Fedora 15 Update: krb5-1.9.1-5.fc15

updates at fedoraproject.org updates at fedoraproject.org
Wed Jul 6 21:36:18 UTC 2011


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-8726
2011-06-25 19:40:21
--------------------------------------------------------------------------------

Name        : krb5
Product     : Fedora 15
Version     : 1.9.1
Release     : 5.fc15
URL         : http://web.mit.edu/kerberos/www/
Summary     : The Kerberos network authentication system
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.

--------------------------------------------------------------------------------
Update Information:

This update bumps us to 1.9.1, which rolls up a few patches which we'd previously been carrying.

Additionally, the update now ensures that the proper SELinux file context is applied to replay caches when expired entries are expunged from them, and fixes a potential crash in "klist".

It backports fixes for interoperability problems with KDCs which reject requests which specify options they don't recognize, and with older versions of kadmind.  It also backports a change to how host names are used to derive principal names.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 23 2011 Nalin Dahyabhai <nalin at redhat.com> 1.9.1-5
- pull a fix from SVN to try to avoid triggering a PTR lookup in getaddrinfo()
  during krb5_sname_to_principal(), and to let getaddrinfo() decide whether or
  not to ask for an IPv6 address based on the set of configured interfaces
  (RT#6922)
- pull a fix from SVN to use AI_ADDRCONFIG more often (RT#6923)
* Mon Jun 20 2011 Nalin Dahyabhai <nalin at redhat.com> 1.9.1-4
- apply upstream patch by way of Burt Holzman to fall back to a non-referral
  method in cases where we might be derailed by a KDC that rejects the
  canonicalize option (for example, those from the RHEL 2.1 or 3 era) (#715074)
* Tue Jun 14 2011 Nalin Dahyabhai <nalin at redhat.com> 1.9.1-3
- pull a fix from SVN to get libgssrpc clients (e.g. kadmin) authenticating
  using the old protocol over IPv4 again (RT#6920)
* Tue Jun 14 2011 Nalin Dahyabhai <nalin at redhat.com>
- incorporate a fix to teach the file labeling bits about when replay caches
  are expunged (#576093)
* Thu May 26 2011 Nalin Dahyabhai <nalin at redhat.com>
- switch to the upstream patch for #707145
* Wed May 25 2011 Nalin Dahyabhai <nalin at redhat.com> 1.9.1-2
- klist: don't trip over referral entries when invoked with -s (#707145,
  RT#6915)
* Fri May  6 2011 Nalin Dahyabhai <nalin at redhat.com>
- fixup URL in a comment
- when built with NSS, require 3.12.10 rather than 3.12.9
* Thu May  5 2011 Nalin Dahyabhai <nalin at redhat.com> 1.9.1-1
- update to 1.9.1:
  - drop no-longer-needed patches for CVE-2010-4022, CVE-2011-0281,
    CVE-2011-0282, CVE-2011-0283, CVE-2011-0284, CVE-2011-0285
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #684065 - missing parenthesis in backoff_from_master()
        https://bugzilla.redhat.com/show_bug.cgi?id=684065
  [ 2 ] Bug #715074 - Canonicalize fallback only works for different realm (MITKRB RT #6917)
        https://bugzilla.redhat.com/show_bug.cgi?id=715074
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update krb5' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list