Описание
ELSA-2018-3071: krb5 security, bug fix, and enhancement update (LOW)
[1.15.1-34]
- In FIPS mode, add plaintext fallback for RC4 usages and taint
- Resolves: #1570600
[1.15.1-33]
- Use SHA-256 instead of MD5 for audit ticket IDs
- Resolves: #1570600
[1.15.1-32]
- Include preauth name in trace output if possible
- Update cert generation scripts to work on modern openssl
- Fix per-request preauth scoping
- Add test case for PKINIT DH renegotiation
- Echo KDC cookies in preauth tryagain
- Fall back to other preauth mechanisms after failures
- Resolves: #1540130
[1.15.1-31]
- Add German translation
- Resolves: #1497301
[1.15.1-30]
- Add default pkinit_anchors value to krb5.conf
- Resolves: #1508081
[1.15.1-29]
- Process profile includedir in sorted order
- Also, ignore dotfiles in included directories
- Resolves: #1539824
[1.15.1-28]
- Exit with status 0 from kadmind
- Resolves: #1373909
[1.15.1-27]
- Continue after KRB5_CC_END in KCM cache iteration
- Resolves: #1563166
[1.15.1-26]
- Merge duplicate subsections in profile library
- Resolves: #1519625
[1.15.1-25]
- Fix service dependencies on network state
- Resolves: #1525232
[1.15.1-24]
- Explicitly use openssl rather than builtin crypto
- Resolves: #1570600
[1.15.1-23]
- Fix flaws in LDAP DN checking (CVE-2018-5729, CVE-2018-5730)
- Resolves: #1562684
- Resolves: #1562679
[1.15.1-22]
- Fix segfault in finish_dispatch()
- Resolves: #1568970
[1.15.1-21]
- Unparse SANs with NO_REALM
- Resolves: #1482457
[1.15.1-20]
- Fix hex conversion of PKINIT certid strings
- Resolves: #1538491
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
krb5-devel
1.15.1-34.el7
krb5-libs
1.15.1-34.el7
krb5-pkinit
1.15.1-34.el7
krb5-server
1.15.1-34.el7
krb5-server-ldap
1.15.1-34.el7
krb5-workstation
1.15.1-34.el7
libkadm5
1.15.1-34.el7
Oracle Linux x86_64
krb5-devel
1.15.1-34.el7
krb5-libs
1.15.1-34.el7
krb5-pkinit
1.15.1-34.el7
krb5-server
1.15.1-34.el7
krb5-server-ldap
1.15.1-34.el7
krb5-workstation
1.15.1-34.el7
libkadm5
1.15.1-34.el7
