Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

krb5-plugin-kdb-ldap-1.10.2-10.22.1 RPM for armv7hl

From OpenSuSE 12.3 updates for armv7hl

Name: krb5-plugin-kdb-ldap Distribution: openSUSE 12.3
Version: 1.10.2 Vendor: openSUSE
Release: 10.22.1 Build date: Thu Nov 14 17:50:41 2013
Group: Productivity/Networking/Security Build host: armbuild06
Size: 204146 Source RPM: krb5-1.10.2-10.22.1.src.rpm
Packager: http://bugs.opensuse.org
Url: http://web.mit.edu/kerberos/www/
Summary: MIT Kerberos5 Implementation--LDAP Database Plugin
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of clear text passwords. This package contains the LDAP
database plugin.

Provides

Requires

License

MIT

Changelog

* Fri Nov 08 2013 ckornacker@suse.de
  - fix Multi-realm KDC null deref
    CVE-2013-1418 (bnc#849240)
    + added bug-849240-CVE-2013-1418-fix-multi-realm-kdc-null-deref.dif
* Fri Jun 21 2013 mc@suse.de
  - fix kpasswd UDP ping-pong
    CVE-2002-2443 (bnc#825985)
* Mon Apr 22 2013 mc@suse.de
  - fix prep_reprocess_req NULL pointer deref
    CVE-2013-1416 (bnc#816413)
    bug-816413-CVE-2013-1416-prep_reprocess_req-NULL-ptr-deref.dif
* Fri Mar 22 2013 mc@suse.de
  - fix path to executables in service files
    (bnc#810926)
* Wed Mar 06 2013 mc@suse.de
  - fix PKINIT null pointer deref in pkinit_check_kdc_pkid()
    CVE-2012-1016 (bnc#807556)
    bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif
* Mon Mar 04 2013 mc@suse.de
  - fix PKINIT null pointer deref
    CVE-2013-1415 (bnc#806715)
    bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif
* Fri Jan 25 2013 mc@suse.de
  - package missing file (bnc#794784)
* Tue Jan 22 2013 lchiquitto@suse.com
  - krb5-1.10-spin-loop.patch: fix spin-loop bug in k5_sendto_kdc
    (bnc#793336)
* Tue Oct 16 2012 coolo@suse.com
  - revert the -p usage in %postun to fix SLE build
* Tue Oct 16 2012 coolo@suse.com
  - buildrequire systemd by pkgconfig provide to get systemd-mini
* Sat Oct 13 2012 coolo@suse.com
  - do not require systemd in krb5-mini
* Fri Oct 05 2012 mc@suse.de
  - add systemd service files for kadmind, krb5kdc and kpropd
  - add sysconfig templates for kadmind and krb5kdc
* Wed Jun 13 2012 coolo@suse.com
  - fix %files section for krb5-mini
* Thu Jun 07 2012 mc@suse.de
  - fix gcc47 issues
* Wed Jun 06 2012 mc@suse.de
  - update to version 1.10.2
    obsolte patches:
    * krb5-1.7-nodeplibs.patch
    * krb5-1.9.1-ai_addrconfig.patch
    * krb5-1.9.1-ai_addrconfig2.patch
    * krb5-1.9.1-sendto_poll.patch
    * krb5-1.9-canonicalize-fallback.patch
    * krb5-1.9-paren.patch
    * krb5-klist_s.patch
    * krb5-pkinit-cms2.patch
    * krb5-trunk-chpw-err.patch
    * krb5-trunk-gss_delete_sec.patch
    * krb5-trunk-kadmin-oldproto.patch
    * krb5-1.9-MITKRB5-SA-2011-006.dif
    * krb5-1.9-gss_display_status-iakerb.patch
    * krb5-1.9.1-sendto_poll2.patch
    * krb5-1.9.1-sendto_poll3.patch
    * krb5-1.9-MITKRB5-SA-2011-007.dif
  - Fix an interop issue with Windows Server 2008 R2 Read-Only Domain
    Controllers.
  - Update a workaround for a glibc bug that would cause DNS PTR queries
    to occur even when rdns = false.
  - Fix a kadmind denial of service issue (null pointer dereference),
    which could only be triggered by an administrator with the "create"
    privilege.  [CVE-2012-1013]
  - Fix access controls for KDB string attributes [CVE-2012-1012]
  - Make the ASN.1 encoding of key version numbers interoperate with
    Windows Read-Only Domain Controllers
  - Avoid generating spurious password expiry warnings in cases where
    the KDC sends an account expiry time without a password expiry time
  - Make PKINIT work with FAST in the client library.
  - Add the DIR credential cache type, which can hold a collection of
    credential caches.
  - Enhance kinit, klist, and kdestroy to support credential cache
    collections if the cache type supports it.
  - Add the kswitch command, which changes the selected default cache
    within a collection.
  - Add heuristic support for choosing client credentials based on
    the service realm.
  - Add support for $HOME/.k5identity, which allows credential
    choice based on configured rules.
* Sun Feb 26 2012 stefan.bruens@rwth-aachen.de
  - add autoconf macro to devel subpackage
* Tue Jan 31 2012 meissner@suse.de
  - fix license in krb5-mini
* Tue Dec 20 2011 coolo@suse.com
  - add autoconf as buildrequire to avoid implicit dependency
* Tue Dec 20 2011 coolo@suse.com
  - remove call to suse_update_config, very old work around
* Mon Nov 21 2011 mc@suse.de
  - fix KDC null pointer dereference in TGS handling
    (MITKRB5-SA-2011-007, bnc#730393)
    CVE-2011-1530
* Mon Nov 21 2011 mc@suse.de
  - fix KDC HA feature introduced with implementing KDC poll
    (RT#6951, bnc#731648)
* Fri Nov 18 2011 rhafer@suse.de
  - fix minor error messages for the IAKERB GSSAPI mechanism
    (see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7020)
* Mon Oct 17 2011 mc@suse.de
  - fix kdc remote denial of service
    (MITKRB5-SA-2011-006, bnc#719393)
    CVE-2011-1527, CVE-2011-1528, CVE-2011-1529
* Tue Aug 23 2011 mc@suse.de
  - use --without-pam to build krb5-mini
* Sun Aug 21 2011 mc@novell.com
  - add patches from Fedora and upstream
  - fix init scripts (bnc#689006)
* Fri Aug 19 2011 mc@novell.com
  - update to version 1.9.1
    * obsolete patches:
      MITKRB5-SA-2010-007-1.8.dif
      krb5-1.8-MITKRB5-SA-2010-006.dif
      krb5-1.8-MITKRB5-SA-2011-001.dif
      krb5-1.8-MITKRB5-SA-2011-002.dif
      krb5-1.8-MITKRB5-SA-2011-003.dif
      krb5-1.8-MITKRB5-SA-2011-004.dif
      krb5-1.4.3-enospc.dif
    * replace krb5-1.6.1-compile_pie.dif
* Thu Apr 14 2011 mc@suse.de
  - fix kadmind invalid pointer free()
    (MITKRB5-SA-2011-004, bnc#687469)
    CVE-2011-0285
* Tue Mar 01 2011 mc@suse.de
  - Fix vulnerability to a double-free condition in KDC daemon
    (MITKRB5-SA-2011-003, bnc#671717)
    CVE-2011-0284
* Wed Jan 19 2011 mc@suse.de
  - Fix kpropd denial of service
    (MITKRB5-SA-2011-001, bnc#662665)
    CVE-2010-4022
  - Fix KDC denial of service attacks with LDAP back end
    (MITKRB5-SA-2011-002, bnc#663619)
    CVE-2011-0281, CVE-2011-0282
* Wed Dec 01 2010 mc@suse.de
  - Fix multiple checksum handling vulnerabilities
    (MITKRB5-SA-2010-007, bnc#650650)
    CVE-2010-1324
    * krb5 GSS-API applications may accept unkeyed checksums
    * krb5 application services may accept unkeyed PAC checksums
    * krb5 KDC may accept low-entropy KrbFastArmoredReq checksums
    CVE-2010-1323
    * krb5 clients may accept unkeyed SAM-2 challenge checksums
    * krb5 may accept KRB-SAFE checksums with low-entropy derived keys
    CVE-2010-4020
    * krb5 may accept authdata checksums with low-entropy derived keys
    CVE-2010-4021
    * krb5 KDC may issue unrequested tickets due to KrbFastReq forgery
* Thu Oct 28 2010 mc@suse.de
  - fix csh profile (bnc#649856)
* Fri Oct 22 2010 mc@suse.de
  - update to krb5-1.8.3
    * remove patches which are now upstrem
    - krb5-1.7-MITKRB5-SA-2010-004.dif
    - krb5-1.8.1-gssapi-error-table.dif
    - krb5-MITKRB5-SA-2010-005.dif
* Fri Oct 22 2010 mc@suse.de
  - change environment variable PATH directly for csh
    (bnc#642080)
* Mon Sep 27 2010 mc@suse.de
  - fix a dereference of an uninitialized pointer while processing
    authorization data.
    CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990)
* Mon Jun 21 2010 lchiquitto@novell.com
  - add correct error table when initializing gss-krb5 (bnc#606584,
    bnc#608295)
* Wed May 19 2010 mc@suse.de
  - fix GSS-API library null pointer dereference
    CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826)
* Wed Apr 14 2010 mc@suse.de
  - fix a double free vulnerability in the KDC
    CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002)
* Fri Apr 09 2010 mc@suse.de
  - update to version 1.8.1
    * include krb5-1.8-POST.dif
    * include MITKRB5-SA-2010-002
* Tue Apr 06 2010 mc@suse.de
  - update krb5-1.8-POST.dif
* Tue Mar 23 2010 mc@suse.de
  - fix a bug where an unauthenticated remote attacker could cause
    a GSS-API application including the Kerberos administration
    daemon (kadmind) to crash.
    CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557)
* Tue Mar 23 2010 mc@suse.de
  - add post 1.8 fixes
    * Add IPv6 support to changepw.c
    * fix two problems in kadm5_get_principal mask handling
    * Ignore improperly encoded signedpath AD elements
    * handle NT_SRV_INST in service principal referrals
    * dereference options while checking
      KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT
    * Fix the kpasswd fallback from the ccache principal name
    * Document the ticket_lifetime libdefaults setting
    * Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512
* Thu Mar 04 2010 mc@suse.de
  - update to version 1.8
    * Increase code quality
    * Move toward improved KDB interface
    * Investigate and remedy repeatedly-reported performance
      bottlenecks.
    * Reduce DNS dependence by implementing an interface that allows
      client library to track whether a KDC supports service
      principal referrals.
    * Disable DES by default
    * Account lockout for repeated login failures
    * Bridge layer to allow Heimdal HDB modules to act as KDB
      backend modules
    * FAST enhancements
    * Microsoft Services for User (S4U) compatibility
    * Anonymous PKINIT
  - fix KDC denial of service
    CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781)
  - fix KDC denial of service in cross-realm referral processing
    CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347)
  - fix integer underflow in AES and RC4 decryption
    CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)
  - moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl
* Mon Dec 14 2009 jengelh@medozas.de
  - add baselibs.conf as a source
* Fri Nov 13 2009 mc@suse.de
  - enhance '$PATH' only if the directories are available
    and not empty (bnc#544949)
* Sun Jul 12 2009 coolo@novell.com
  - readd lost baselibs.conf
* Wed Jun 03 2009 mc@suse.de
  - update to final 1.7 release
* Wed May 13 2009 mc@suse.de
  - update to version 1.7 Beta2
    * Incremental propagation support for the KDC database.
    * Flexible Authentication Secure Tunneling (FAST), a preauthentiation
      framework that can protect the AS exchange from dictionary attack.
    * Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which
      allows a GSS application to request credential delegation only if
      permitted by KDC policy.
    * Fix CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 --
      various vulnerabilities in SPNEGO and ASN.1 code.

Files

/usr/lib/krb5
/usr/lib/krb5/plugins
/usr/lib/krb5/plugins/kdb
/usr/lib/krb5/plugins/kdb/kldap.so
/usr/lib/libkdb_ldap.so
/usr/lib/libkdb_ldap.so.1
/usr/lib/libkdb_ldap.so.1.0
/usr/lib/mit/sbin
/usr/lib/mit/sbin/kdb5_ldap_util
/usr/share/doc/packages/krb5
/usr/share/doc/packages/krb5/kerberos.ldif
/usr/share/doc/packages/krb5/kerberos.schema
/usr/share/man/man8/kdb5_ldap_util.8.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Sep 21 01:36:20 2014