Fedora 16 Update: krb5-1.9.2-6.fc16

updates at fedoraproject.org updates at fedoraproject.org
Sat Feb 11 22:04:35 UTC 2012


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-1067
2012-01-31 21:18:17
--------------------------------------------------------------------------------

Name        : krb5
Product     : Fedora 16
Version     : 1.9.2
Release     : 6.fc16
URL         : http://web.mit.edu/kerberos/www/
Summary     : The Kerberos network authentication system
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.

--------------------------------------------------------------------------------
Update Information:

This update backports fixes needed by development versions of FreeIPA from upstream's development tree, and incorporates a patch to accept entries with version number 0 as matching any desired version number when scanning keytabs for matching entries.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan 30 2012 Nalin Dahyabhai <nalin at redhat.com> 1.9.2-6
- add patch to accept keytab entries with vno==0 as matches when we're
  searching for an entry with a specific name/kvno (#230382/#782211,RT#3349)
* Tue Dec 13 2011 Nalin Dahyabhai <nalin at redhat.com> 1.9.2-5
- backport patch for RT#7046: tag a ccache containing credentials obtained via
  S4U2Proxy with the principal name of the proxying principal (part of #761317)
  so that the default principal name can be set to that of the client for which
  it is proxying, which results in the ccache looking more normal to consumers
  of the ccache that don't care that there's proxying going on
- pull in patch for RT#7047: allow tickets obtained via S4U2Proxy to be cached
  (more of #761317)
- backport patch for RT#7048: allow PAC verification to only bother trying to
  verify the signature with keys that it's given (still more of #761317)
* Tue Dec  6 2011 Nalin Dahyabhai <nalin at redhat.com> 1.9.2-4
- apply upstream patch to fix a null pointer dereference when processing
  TGS requests (CVE-2011-1530, #753748)
* Wed Nov 30 2011 Nalin Dahyabhai <nalin at redhat.com> 1.9.2-3
- correct a bug in the fix for #754001 so that the file creation context is
  consistently reset
* Tue Nov 22 2011 Nalin Dahyabhai <nalin at redhat.com> 1.9.2-2
- pull patch from trunk so that when computing an HMAC, we don't assume that
  the HMAC output size is the same as the input key length (RT#6994, #756139)
* Tue Nov 15 2011 Nalin Dahyabhai <nalin at redhat.com> 1.9.2-1
- update to 1.9.2, incorporating the recent security update and some of the
  things we were previously backporting, among other fixes
* Tue Nov 15 2011 Nalin Dahyabhai <nalin at redhat.com> 1.9.1-19
- selinux: reset the creation context properly after expunging replay caches
  if they were previously set to the default value (#754001)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #761317 - Please backport s4u2proxy fixes from upstream trunk
        https://bugzilla.redhat.com/show_bug.cgi?id=761317
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update krb5' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list