You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa krb5

Sigurnosni nedostatak programskog paketa krb5

by - 0

——————————————————————————–
Fedora Update Notification
FEDORA-2019-320a5a6a68
2019-09-30 01:00:06.441810
——————————————————————————–

Name : krb5
Product : Fedora 30
Version : 1.17
Release : 15.fc30
URL : http://web.mit.edu/kerberos/www/
Summary : The Kerberos network authentication system
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network’s security by eliminating the insecure
practice of sending passwords over the network in unencrypted form.

——————————————————————————–
Update Information:

Fix KDC crash when logging PKINIT enctypes (CVE-2019-14844) This is a purely
denial-of-service issue, though it is unauthenticated, and is unlikely to
trigger by accident.
——————————————————————————–
ChangeLog:

* Wed Sep 25 2019 Robbie Harwood <rharwood@redhat.com> – 1.17-15
– Fix KDC crash when logging PKINIT enctypes (CVE-2019-14844)
* Wed Apr 24 2019 Robbie Harwood <rharwood@redhat.com> – 1.17-14
– Add dns_canonicalize_hostname=fallback support
* Wed Apr 24 2019 Robbie Harwood <rharwood@redhat.com> – 1.17-13
– Check more errors in OpenSSL crypto backend
* Mon Apr 22 2019 Robbie Harwood <rharwood@redhat.com> – 1.17-12
– Fix potential close(-1) in cc_file.c
* Wed Apr 17 2019 Robbie Harwood <rharwood@redhat.com> – 1.17-11
– Remove ovsec_adm_export and confvalidator
* Wed Apr 17 2019 Robbie Harwood <rharwood@redhat.com> – 1.17-10
– Fix config realm change logic in FILE remove_cred
* Thu Apr 11 2019 Robbie Harwood <rharwood@redhat.com> – 1.17-9
– Remove Kerberos v4 support vestiges (including ktany support)
* Thu Apr 11 2019 Robbie Harwood <rharwood@redhat.com> – 1.17-8
– Implement krb5_cc_remove_cred for remaining types
– Resolves: #1693836
* Mon Apr 1 2019 Robbie Harwood <rharwood@redhat.com> – 1.17-7
– FIPS-aware SPAKE group negotiation
* Mon Feb 25 2019 Robbie Harwood <rharwood@redhat.com> – 1.17-6
– Fix memory leak in ‘none’ replay cache type
– Silence a coverity warning while we’re here.
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-320a5a6a68’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke curl

Otkriveni su sigurnosni nedostaci programske biblioteke curl za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju izazivanje DoS stanja...

Close