Opened 16 years ago

Closed 15 years ago

#1350 closed defect (fixed)

MIT Kerberos-1.6

Reported by: Randy McMurchy Owned by: Randy McMurchy
Priority: highest Milestone: 6.2.0
Component: BOOK Version: SVN
Severity: blocker Keywords: KRB5 Kerberos
Cc:

Description

Version increment to 1.4.1

Change History (11)

comment:1 by Randy McMurchy, 16 years ago

Priority: normalhighest
Severity: normalmajor

This version fixes a buffer overflow vulnerability in the telnet program.

comment:2 by bdubbs@…, 16 years ago

Milestone: future6.1

comment:3 by LFS-User@…, 16 years ago

Owner: changed from blfs-book@… to Randy McMurchy

comment:4 by LFS-User@…, 16 years ago

Status: newassigned

comment:5 by Randy McMurchy, 16 years ago

Owner: changed from Randy McMurchy to blfs-book@…
Status: assignednew

Unassigning myself from this bug. There are simply too many issues for me to update the version at this time. I am continuing to work on it, but there are patches for the libcom_err library and DB to create to make the package really correct.

comment:6 by bdubbs@…, 16 years ago

Milestone: 6.16.2

Redesignating to release 6.2.

Temporarily removed instructions for building this package and directed users to use heimdal as a substitute.

comment:7 by LFS-User@…, 16 years ago

Milestone: 6.2future
Priority: highestnormal
Severity: majornormal
Summary: MIT Kerberos-1.4.1MIT Kerberos-1.4.2

Version increment to 1.4.2

comment:8 by Randy McMurchy, 15 years ago

Keywords: KRB5 Kerberos added
Milestone: future6.2
Priority: normalhighest
Severity: normalblocker
Summary: MIT Kerberos-1.4.2MIT Kerberos-1.4.3

The book is at 1.4.1, 1.4.3 is now available. 1.4.2 fixed two security vulnerabilities:

Major changes in 1.4.2


  • [3120] Fix [MITKRB5-SA-2005-002] KDC double-free and heap overflow. Thanks to Daniel Wachdorf for reporting these vulnerabilities.
  • [3121] Fix [MITKRB5-SA-2005-003] krb5_recvauth() double-free. Thanks to Magnus Hagander for reporting this vulnerability.

Upgrading the bug as there are security vulnerabilities.

comment:9 by Randy McMurchy, 15 years ago

Summary: MIT Kerberos-1.4.3MIT Kerberos-1.5

Version increment to 1.5

comment:10 by Randy McMurchy, 15 years ago

Owner: changed from blfs-book@… to Randy McMurchy
Status: newassigned
Summary: MIT Kerberos-1.5MIT Kerberos-1.6

Version increment to 1.6

comment:11 by Randy McMurchy, 15 years ago

Resolution: fixed
Status: assignedclosed

Updated BLFS to MIT Kerberos V5-1.6. This update fixes two major security holes.

Note: See TracTickets for help on using tickets.