Oracle Errata System
Oracle Linux
5.11
2024-09-21T18:50:12
ELSA-2016-2591: krb5 security, bug fix, and enhancement update (LOW)
Oracle Linux 7
[1.14.1-26]
- Use responder in non-preauth AS reqs
- Resolves: #1363690
[1.14.1-25]
- Fix bad debug_log() call in selinux handling
- Resolves: #1292153
[1.14.1-24]
- Fix KKDCPP with TLS SNI by always presenting 'Host:' header
- Resolves: #1364993
[1.14.1-23]
- Add dependency on libkadm5 to krb5-devel
- Resolves: #1347403
[1.14.1-22]
- Builders have new version of mock; adapt.
- Resolves: #1290239
[1.14.1-21]
- Fix CVE-2016-3120
- Resolves: #1361504
[1.14.1-20]
- Make version dependencies on libkadm5 more explicit to appease rpmdiff
- Resolves: #1347403
[1.14.1-19]
- Add in upstream version of kprop port and tests
- Resolves: #1292795
[1.14.1-18]
- Fix incorrect recv() size calculation in libkrad
- Resolves: #1349042
[1.14.1-17]
- Separate out the kadm5 libs
- Resolves: #1347403
[1.14.1-16]
- Fix kprop/iprop handling of default realm
- Fix t_kprop.py
- Resolves: #1290561
- Resolves: #1302967
- Resolves: #1292795
[1.14.1-15]
- Fix SPNEGO with NTLM to conform to MS-SPNG section 3.3.5.1
- Resolves: #1341726
[1.14.1-14]
- Do not indicate depricated mechanisms when requested
- Resolves: #1293908
[1.14.1-13]
- Fix OTP module incorrectly overwriting as_key
- Resolves: #1340304
[1.14.1-12]
- Fix CVE-2016-3119 (LDAP NULL dereference)
- Resolves: #1339562
[1.14.1-11]
- Make ksu not ask for password without -n
- Resolves: #1247261
[1.14.1-10]
- Frob kadm5 soname version so that the rebase does not break things
- Resolves: #1292153
[1.14.1-9]
- Revamp selinux patch to not leak memory
- Resolves: #1313457
[1.14.1-8]
- Add snippet support in /etc/krb5.conf.d
- Resolves: #1146945
[1.14.1-7]
- Skip unnecessary mech calls in gss_inquire_cred
- Resolves: #1314493
[1.14.1-6]
- Fix impersonate_name to work with interposers
- Resolves: #1284987
[1.14.1-5]
- Fix change tracking of krb5.conf
- Resolves: #1208243
[1.14.1-4]
- Ensure log files are not world-readable
- Resolves: #1256735
[1.14.1-3]
- Clean up initscript handling in spec file
- Resolves: #1283902
- Resolves: #1183058
[1.14.1-2]
- Backport spec file changes from Fedora
- Resolves: #1290239
[1.14.1-1]
- Rebase to new upstream version 1.14.1
- Remove pax logic
- Resolves: #1292153
- Resolves: #1135427
- Resolves: #1265509
- Resolves: #1265510
- Resolves: #1296241
LOW
Copyright 2016 Oracle, Inc.
CVE-2016-3120
CVE-2016-3119
cpe:/a:oracle:linux:7:3:base
cpe:/a:oracle:linux:7::latest_archive
krb5-devel
oraclelinux-release
krb5-pkinit
krb5-libs
libkadm5
krb5-workstation
krb5-server-ldap
krb5-server
72f97b74ec551f03
^7
x86_64
0:1.14.1-26.el7