Linux @ CERN

CERN > IT > Linux

"SLC6X: system environment/libraries: krb5-pkinit-openssl

krb5-pkinit-openssl - The PKINIT module for Kerberos 5

Website: http://web.mit.edu/kerberos/www/
License: MIT
Vendor: Scientific Linux CERN, http://cern.ch/linux
Description:
Kerberos is a network authentication system. The krb5-pkinit
package contains the PKINIT plugin, which allows clients
to obtain initial credentials from a KDC using a private key and a
certificate.

Packages

krb5-pkinit-openssl-1.10.3-65.el6.i686 [126 KiB] Changelog by Robbie Harwood (2016-11-21):
- Avoid indicating deprecated GSS mechanisms
- Resolves: #1396442
krb5-pkinit-openssl-1.10.3-57.el6.i686 [125 KiB] Changelog by Robbie Harwood (2016-03-08):
- Fix memory leak in krb5 selinux patch
- Resolves: #1311287
krb5-pkinit-openssl-1.10.3-42z1.el6_7.i686 [123 KiB] Changelog by Robbie Harwood (2016-02-12):
- Fix CVE-2015-8629 and CVE-2015-8631
- Also fix a spec trigger issue that prevents building
- Resolves: #1306973
krb5-pkinit-openssl-1.10.3-42.el6.i686 [123 KiB] Changelog by Roland Mainz (2015-04-10):
- fix for RH bug #1210704 ("Remove stray include in krb5's
  localauth_plugin.h"). This unnecessary #include statement
  was causing build failures on some systems by making libkrb5
  sources depend on gssapi.h (and as result to libcom_err,
  too).
krb5-pkinit-openssl-1.10.3-37.el6_6.i686 [121 KiB] Changelog by Roland Mainz (2015-04-01):
- fix for CVE-2014-5355 (#1193939) "krb5: unauthenticated
  denial of service in recvauth_common() and others"
krb5-pkinit-openssl-1.10.3-33.el6.i686 [120 KiB] Changelog by Nalin Dahyabhai (2014-08-06):
- actually apply that last patch
krb5-pkinit-openssl-1.10.3-15.el6_5.1.i686 [116 KiB] Changelog by Nalin Dahyabhai (2014-03-27):
- backport fix for trying all compatible keys when not being strict about
  acceptor names while reading AP-REQs (RT#7883, #1081611)
krb5-pkinit-openssl-1.10.3-10.el6_4.6.i686 [116 KiB] Changelog by Nalin Dahyabhai (2013-08-28):
- pull fix for keeping track of the message type when parsing FAST requests in
  the KDC (RT#7605, #1002179)
krb5-pkinit-openssl-1.10.3-10.el6_4.4.i686 [116 KiB] Changelog by Nalin Dahyabhai (2013-06-26):
- don't leak the memory used to hold the previous entry when walking a keytab
  to figure out which kinds of keys we have (#978312)
krb5-pkinit-openssl-1.10.3-10.el6_4.3.i686 [116 KiB] Changelog by Nalin Dahyabhai (2013-05-31):
- pull up fix for UDP ping-pong flaw in kpasswd service (CVE-2002-2443,
krb5-pkinit-openssl-1.10.3-10.el6_4.2.i686 [116 KiB] Changelog by Nalin Dahyabhai (2013-04-09):
- incorporate upstream patch to fix a NULL pointer dereference while processing
  certain TGS requests (CVE-2013-1416, #950342)
krb5-pkinit-openssl-1.10.3-10.el6_4.1.i686 [116 KiB] Changelog by Nalin Dahyabhai (2013-03-05):
- incorporate upstream patch to fix a NULL pointer dereference when the client
  supplies an otherwise-normal-looking PKINIT request (CVE-2013-1415, #917909)
- add patch to avoid dereferencing a NULL pointer in the KDC when handling a
  draft9 PKINIT request (#917909, CVE-2012-1016)
krb5-pkinit-openssl-1.10.3-10.el6.i686 [115 KiB] Changelog by Nalin Dahyabhai (2012-12-18):
- make -server conflict with older versions of SELinux policy that didn't
  allow us to use eventfds, which libverto's backend may depend on in order
  to properly shut down a multi-worker KDC (#871524)
krb5-pkinit-openssl-1.9-33.el6_3.3.i686 [107 KiB] Changelog by Nalin Dahyabhai (2012-09-06):
- cut down the number of times we load SELinux labeling configuration from
  a minimum of two times to actually one (#852455)
krb5-pkinit-openssl-1.9-33.el6_3.2.i686 [107 KiB] Changelog by Nalin Dahyabhai (2012-07-19):
- pull up the patch to correct a possible NULL pointer dereference in
  kadmind (CVE-2012-1013, #827517)
krb5-pkinit-openssl-1.9-33.el6.i686 [106 KiB] Changelog by Nalin Dahyabhai (2012-04-18):
- selinux: reliably reset the file creation context after setting it when we
  flush replay caches, in cases where there was none explicitly set beforehand
  (#813883)
krb5-pkinit-openssl-1.9-22.el6_2.1.i686 [104 KiB] Changelog by Nalin Dahyabhai (2011-11-17):
- add candidate patch to fix a NULL pointer dereference while processing TGS
  requests (MITKRB5-SA-2011-007, #754046)
krb5-pkinit-openssl-1.9-22.el6.i686 [104 KiB] Changelog by Nalin Dahyabhai (2011-10-18):
- handle a harder-to-trigger assertion failure that starts cropping up when we
  exit the transmit loop on time (#746341)
- apply upstream patch to fix a null pointer derference with the LDAP kdb
  backend (CVE-2011-1527), an assertion failure with multiple kdb backends
  (CVE-2011-1528), and a null pointer dereference with multiple kdb backends
  (CVE-2011-1529) (MITKRB5-SA-2011-006, #740085)
krb5-pkinit-openssl-1.9-21.el6.i686 [103 KiB] Changelog by Nalin Dahyabhai (2011-09-01):
- pull in upstream patch for RT#6952, confusion following referrals for
  cross-realm auth with AD KDCs (#734341)
krb5-pkinit-openssl-1.9-9.el6_1.2.i686 [101 KiB] Changelog by Nalin Dahyabhai (2011-09-20):
- apply upstream patch to fix a null pointer derference with the LDAP kdb
  backend (CVE-2011-1527), an assertion failure with multiple kdb backends
  (CVE-2011-1528), and a null pointer dereference with multiple kdb backends
  (CVE-2011-1529) (#740084)
krb5-pkinit-openssl-1.9-9.el6_1.1.i686 [101 KiB] Changelog by Nalin Dahyabhai (2011-06-21):
- apply upstream patch by way of Burt Holzman to fall back to a non-referral
  method in cases where we might be derailed by a KDC that rejects the
  canonicalize option (for example, those from the RHEL 2.1 or 3 era) (#714866)
krb5-pkinit-openssl-1.9-9.el6.i686 [100 KiB] Changelog by Nalin Dahyabhai (2011-04-13):
- kadmind: add upstream patch to fix free() on an invalid pointer (#696342,
  MITKRB5-SA-2011-004, CVE-2011-0285)
krb5-pkinit-openssl-1.8.2-3.el6_0.7.i686 [98 KiB] Changelog by Nalin Dahyabhai (2011-04-13):
- kadmind: add upstream patch to fix free() on an invalid pointer (#696341,
  MITKRB5-SA-2011-004, CVE-2011-0285)
krb5-pkinit-openssl-1.8.2-3.el6_0.6.i686 [98 KiB] Changelog by Nalin Dahyabhai (2011-03-14):
- add revised upstream patch to fix double-free in KDC while returning
  typed-data with errors (CVE-2011-0284, #681564)
krb5-pkinit-openssl-1.8.2-3.el6_0.4.i686 [97 KiB] Changelog by Nalin Dahyabhai (2011-01-20):
- add upstream patches to fix standalone kpropd exiting if the per-client
  child process exits with an error, and hang or crash in the KDC when using
  the LDAP kdb backend (CVE-2010-4022, CVE-2011-0281, CVE-2011-0282, #671101)
krb5-pkinit-openssl-1.8.2-3.el6_0.3.i686 [97 KiB] Changelog by Nalin Dahyabhai (2010-11-05):
- pull up crypto changes made between 1.8.2 and 1.8.3 to fix upstream #6751,
  assumed to already be there for the next fix
- incorporate candidate patch to fix various issues from MITKRB5-SA-2010-007
  (CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, #651962)
krb5-pkinit-openssl-1.8.2-3.el6_0.1.i686 [97 KiB] Changelog by Nalin Dahyabhai (2010-09-23):
- incorporate candidate patch to fix uninitialized pointer crash in the KDC
  (CVE-2010-1322, #636336)

Listing created by repoview