——————————————————————————–

Fedora Update Notification

FEDORA-2017-56e23bc2b5

2017-09-22 15:26:37.730274

——————————————————————————–

 

Name        : krb5

Product     : Fedora 25

Version     : 1.14.4

Release     : 9.fc25

URL         : http://web.mit.edu/kerberos/www/

Summary     : The Kerberos network authentication system

Description :

Kerberos V5 is a trusted-third-party network authentication system,

which can improve your network’s security by eliminating the insecure

practice of sending passwords over the network in unencrypted form.

 

——————————————————————————–

Update Information:

 

– Prevent applications from accidentally implementing CVE-2017-11462 (double

free if sec_context is copied). – fc26+: Add ccselect hostrealm module for

ccache selection based on service hostname.

——————————————————————————–

References:

 

  [ 1 ] Bug #1488873 – CVE-2017-11462 krb5: Automatic sec context deletion could lead to double-free

        https://bugzilla.redhat.com/show_bug.cgi?id=1488873

——————————————————————————–

 

This update can be installed with the “dnf” update program. Use

su -c ‘dnf upgrade krb5’ at the command line.

For more information, refer to the dnf documentation available at

http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

 

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/keys

——————————————————————————–

_______________________________________________

package-announce mailing list — package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

 

——————————————————————————–
Fedora Update Notification
FEDORA-2017-10c74147f9
2017-09-09 20:54:31.151626
——————————————————————————–

Name : krb5
Product : Fedora 26
Version : 1.15.1
Release : 28.fc26
URL : http://web.mit.edu/kerberos/www/
Summary : The Kerberos network authentication system
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network’s security by eliminating the insecure
practice of sending passwords over the network in unencrypted form.

——————————————————————————–
Update Information:

– Prevent applications from accidentally implementing CVE-2017-11462 (double
free if sec_context is copied). – fc26+: Add ccselect hostrealm module for
ccache selection based on service hostname.
——————————————————————————–
References:

[ 1 ] Bug #1488873 – CVE-2017-11462 krb5: Automatic sec context deletion could lead to double-free
https://bugzilla.redhat.com/show_bug.cgi?id=1488873
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade krb5’ at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org