[El-errata] ELSA-2016-2591 Low: Oracle Linux 7 krb5 security, bug fix, and enhancement update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu Nov 10 11:08:13 PST 2016
Oracle Linux Security Advisory ELSA-2016-2591
http://linux.oracle.com/errata/ELSA-2016-2591.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
krb5-devel-1.14.1-26.el7.i686.rpm
krb5-devel-1.14.1-26.el7.x86_64.rpm
krb5-libs-1.14.1-26.el7.i686.rpm
krb5-libs-1.14.1-26.el7.x86_64.rpm
krb5-pkinit-1.14.1-26.el7.x86_64.rpm
krb5-server-1.14.1-26.el7.x86_64.rpm
krb5-server-ldap-1.14.1-26.el7.x86_64.rpm
krb5-workstation-1.14.1-26.el7.x86_64.rpm
libkadm5-1.14.1-26.el7.i686.rpm
libkadm5-1.14.1-26.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/krb5-1.14.1-26.el7.src.rpm
Description of changes:
[1.14.1-26]
- Use responder in non-preauth AS reqs
- Resolves: #1363690
[1.14.1-25]
- Fix bad debug_log() call in selinux handling
- Resolves: #1292153
[1.14.1-24]
- Fix KKDCPP with TLS SNI by always presenting "Host:" header
- Resolves: #1364993
[1.14.1-23]
- Add dependency on libkadm5 to krb5-devel
- Resolves: #1347403
[1.14.1-22]
- Builders have new version of mock; adapt.
- Resolves: #1290239
[1.14.1-21]
- Fix CVE-2016-3120
- Resolves: #1361504
[1.14.1-20]
- Make version dependencies on libkadm5 more explicit to appease rpmdiff
- Resolves: #1347403
[1.14.1-19]
- Add in upstream version of kprop port and tests
- Resolves: #1292795
[1.14.1-18]
- Fix incorrect recv() size calculation in libkrad
- Resolves: #1349042
[1.14.1-17]
- Separate out the kadm5 libs
- Resolves: #1347403
[1.14.1-16]
- Fix kprop/iprop handling of default realm
- Fix t_kprop.py
- Resolves: #1290561
- Resolves: #1302967
- Resolves: #1292795
[1.14.1-15]
- Fix SPNEGO with NTLM to conform to MS-SPNG section 3.3.5.1
- Resolves: #1341726
[1.14.1-14]
- Do not indicate depricated mechanisms when requested
- Resolves: #1293908
[1.14.1-13]
- Fix OTP module incorrectly overwriting as_key
- Resolves: #1340304
[1.14.1-12]
- Fix CVE-2016-3119 (LDAP NULL dereference)
- Resolves: #1339562
[1.14.1-11]
- Make ksu not ask for password without -n
- Resolves: #1247261
[1.14.1-10]
- Frob kadm5 soname version so that the rebase does not break things
- Resolves: #1292153
[1.14.1-9]
- Revamp selinux patch to not leak memory
- Resolves: #1313457
[1.14.1-8]
- Add snippet support in /etc/krb5.conf.d
- Resolves: #1146945
[1.14.1-7]
- Skip unnecessary mech calls in gss_inquire_cred
- Resolves: #1314493
[1.14.1-6]
- Fix impersonate_name to work with interposers
- Resolves: #1284987
[1.14.1-5]
- Fix change tracking of krb5.conf
- Resolves: #1208243
[1.14.1-4]
- Ensure log files are not world-readable
- Resolves: #1256735
[1.14.1-3]
- Clean up initscript handling in spec file
- Resolves: #1283902
- Resolves: #1183058
[1.14.1-2]
- Backport spec file changes from Fedora
- Resolves: #1290239
[1.14.1-1]
- Rebase to new upstream version 1.14.1
- Remove pax logic
- Resolves: #1292153
- Resolves: #1135427
- Resolves: #1265509
- Resolves: #1265510
- Resolves: #1296241
More information about the El-errata
mailing list