1. Forum
  2. Usenet
  3. COMP.PROTOCOLS.KERBEROS

  • krb5-1.20.1 and krb5-1.19.4 are released

    From Greg Hudson@21:1/5 to All on Tue Nov 15 12:04:40 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    The MIT Kerberos Team announces the availability of MIT Kerberos 5
    Releases 1.20.1 and 1.19.4. Please see below for a list of some major
    changes included, or consult the README file in the source tree for a
    more detailed list of significant changes.

    Retrieving krb5-1.20.1 and krb5-1.19.4
    ======================================

    You may retrieve the krb5-1.20.1 and krb5-1.19.4 sources from the
    following URL:

    https://kerberos.org/dist/

    The homepages for the krb5-1.20.1 and krb5-1.19.4 releases are:

    https://web.mit.edu/kerberos/krb5-1.20/
    https://web.mit.edu/kerberos/krb5-1.19/

    Further information about Kerberos 5 may be found at the following
    URL:

    https://web.mit.edu/kerberos/


    Triple-DES transition
    =====================

    Beginning with the krb5-1.19 release, a warning will be issued if
    initial credentials are acquired using the des3-cbc-sha1 encryption
    type. In future releases, this encryption type will be disabled by
    default and eventually removed.

    Beginning with the krb5-1.18 release, single-DES encryption types have
    been removed.


    Major changes in 1.20.1 and 1.19.4 (2022-11-15) ===============================================

    These are bug fix releases.

    * Fix integer overflows in PAC parsing [CVE-2022-42898].

    * Fix null deref in KDC when decoding invalid NDR.

    * Fix memory leak in OTP kdcpreauth module.

    * Fix PKCS11 module path search.
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmNzxmgACgkQDLoIV1+D ct/AtRAAiQ8LFqalOMok97OuagdHipmdHRxD8cXgOyb06Zbe4ZddOG3PIErNyAYA 3sDTD/u8jrZ6hA5EWVJMPc13onV8jA1VDRrmDOgN2CekKxZATHMfuQ4Chm+HUUcf /FGjpKmGuPeZoDOnW0CBvzsGkaqRbv6cohQmuBb8FrjJnYUycPpVQr/+qWgmjbGu wGOE+k/weZpzWEolKa3q2S9Uho3DletUkX6mqkFlYI+aKPjQAg008r7P6tR7dkUk RX+JgE0SwrmWF9vKpvU/JV5fJGNJ5X0tTJqSrCuvxme56ClKqmaOxFhsRcS6miMY csBeczRyHvJjZmpIP9e4WwKI9wLrR7GCYCQqL/x4RNaRDdIzF2dgeS5QFDoOJIe7 vsuxdOR5+nArkv7cyCYf7AmCZjc8Yx7ucrDq+d25fniv8dT9tIpogJyJfKIwIGHh MVNEg1vqnHZ3VOP1i+FOhzp6fOegNzKMsN7MtvIZKbZIV9V8F+7XhZtCgWgdNlWW nZ/DFr+SwgXiyOVN+cor4E1rMP7brNu59rI4aA5lVlJIfMsYVXnWzQ5H1hDOC5w/ snkPXtgkRdcCO9HTiTwNWC4nK2dbguu90/EnoFtP1mjmemmQU5U0QJ19JUQ9CHbK Hmprwhs11AeImoc/ePUYfmvYCCuxgPcp3VPEZwgDsF2VCDWbrJw=
    =ZJWv
    -----END PGP SIGNATURE-----
    _______________________________________________
    kerberos-announce mailing list
    [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos-announce

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)