-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-f3046b6bfb 2020-01-04 20:32:10.353770 --------------------------------------------------------------------------------
Name : heimdal Product : Fedora 31 Version : 7.7.0 Release : 2.fc31 URL : http://www.heimdal.software/ Summary : A Kerberos 5 implementation without export restrictions Description : Kerberos 5 is a network authentication and single sign-on system. Heimdal is a free Kerberos 5 implementation without export restrictions written from the spec (rfc1510 and successors) including advanced features like thread safety, IPv6, master-slave replication of Kerberos Key Distribution Center server and support for ticket delegation (S4U2Self, S4U2Proxy). This package can coexist with MIT Kerberos 5 packages. Hesiod is disabled by default since it is deemed too big a security risk by the packager.
-------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2019-12098 -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 21 2019 Alexander Bostr��m abo@root.snowtree.se - 7.7.0-2 - Set timeout on make check * Fri Dec 20 2019 Alexander Bostr��m abo@root.snowtree.se - 7.7.0-1 - Update to 7.7.0 - Remove upstreamed patch - New project URL - Update buildreqs - Add locale build fix -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1710841 - CVE-2019-12098 heimdal: man-in-the-middle attack in function krb5_init_creds_step in lib/krb5/init_creds_pw.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1710841 [ 2 ] Bug #1710125 - heimdal-7.7.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1710125 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-f3046b6bfb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------