[16775] in Kerberos_V5_Development
krb5-1.9.1-beta1 is available
daemon@ATHENA.MIT.EDU (Tom Yu)
Mon Apr 25 16:38:09 2011
To: krbdev@mit.edu
From: Tom Yu <tlyu@mit.edu>
Date: Mon, 25 Apr 2011 16:38:01 -0400
Message-ID: <ldvr58qgj86.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MIT krb5-1.9.1-beta1 is now available for download from
http://web.mit.edu/kerberos/dist/testing.html
The main MIT Kerberos web page is
http://web.mit.edu/kerberos/
Please send comments to the krbdev list. The final release will
probably occur in early May. The README file contains a more
extensive list of changes.
Major changes in 1.9.1
- ----------------------
This is primarily a bugfix release.
* Fix vulnerabilities:
** kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022]
** KDC denial of service attacks [MITKRB5-SA-2011-002
CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]
** KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003
CVE-2011-0284]
** kadmind frees invalid pointer [MITKRB5-SA-2011-004 CVE-2011-0285]
* Interoperability:
** Don't reject AP-REQ messages if their PAC doesn't validate;
suppress the PAC instead.
** Correctly validate HMAC-MD5 checksums that use DES keys
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)
iEYEARECAAYFAk21260ACgkQSO8fWy4vZo5QCQCfbkfkNa5E+lIxAa9zrY0JJiIu
5owAoM1syBte2aeCIzKTkPCEsNFZu6U2
=V7Ha
-----END PGP SIGNATURE-----
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
