a NULL pointer rather than allocating
  zero bytes of memory if we read a zero-length input token (RT#7794, part of
  - pull in fix from master to ignore an empty token from an acceptor if
  we've already finished authenticating (RT#7797, part of #1043962)
- pull in fix from master to avoid a memory leak when a mechanism's
  init_sec_context function fails (RT#7803, part of #1043962)
- pull in fix from master to avoid a memory leak in a couple of error
  cases which could occur while obtaining acceptor credentials (RT#7805, part
  of #1043962)
* Tue Dec 17 2013 Nalin Dahyabhai <nalin at redhat.com> - 1.11.3-34
- backport additional changes to libkrad to make it function more like
  the version in upstream 1.12, and a few things in the OTP plugin as well
  (most visibly, that the secret that's shared with the RADIUS server is read
  from a file rather than used directly) (#1040056)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1044739 - krb5_copy_context seg faults
        https://bugzilla.redhat.com/show_bug.cgi?id=1044739
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update krb5' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list