diff options
author | Greg Hudson <ghudson@mit.edu> | 2018-05-03 10:33:33 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2018-05-03 10:33:33 -0400 |
commit | 8e153e3e8feb88780413d642273d60f0c15b2fe6 (patch) | |
tree | e115fee912847c6876226656855001edf85d0436 /README | |
parent | 051eb5b894adf63e41d88bc5e2a8b277e3bf7223 (diff) | |
download | krb5-8e153e3e8feb88780413d642273d60f0c15b2fe6.zip krb5-8e153e3e8feb88780413d642273d60f0c15b2fe6.tar.gz krb5-8e153e3e8feb88780413d642273d60f0c15b2fe6.tar.bz2 |
Update for krb5-1.16.1krb5-1.16.1-final
Diffstat (limited to 'README')
-rw-r--r-- | README | 53 |
1 files changed, 53 insertions, 0 deletions
@@ -73,6 +73,55 @@ from using single-DES cryptosystems. Among these is a configuration variable that enables "weak" enctypes, which defaults to "false" beginning with krb5-1.8. +Major changes in 1.16.1 (2018-05-03) +------------------------------------ + +This is a bug fix release. + +* Fix flaws in LDAP DN checking, including a null dereference KDC + crash which could be triggered by kadmin clients with administrative + privileges [CVE-2018-5729, CVE-2018-5730]. + +* Fix a KDC PKINIT memory leak. + +* Fix a small KDC memory leak on transited or authdata errors when + processing TGS requests. + +* Fix a regression in pkinit_cert_match matching of client + certificates containing Microsoft UPN SANs. + +* Fix a null dereference when the KDC sends a large TGS reply. + +* Fix "kdestroy -A" with the KCM credential cache type. + +* Allow validation of Microsoft PACs containing enterprise names. + +* Fix the handling of capaths "." values. + +* Fix handling of repeated subsection specifications in profile files + (such as when multiple included files specify relations in the same + subsection). + +krb5-1.16.1 changes by ticket ID +-------------------------------- + +7863 profile library mishandles duplicate subsections +8622 Point to kerberos.org/dist +8639 Always set appdefault_get() output argument +8640 krb5 build +8643 Fix flaws in LDAP DN checking +8644 Fix memory leak in KDC PKINIT code +8645 Fix KDC encrypting key memory leak on some errors +8646 Fix capaths "." values on client +8649 Allow validation of PACs with enterprise names +8658 kdestroy -A fails with KCM ccache type +8660 Document comments in krb5.conf +8666 KDC null dereference when TGS reply is too big for UDP +8669 Fix doubled "kadmind:" in kadmind fail_to_start() +8670 Regression in rule-based matching of PKINIT client certs with UPN SANs +8675 Set error message on KCM get_princ failure + + Major changes in 1.16 (2017-12-05) ---------------------------------- @@ -316,6 +365,7 @@ reports, suggestions, and valuable resources: Russell Allbery Brian Almeida Michael B Allen + Pooja Anil Heinz-Ado Arnolds Derek Atkins Mark Bannister @@ -371,6 +421,7 @@ reports, suggestions, and valuable resources: JC Ferguson Remi Ferrand Paul Fertser + Fabiano Fidêncio William Fiveash Jacques Florent Ákos Frohner @@ -451,6 +502,7 @@ reports, suggestions, and valuable resources: Zoran Pericic W. Michael Petullo Mark Phalan + Sharwan Ram Brett Randall Jonathan Reams Jonathan Reed @@ -484,6 +536,7 @@ reports, suggestions, and valuable resources: John Washington Stef Walter Xi Wang + Nehal J Wani Kevin Wasserman Margaret Wasserman Marcus Watts |