Fedora 13 Update: krb5-1.7.1-13.fc13

updates at fedoraproject.org updates at fedoraproject.org
Sat Sep 11 09:08:27 UTC 2010


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-13541
2010-08-26 00:26:11
--------------------------------------------------------------------------------

Name        : krb5
Product     : Fedora 13
Version     : 1.7.1
Release     : 13.fc13
URL         : http://web.mit.edu/kerberos/www/
Summary     : The Kerberos network authentication system
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.

--------------------------------------------------------------------------------
Update Information:

A bug in the LDAP kdb backend module caused key expiration times to be computed
incorrectly in some cases, and the ksu application incorrectly performed PAM
account and session management as the invoking user rather than as root.  This
update corrects these bugs.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 25 2010 Nalin Dahyabhai <nalin at redhat.com> 1.7.1-13
- adjust the last patch to apply properly to 1.7.1
* Tue Aug 24 2010 Nalin Dahyabhai <nalin at redhat.com> 1.7.1-12
- fix a logic bug in computing key expiration times (RT#6762, #627022)
* Mon Jun 21 2010 Nalin Dahyabhai <nalin at redhat.com>
- pull up fix for upstream #6745, in which the gssapi library would add the
  wrong error table but subsequently attempt to unload the right one
* Wed Jun  9 2010 Nalin Dahyabhai <nalin at redhat.com> - 1.7.1-11
- use the "pathmunge" function to add %{krb5prefix}/bin to $PATH rather
  than doing it the harder way ourselves (part of #544652)
* Thu May 27 2010 Nalin Dahyabhai <nalin at redhat.com>
- ksu: move session management calls to before we drop privileges, like
  su does (#596887), and don't skip the PAM account check for root or the
  same user (more of #540769)
* Tue May 18 2010 Nalin Dahyabhai <nalin at redhat.com> 1.7.1-10
- add patch to correct GSSAPI library null pointer dereference which could be
  triggered by malformed client requests (CVE-2010-1321, #582466)
* Tue May  4 2010 Nalin Dahyabhai <nalin at redhat.com> 1.7.1-9
- fix output of kprop's init script's "status" and "reload" commands (#588222)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #627022 - Incorrect handling of password expiration
        https://bugzilla.redhat.com/show_bug.cgi?id=627022
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update krb5' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list