Overview Repositories Revisions Requests Users Attributes Meta

Revisions of krb5

Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1185764 from Samuel Cabrero's avatar Samuel Cabrero (scabrero) (revision 174) 
- Update to 1.21.3
  * Fix vulnerabilities in GSS message token handling:
    * CVE-2024-37370, bsc#1227186
    * CVE-2024-37371, bsc#1227187
  * Fix a potential bad pointer free in krb5_cccol_have_contents()
  * Fix a memory leak in the macOS ccache type
- Update patch 0009-Fix-three-memory-leaks.patch
- Fix memory leaks, add patch 0009-Fix-three-memory-leaks.patch
  * CVE-2024-26458, bsc#1220770
  * CVE-2024-26461, bsc#1220771
  * CVE-2024-26462, bsc#1220772
- Update to 1.21.3
  * Fix vulnerabilities in GSS message token handling:
    * CVE-2024-37370, bsc#1227186
    * CVE-2024-37371, bsc#1227187
  * Fix a potential bad pointer free in krb5_cccol_have_contents()
  * Fix a memory leak in the macOS ccache type
- Update patch 0009-Fix-three-memory-leaks.patch
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1134351 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 169) 
- update to 1.21.2 (bsc#1218211, CVE-2023-39975):
  * Fix double-free in KDC TGS processing [CVE-2023-39975].

- update to 1.21.1 (CVE-2023-36054):
    with Windows KDCs.
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1098841 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 167) 
- update to 1.121.1 (CVE-2023-36054):
  * Fix potential uninitialized pointer free in kadm5 XDR parsing
    [CVE-2023-36054].
  * Added a credential cache type providing compatibility with
    the macOS 11 native credential cache.
  * libkadm5 will use the provided krb5_context object to read
    configuration values, instead of creating its own.
  * Added an interface to retrieve the ticket session key
    from a GSS context.
  * The KDC will no longer issue tickets with RC4 or triple-DES
    session keys unless explicitly configured with the new
    allow_rc4 or allow_des3 variables respectively.
  * The KDC will assume that all services can handle aes256-sha1
    session keys unless the service principal has a
    session_enctypes string attribute.
  * Support for PAC full KDC checksums has been added to
    mitigate an S4U2Proxy privilege escalation attack.
  * The PKINIT client will advertise a more modern set
    of supported CMS algorithms.
  * Removed unused code in libkrb5, libkrb5support,
    and the PKINIT module.
  * Modernized the KDC code for processing TGS requests,
    the code for encrypting and decrypting key data,
    the PAC handling code, and the GSS library packet
    parsing and composition code.
  * Improved the test framework's detection of memory
    errors in daemon processes when used with asan.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1069137 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 163) 
Automatic submission by obs-autosubmit
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 981266 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 160) 
Automatic submission by obs-autosubmit
Displaying revisions 1 - 20 of 174
openSUSE Build Service is sponsored by
Places