Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

krb5-mini-1.10.2-10.22.1 RPM for armv7hl

From OpenSuSE 12.3 updates for armv7hl

Name: krb5-mini Distribution: openSUSE 12.3
Version: 1.10.2 Vendor: openSUSE
Release: 10.22.1 Build date: Thu Nov 14 17:50:58 2013
Group: Productivity/Networking/Security Build host: armbuild05
Size: 2858065 Source RPM: krb5-mini-1.10.2-10.22.1.src.rpm
Summary: MIT Kerberos5 Implementation--Libraries
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of clear text passwords.






* Fri Nov 08 2013
  - fix Multi-realm KDC null deref
    CVE-2013-1418 (bnc#849240)
* Fri Jun 21 2013
  - fix kpasswd UDP ping-pong
    CVE-2002-2443 (bnc#825985)
* Mon Apr 22 2013
  - fix prep_reprocess_req NULL pointer deref
    CVE-2013-1416 (bnc#816413)
* Fri Mar 22 2013
  - fix path to executables in service files
* Wed Mar 06 2013
  - fix PKINIT null pointer deref in pkinit_check_kdc_pkid()
    CVE-2012-1016 (bnc#807556)
* Mon Mar 04 2013
  - fix PKINIT null pointer deref
    CVE-2013-1415 (bnc#806715)
* Fri Jan 25 2013
  - package missing file (bnc#794784)
* Tue Jan 22 2013
  - krb5-1.10-spin-loop.patch: fix spin-loop bug in k5_sendto_kdc
* Tue Oct 16 2012
  - revert the -p usage in %postun to fix SLE build
* Tue Oct 16 2012
  - buildrequire systemd by pkgconfig provide to get systemd-mini
* Sat Oct 13 2012
  - do not require systemd in krb5-mini
* Fri Oct 05 2012
  - add systemd service files for kadmind, krb5kdc and kpropd
  - add sysconfig templates for kadmind and krb5kdc
* Wed Jun 13 2012
  - fix %files section for krb5-mini
* Thu Jun 07 2012
  - fix gcc47 issues
* Wed Jun 06 2012
  - update to version 1.10.2
    obsolte patches:
    * krb5-1.7-nodeplibs.patch
    * krb5-1.9.1-ai_addrconfig.patch
    * krb5-1.9.1-ai_addrconfig2.patch
    * krb5-1.9.1-sendto_poll.patch
    * krb5-1.9-canonicalize-fallback.patch
    * krb5-1.9-paren.patch
    * krb5-klist_s.patch
    * krb5-pkinit-cms2.patch
    * krb5-trunk-chpw-err.patch
    * krb5-trunk-gss_delete_sec.patch
    * krb5-trunk-kadmin-oldproto.patch
    * krb5-1.9-MITKRB5-SA-2011-006.dif
    * krb5-1.9-gss_display_status-iakerb.patch
    * krb5-1.9.1-sendto_poll2.patch
    * krb5-1.9.1-sendto_poll3.patch
    * krb5-1.9-MITKRB5-SA-2011-007.dif
  - Fix an interop issue with Windows Server 2008 R2 Read-Only Domain
  - Update a workaround for a glibc bug that would cause DNS PTR queries
    to occur even when rdns = false.
  - Fix a kadmind denial of service issue (null pointer dereference),
    which could only be triggered by an administrator with the "create"
    privilege.  [CVE-2012-1013]
  - Fix access controls for KDB string attributes [CVE-2012-1012]
  - Make the ASN.1 encoding of key version numbers interoperate with
    Windows Read-Only Domain Controllers
  - Avoid generating spurious password expiry warnings in cases where
    the KDC sends an account expiry time without a password expiry time
  - Make PKINIT work with FAST in the client library.
  - Add the DIR credential cache type, which can hold a collection of
    credential caches.
  - Enhance kinit, klist, and kdestroy to support credential cache
    collections if the cache type supports it.
  - Add the kswitch command, which changes the selected default cache
    within a collection.
  - Add heuristic support for choosing client credentials based on
    the service realm.
  - Add support for $HOME/.k5identity, which allows credential
    choice based on configured rules.
* Sun Feb 26 2012
  - add autoconf macro to devel subpackage
* Tue Jan 31 2012
  - fix license in krb5-mini
* Tue Dec 20 2011
  - add autoconf as buildrequire to avoid implicit dependency
* Tue Dec 20 2011
  - remove call to suse_update_config, very old work around
* Mon Nov 21 2011
  - fix KDC null pointer dereference in TGS handling
    (MITKRB5-SA-2011-007, bnc#730393)
* Mon Nov 21 2011
  - fix KDC HA feature introduced with implementing KDC poll
    (RT#6951, bnc#731648)
* Fri Nov 18 2011
  - fix minor error messages for the IAKERB GSSAPI mechanism
* Mon Oct 17 2011
  - fix kdc remote denial of service
    (MITKRB5-SA-2011-006, bnc#719393)
    CVE-2011-1527, CVE-2011-1528, CVE-2011-1529
* Tue Aug 23 2011
  - use --without-pam to build krb5-mini
* Sun Aug 21 2011
  - add patches from Fedora and upstream
  - fix init scripts (bnc#689006)
* Fri Aug 19 2011
  - update to version 1.9.1
    * obsolete patches:
    * replace krb5-1.6.1-compile_pie.dif
* Thu Apr 14 2011
  - fix kadmind invalid pointer free()
    (MITKRB5-SA-2011-004, bnc#687469)
* Tue Mar 01 2011
  - Fix vulnerability to a double-free condition in KDC daemon
    (MITKRB5-SA-2011-003, bnc#671717)
* Wed Jan 19 2011
  - Fix kpropd denial of service
    (MITKRB5-SA-2011-001, bnc#662665)
  - Fix KDC denial of service attacks with LDAP back end
    (MITKRB5-SA-2011-002, bnc#663619)
    CVE-2011-0281, CVE-2011-0282
* Wed Dec 01 2010
  - Fix multiple checksum handling vulnerabilities
    (MITKRB5-SA-2010-007, bnc#650650)
    * krb5 GSS-API applications may accept unkeyed checksums
    * krb5 application services may accept unkeyed PAC checksums
    * krb5 KDC may accept low-entropy KrbFastArmoredReq checksums
    * krb5 clients may accept unkeyed SAM-2 challenge checksums
    * krb5 may accept KRB-SAFE checksums with low-entropy derived keys
    * krb5 may accept authdata checksums with low-entropy derived keys
    * krb5 KDC may issue unrequested tickets due to KrbFastReq forgery
* Thu Oct 28 2010
  - fix csh profile (bnc#649856)
* Fri Oct 22 2010
  - update to krb5-1.8.3
    * remove patches which are now upstrem
    - krb5-1.7-MITKRB5-SA-2010-004.dif
    - krb5-1.8.1-gssapi-error-table.dif
    - krb5-MITKRB5-SA-2010-005.dif
* Fri Oct 22 2010
  - change environment variable PATH directly for csh
* Mon Sep 27 2010
  - fix a dereference of an uninitialized pointer while processing
    authorization data.
    CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990)
* Mon Jun 21 2010
  - add correct error table when initializing gss-krb5 (bnc#606584,
* Wed May 19 2010
  - fix GSS-API library null pointer dereference
    CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826)
* Wed Apr 14 2010
  - fix a double free vulnerability in the KDC
    CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002)
* Fri Apr 09 2010
  - update to version 1.8.1
    * include krb5-1.8-POST.dif
    * include MITKRB5-SA-2010-002
* Tue Apr 06 2010
  - update krb5-1.8-POST.dif
* Tue Mar 23 2010
  - fix a bug where an unauthenticated remote attacker could cause
    a GSS-API application including the Kerberos administration
    daemon (kadmind) to crash.
    CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557)
* Tue Mar 23 2010
  - add post 1.8 fixes
    * Add IPv6 support to changepw.c
    * fix two problems in kadm5_get_principal mask handling
    * Ignore improperly encoded signedpath AD elements
    * handle NT_SRV_INST in service principal referrals
    * dereference options while checking
    * Fix the kpasswd fallback from the ccache principal name
    * Document the ticket_lifetime libdefaults setting
    * Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512
* Thu Mar 04 2010
  - update to version 1.8
    * Increase code quality
    * Move toward improved KDB interface
    * Investigate and remedy repeatedly-reported performance
    * Reduce DNS dependence by implementing an interface that allows
      client library to track whether a KDC supports service
      principal referrals.
    * Disable DES by default
    * Account lockout for repeated login failures
    * Bridge layer to allow Heimdal HDB modules to act as KDB
      backend modules
    * FAST enhancements
    * Microsoft Services for User (S4U) compatibility
    * Anonymous PKINIT
  - fix KDC denial of service
    CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781)
  - fix KDC denial of service in cross-realm referral processing
    CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347)
  - fix integer underflow in AES and RC4 decryption
    CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)
  - moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl
* Mon Dec 14 2009
  - add baselibs.conf as a source
* Fri Nov 13 2009
  - enhance '$PATH' only if the directories are available
    and not empty (bnc#544949)
* Sun Jul 12 2009
  - readd lost baselibs.conf
* Wed Jun 03 2009
  - update to final 1.7 release
* Wed May 13 2009
  - update to version 1.7 Beta2
    * Incremental propagation support for the KDC database.
    * Flexible Authentication Secure Tunneling (FAST), a preauthentiation
      framework that can protect the AS exchange from dictionary attack.
    * Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which
      allows a GSS application to request credential delegation only if
      permitted by KDC policy.
    * Fix CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 --
      various vulnerabilities in SPNEGO and ASN.1 code.



Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Feb 10 05:08:15 2016