ELSA-2016-2591

ELSA-2016-2591 - krb5 security, bug fix, and enhancement update

Type:SECURITY
Severity:LOW
Release Date:2016-11-09

Description


[1.14.1-26]
- Use responder in non-preauth AS reqs
- Resolves: #1363690

[1.14.1-25]
- Fix bad debug_log() call in selinux handling
- Resolves: #1292153

[1.14.1-24]
- Fix KKDCPP with TLS SNI by always presenting 'Host:' header
- Resolves: #1364993

[1.14.1-23]
- Add dependency on libkadm5 to krb5-devel
- Resolves: #1347403

[1.14.1-22]
- Builders have new version of mock; adapt.
- Resolves: #1290239

[1.14.1-21]
- Fix CVE-2016-3120
- Resolves: #1361504

[1.14.1-20]
- Make version dependencies on libkadm5 more explicit to appease rpmdiff
- Resolves: #1347403

[1.14.1-19]
- Add in upstream version of kprop port and tests
- Resolves: #1292795

[1.14.1-18]
- Fix incorrect recv() size calculation in libkrad
- Resolves: #1349042

[1.14.1-17]
- Separate out the kadm5 libs
- Resolves: #1347403

[1.14.1-16]
- Fix kprop/iprop handling of default realm
- Fix t_kprop.py
- Resolves: #1290561
- Resolves: #1302967
- Resolves: #1292795

[1.14.1-15]
- Fix SPNEGO with NTLM to conform to MS-SPNG section 3.3.5.1
- Resolves: #1341726

[1.14.1-14]
- Do not indicate depricated mechanisms when requested
- Resolves: #1293908

[1.14.1-13]
- Fix OTP module incorrectly overwriting as_key
- Resolves: #1340304

[1.14.1-12]
- Fix CVE-2016-3119 (LDAP NULL dereference)
- Resolves: #1339562

[1.14.1-11]
- Make ksu not ask for password without -n
- Resolves: #1247261

[1.14.1-10]
- Frob kadm5 soname version so that the rebase does not break things
- Resolves: #1292153

[1.14.1-9]
- Revamp selinux patch to not leak memory
- Resolves: #1313457

[1.14.1-8]
- Add snippet support in /etc/krb5.conf.d
- Resolves: #1146945

[1.14.1-7]
- Skip unnecessary mech calls in gss_inquire_cred
- Resolves: #1314493

[1.14.1-6]
- Fix impersonate_name to work with interposers
- Resolves: #1284987

[1.14.1-5]
- Fix change tracking of krb5.conf
- Resolves: #1208243

[1.14.1-4]
- Ensure log files are not world-readable
- Resolves: #1256735

[1.14.1-3]
- Clean up initscript handling in spec file
- Resolves: #1283902
- Resolves: #1183058

[1.14.1-2]
- Backport spec file changes from Fedora
- Resolves: #1290239

[1.14.1-1]
- Rebase to new upstream version 1.14.1
- Remove pax logic
- Resolves: #1292153
- Resolves: #1135427
- Resolves: #1265509
- Resolves: #1265510
- Resolves: #1296241


Related CVEs


CVE-2016-3119
CVE-2016-3120

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) krb5-1.14.1-26.el7.src.rpm0fb4a1528741524ec225622a8c5a515cELBA-2017-1891
krb5-devel-1.14.1-26.el7.i686.rpm994e96e525bca43481e13b484bb64f14ELBA-2017-1891
krb5-devel-1.14.1-26.el7.x86_64.rpmf0af0005b791014cc9acc208f5ba2008ELBA-2017-1891
krb5-libs-1.14.1-26.el7.i686.rpm8fb578c7dba44465f0e10de6bee76444ELBA-2017-1891
krb5-libs-1.14.1-26.el7.x86_64.rpm36612280251d5c4c8171b38a34d60930ELBA-2017-1891
krb5-pkinit-1.14.1-26.el7.x86_64.rpmda1103391371ebf6e8d6e94159ce5022ELBA-2017-1891
krb5-server-1.14.1-26.el7.x86_64.rpm7f976e73732c54830b215f36aafb12b7ELBA-2017-1891
krb5-server-ldap-1.14.1-26.el7.x86_64.rpm11bd731f0f51392da5abd0171094155fELBA-2017-1891
krb5-workstation-1.14.1-26.el7.x86_64.rpm6843c2f37aa6391c895e3d9a6f2ee7beELBA-2017-1891
libkadm5-1.14.1-26.el7.i686.rpm9c65c8233ca74a17122b5a966dfe36d1ELBA-2017-1891
libkadm5-1.14.1-26.el7.x86_64.rpm62ae1d9cd021128e15c192d2b22c5073ELBA-2017-1891



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete