Fedora 14 Update: krb5-1.8.4-2.fc14

updates at fedoraproject.org updates at fedoraproject.org
Wed Jul 6 21:34:34 UTC 2011 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-8717
2011-06-25 19:40:00
--------------------------------------------------------------------------------

Name        : krb5
Product     : Fedora 14
Version     : 1.8.4
Release     : 2.fc14
URL         : http://web.mit.edu/kerberos/www/
Summary     : The Kerberos network authentication system
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.

--------------------------------------------------------------------------------
Update Information:

This update bumps us to 1.8.4, which rolls up a number of patches which we'd previously been carrying.

Additionally, the update now ensures that the proper SELinux file context is applied to replay caches when expired entries are expunged from them, and fixes a potential crash in "klist".
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 24 2011 Nalin Dahyabhai <nalin at redhat.com> 1.8.4-2
- incorporate a fix to teach the file labeling patch about when replay caches
  are expunged (#576093)
- switch to the upstream patch for #707145
* Thu Jun 23 2011 Nalin Dahyabhai <nalin at redhat.com>
- drop not-needed-since-1.8 build dependency on rsh (ssorce)
* Thu Jun 23 2011 Nalin Dahyabhai <nalin at redhat.com> 1.8.4-1
- update to 1.8.4
  - drop obsolete patch for upstream #6745
  - drop obsolete patch for upstream #6739, to stop returning context-expired
    errors when the ticket which was used to set up the context expires
  - drop obsolete patch for upstream #6745, to fix KDC parsing of the -P option
  - drop obsolete patch for CVE-2010-1322
  - drop obsolete prerequisite patch for MITKRB5-SA-2010-007
  - drop obsolete patch for MITKRB5-SA-2010-007
  - drop obsolete patch for MITKRB5-SA-2011-001
  - drop obsolete patch for MITKRB5-SA-2011-002
  - drop obsolete patch for MITKRB5-SA-2011-003
  - drop obsolete patch for MITKRB5-SA-2011-004
  - no more need to munge the kdb ldif to fix upstream #6701
* Wed May 25 2011 Nalin Dahyabhai <nalin at redhat.com> 1.8.2-11
- klist: don't trip over referral entries when invoked with -s (#707145,
  RT#6915)
* Wed Apr 13 2011 Nalin Dahyabhai <nalin at redhat.com> 1.8.2-10
- kadmind: add upstream patch to fix free() on an invalid pointer (#696343,
  MITKRB5-SA-2011-004, CVE-2011-0285)
* Fri Mar 18 2011 Nalin Dahyabhai <nalin at redhat.com>
- backport change from SVN to fix a computed-value-not-used warning in
  kpropd (#684065)
* Tue Mar 15 2011 Nalin Dahyabhai <nalin at redhat.com> 1.8.2-9
- add revised upstream patch to fix double-free in KDC while returning
  typed-data with errors (CVE-2011-0284, #674325)
* Tue Feb  8 2011 Nalin Dahyabhai <nalin at redhat.com> 1.8.2-8
- add upstream patches to fix standalone kpropd exiting if the per-client
  child process exits with an error (MITKRB5-SA-2011-001), and a hang or
  crash in the KDC when using the LDAP kdb backend (MITKRB5-SA-2011-002)
  (CVE-2010-4022, #664009, CVE-2011-0281, #668719, CVE-2011-0282, #668726)
* Tue Nov 30 2010 Nalin Dahyabhai <nalin at redhat.com> 1.8.2-7
- pull up 1.8.2/1.8.3 libk5crypto changes to correct the patch context
- add upstream patch to fix various issues from MITKRB5-SA-2010-007
  (CVE-2010-1323, #648734, CVE-2010-1324, #648674, CVE-2010-4020, #648735)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #576093 - ssh changes security context of /var/tmp/host_0
        https://bugzilla.redhat.com/show_bug.cgi?id=576093
  [ 2 ] Bug #707145 - [abrt] krb5-workstation-1.8.2-10.fc14: strcmp: Process /usr/bin/klist was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=707145
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update krb5' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list