ELSA-2018-3071

ELSA-2018-3071 - krb5 security, bug fix, and enhancement update

Type:SECURITY
Severity:LOW
Release Date:2018-11-05

Description


[1.15.1-34]
- In FIPS mode, add plaintext fallback for RC4 usages and taint
- Resolves: #1570600

[1.15.1-33]
- Use SHA-256 instead of MD5 for audit ticket IDs
- Resolves: #1570600

[1.15.1-32]
- Include preauth name in trace output if possible
- Update cert generation scripts to work on modern openssl
- Fix per-request preauth scoping
- Add test case for PKINIT DH renegotiation
- Echo KDC cookies in preauth tryagain
- Fall back to other preauth mechanisms after failures
- Resolves: #1540130

[1.15.1-31]
- Add German translation
- Resolves: #1497301

[1.15.1-30]
- Add default pkinit_anchors value to krb5.conf
- Resolves: #1508081

[1.15.1-29]
- Process profile includedir in sorted order
- Also, ignore dotfiles in included directories
- Resolves: #1539824

[1.15.1-28]
- Exit with status 0 from kadmind
- Resolves: #1373909

[1.15.1-27]
- Continue after KRB5_CC_END in KCM cache iteration
- Resolves: #1563166

[1.15.1-26]
- Merge duplicate subsections in profile library
- Resolves: #1519625

[1.15.1-25]
- Fix service dependencies on network state
- Resolves: #1525232

[1.15.1-24]
- Explicitly use openssl rather than builtin crypto
- Resolves: #1570600

[1.15.1-23]
- Fix flaws in LDAP DN checking (CVE-2018-5729, CVE-2018-5730)
- Resolves: #1562684
- Resolves: #1562679

[1.15.1-22]
- Fix segfault in finish_dispatch()
- Resolves: #1568970

[1.15.1-21]
- Unparse SANs with NO_REALM
- Resolves: #1482457

[1.15.1-20]
- Fix hex conversion of PKINIT certid strings
- Resolves: #1538491


Related CVEs


CVE-2018-5729
CVE-2018-5730

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64) krb5-1.15.1-34.el7.src.rpm81c0ed76cf9a0f0a1c075f526f90bd82ELBA-2020-3982
krb5-devel-1.15.1-34.el7.aarch64.rpm0a3178f6cba9e3763901cc37805dd2e9ELBA-2020-3982
krb5-libs-1.15.1-34.el7.aarch64.rpm9ee9653122b5173f06ab3d8f953058fdELBA-2020-3982
krb5-pkinit-1.15.1-34.el7.aarch64.rpm882a3bb08bd4846c94492e21c4e78864ELBA-2020-3982
krb5-server-1.15.1-34.el7.aarch64.rpm2b66a9ec628d6742156641e5356293eeELBA-2020-3982
krb5-server-ldap-1.15.1-34.el7.aarch64.rpm1a391c33cade1e40f49a5b9270830432ELBA-2020-3982
krb5-workstation-1.15.1-34.el7.aarch64.rpm83a7c32c62bf9b1cb4095ea570ad96b2ELBA-2020-3982
libkadm5-1.15.1-34.el7.aarch64.rpm18e4455a3d5758e6316f7857171e7370ELBA-2020-3982
Oracle Linux 7 (x86_64) krb5-1.15.1-34.el7.src.rpm81c0ed76cf9a0f0a1c075f526f90bd82ELBA-2020-3982
krb5-devel-1.15.1-34.el7.i686.rpm9dcaad5b1e7d3eb249acc0dc568f3fa1ELBA-2020-3982
krb5-devel-1.15.1-34.el7.x86_64.rpm0aaa6bd17c52acf54fa770e1d8fcc1f5ELBA-2020-3982
krb5-libs-1.15.1-34.el7.i686.rpmf4e44b0562acc9036c0252793cf70735ELBA-2020-3982
krb5-libs-1.15.1-34.el7.x86_64.rpm17e03906ef6ae7b9cd62cdb704535c35ELBA-2020-3982
krb5-pkinit-1.15.1-34.el7.x86_64.rpmd4a8fff641d2dc0302b6098d563bc770ELBA-2020-3982
krb5-server-1.15.1-34.el7.x86_64.rpm1e18756b9d992449dc09f48c6dc46695ELBA-2020-3982
krb5-server-ldap-1.15.1-34.el7.x86_64.rpmec0d41e8c9628a1f8d2f6c1f5786aaecELBA-2020-3982
krb5-workstation-1.15.1-34.el7.x86_64.rpmac419f03640d38433ab5132e4e27b51bELBA-2020-3982
libkadm5-1.15.1-34.el7.i686.rpm1c0ad9d3ec2d2e57b17935a4c3556087ELBA-2020-3982
libkadm5-1.15.1-34.el7.x86_64.rpm11b44b0a209dac2e49a9b051ace7e1ecELBA-2020-3982



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete