headers
Tom Yu | 8 Mar 22:35
Picon
Favicon

krb5-1.10.1 is released


The MIT Kerberos Team announces the availability of MIT Kerberos 5
Release 1.10.1.  Please see below for a list of some major changes
included, or consult the README file in the source tree for a more
detailed list of significant changes.

RETRIEVING KERBEROS 5 RELEASE 1.10.1
====================================

You may retrieve the Kerberos 5 Release 1.10.1 source from the
following URL:

        http://web.mit.edu/kerberos/dist/

The homepage for the krb5-1.10.1 release is:

        http://web.mit.edu/kerberos/krb5-1.10/

Further information about Kerberos 5 may be found at the following
URL:

        http://web.mit.edu/kerberos/

and at the MIT Kerberos Consortium web site:

        http://www.kerberos.org/

DES transition
==============
(Continue reading)

Permalink | Reply | 0 comments |
headers
Tom Yu | 7 Feb 05:19
Picon
Favicon

krb5-1.8.6 is released


The MIT Kerberos Team announces the availability of MIT Kerberos 5
Release 1.8.6.  Please see below for a list of some major changes
included, or consult the README file in the source tree for a more
detailed list of significant changes.

RETRIEVING KERBEROS 5 RELEASE 1.8.6
===================================

You may retrieve the Kerberos 5 Release 1.8.6 source from the
following URL:

        http://web.mit.edu/kerberos/dist/

The homepage for the krb5-1.8.6 release is:

        http://web.mit.edu/kerberos/krb5-1.8/

Further information about Kerberos 5 may be found at the following
URL:

        http://web.mit.edu/kerberos/

and at the MIT Kerberos Consortium web site:

        http://www.kerberos.org/

DES transition
==============
(Continue reading)

Permalink | Reply | 0 comments |
headers
Tom Yu | 7 Feb 04:34
Picon
Favicon

krb5-1.9.3 is released


The MIT Kerberos Team announces the availability of MIT Kerberos 5
Release 1.9.3.  Please see below for a list of some major changes
included, or consult the README file in the source tree for a more
detailed list of significant changes.

RETRIEVING KERBEROS 5 RELEASE 1.9.3
===================================

You may retrieve the Kerberos 5 Release 1.9.3 source from the
following URL:

        http://web.mit.edu/kerberos/dist/

The homepage for the krb5-1.9.3 release is:

        http://web.mit.edu/kerberos/krb5-1.9/

Further information about Kerberos 5 may be found at the following
URL:

        http://web.mit.edu/kerberos/

and at the MIT Kerberos Consortium web site:

        http://www.kerberos.org/

DES transition
==============
(Continue reading)

Permalink | Reply | 0 comments |
headers
Tom Yu | 27 Jan 22:55
Picon
Favicon

krb5-1.10 is released


The MIT Kerberos Team announces the availability of MIT Kerberos 5
Release 1.10.  Please see below for a list of some major changes
included, or consult the README file in the source tree for a more
detailed list of significant changes.

RETRIEVING KERBEROS 5 RELEASE 1.10
==================================

You may retrieve the Kerberos 5 Release 1.10 source from the
following URL:

        http://web.mit.edu/kerberos/dist/

The homepage for the krb5-1.10 release is:

        http://web.mit.edu/kerberos/krb5-1.10/

Further information about Kerberos 5 may be found at the following
URL:

        http://web.mit.edu/kerberos/

and at the MIT Kerberos Consortium web site:

        http://www.kerberos.org/

DES transition
==============
(Continue reading)

Permalink | Reply | 0 comments |
headers
ghudson | 27 Dec 18:24
Picon
Favicon

krb5-appl-1.0.3 is released

Version 1.0.3 of the krb5-appl package has been released.  This
package contains the Kerberized versions of telnet, ftp, and the
rlogin suite.  The new release can be found at:

  http://web.mit.edu/kerberos/dist/

This is a security bugfix release, with the following change:

  * Fix MITKRB5-SA-2011-008 (CVE-2011-4862).
Permalink | Reply | 0 comments |
headers
Tom Yu | 26 Dec 22:14
Picon
Favicon

MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862]


MITKRB5-SA-2011-008

MIT krb5 Security Advisory 2011-008
Original release: 2011-12-26
Last update: 2011-12-26

Topic: buffer overflow in telnetd

CVE-2011-4862

CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C

CVSSv2 Base Score:      10

Access Vector:          Network
Access Complexity:      Low
Authentication:         None
Confidentiality Impact: Complete
Integrity Impact:       Complete
Availability Impact:    Complete

CVSSv2 Temporal Score:  8.3

Exploitability:         Functional
Remediation Level:      Official Fix
Report Confidence:      Confirmed

SUMMARY
=======
(Continue reading)

Permalink | Reply | 0 comments |
headers
Tom Yu | 6 Dec 20:07
Picon
Favicon

MITKRB5-SA-2011-007 KDC null pointer dereference in TGS handling [CVE-2011-1530]


MITKRB5-SA-2011-007

MIT krb5 Security Advisory 2011-007
Original release: 2011-12-06
Last update: 2011-12-06

Topic: KDC null pointer dereference in TGS handling

CVE-2011-1530
KDC null pointer dereference in TGS handling

CVSSv2 Vector:          AV:N/AC:L/Au:S/C:N/I:C/A:C/E:H/RL:OF/RC:C

CVSSv2 Base Score:      6.8

Access Vector:          Network
Access Complexity:      Low
Authentication:         Single
Confidentiality Impact: None
Integrity Impact:       None
Availability Impact:    Complete

CVSSv2 Temporal Score:  5.9

Exploitability:         High
Remediation Level:      Official Fix
Report Confidence:      Confirmed

SUMMARY
(Continue reading)

Permalink | Reply | 0 comments |
headers
Tom Yu | 5 Nov 00:53
Picon
Favicon

krb5-1.8.5 is released


The MIT Kerberos Team announces the availability of MIT Kerberos 5
Release 1.8.5.  Please see below for a list of some major changes
included, or consult the README file in the source tree for a more
detailed list of significant changes.

RETRIEVING KERBEROS 5 RELEASE 1.8.5
===================================

You may retrieve the Kerberos 5 Release 1.8.5 source from the
following URL:

        http://web.mit.edu/kerberos/dist/

The homepage for the krb5-1.8.5 release is:

        http://web.mit.edu/kerberos/krb5-1.8/

Further information about Kerberos 5 may be found at the following
URL:

        http://web.mit.edu/kerberos/

and at the MIT Kerberos Consortium web site:

        http://www.kerberos.org/

DES transition
==============
(Continue reading)

Permalink | Reply | 0 comments |
headers
Tom Yu | 2 Nov 23:56
Picon
Favicon

krb5-1.9.2 is released


The MIT Kerberos Team announces the availability of MIT Kerberos 5
Release 1.9.2.  Please see below for a list of some major changes
included, or consult the README file in the source tree for a more
detailed list of significant changes.

RETRIEVING KERBEROS 5 RELEASE 1.9.2
===================================

You may retrieve the Kerberos 5 Release 1.9.2 source from the
following URL:

        http://web.mit.edu/kerberos/dist/

The homepage for the krb5-1.9.2 release is:

        http://web.mit.edu/kerberos/krb5-1.9/

Further information about Kerberos 5 may be found at the following
URL:

        http://web.mit.edu/kerberos/

and at the MIT Kerberos Consortium web site:

        http://www.kerberos.org/

DES transition
==============
(Continue reading)

Permalink | Reply | 0 comments |
headers
Tom Yu | 18 Oct 20:06
Picon
Favicon

MITKRB5-SA-2011-006 KDC denial of service vulnerabilities [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529]


MITKRB5-SA-2011-006

MIT krb5 Security Advisory 2011-006
Original release: 2011-10-18
Last update: 2011-10-18

Topic: KDC denial of service vulnerabilities

CVE-2011-1527: null pointer dereference in KDC LDAP back end

CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:H/RL:OF/RC:C

CVSSv2 Base Score:      7.8

Access Vector:          Network
Access Complexity:      Low
Authentication:         None
Confidentiality Impact: None
Integrity Impact:       None
Availability Impact:    Complete

CVSSv2 Temporal Score:  6.8

Exploitability:         High
Remediation Level:      Official Fix
Report Confidence:      Confirmed

CVE-2011-1528: assertion failure in multiple KDC back ends
(Continue reading)

Permalink | Reply | 0 comments |
headers
ghudson | 11 Jul 22:00
Picon
Favicon

krb5-appl-1.0.2 is released

Version 1.0.2 of the krb5-appl package has been released.  This
package contains the Kerberized versions of telnet, ftp, and the
rlogin suite.  The new release can be found at:

       http://web.mit.edu/kerberos/dist/

This is a bugfix release, with the following changes:

  * Fix MITKRB5-SA-2011-005 (CVE-2011-1526).

  * Man page formatting fixes.

  * Portability fixes to GNU Hurd and Alpha Linux.

  * Correctly parse "restrict" lines in the ftpusers file.

  * Allow username lengths up to UT_NAMESIZE characters in rshd.
Permalink | Reply | 0 comments |

Gmane