[El-errata] ELSA-2018-3071 Low: Oracle Linux 7 krb5 security, bug fix, and enhancement update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Nov 6 15:04:33 PST 2018


Oracle Linux Security Advisory ELSA-2018-3071

http://linux.oracle.com/errata/ELSA-2018-3071.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
krb5-devel-1.15.1-34.el7.i686.rpm
krb5-devel-1.15.1-34.el7.x86_64.rpm
krb5-libs-1.15.1-34.el7.i686.rpm
krb5-libs-1.15.1-34.el7.x86_64.rpm
krb5-pkinit-1.15.1-34.el7.x86_64.rpm
krb5-server-1.15.1-34.el7.x86_64.rpm
krb5-server-ldap-1.15.1-34.el7.x86_64.rpm
krb5-workstation-1.15.1-34.el7.x86_64.rpm
libkadm5-1.15.1-34.el7.i686.rpm
libkadm5-1.15.1-34.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/krb5-1.15.1-34.el7.src.rpm



Description of changes:

[1.15.1-34]
- In FIPS mode, add plaintext fallback for RC4 usages and taint
- Resolves: #1570600

[1.15.1-33]
- Use SHA-256 instead of MD5 for audit ticket IDs
- Resolves: #1570600

[1.15.1-32]
- Include preauth name in trace output if possible
- Update cert generation scripts to work on modern openssl
- Fix per-request preauth scoping
- Add test case for PKINIT DH renegotiation
- Echo KDC cookies in preauth tryagain
- Fall back to other preauth mechanisms after failures
- Resolves: #1540130

[1.15.1-31]
- Add German translation
- Resolves: #1497301

[1.15.1-30]
- Add default pkinit_anchors value to krb5.conf
- Resolves: #1508081

[1.15.1-29]
- Process profile includedir in sorted order
- Also, ignore dotfiles in included directories
- Resolves: #1539824

[1.15.1-28]
- Exit with status 0 from kadmind
- Resolves: #1373909

[1.15.1-27]
- Continue after KRB5_CC_END in KCM cache iteration
- Resolves: #1563166

[1.15.1-26]
- Merge duplicate subsections in profile library
- Resolves: #1519625

[1.15.1-25]
- Fix service dependencies on network state
- Resolves: #1525232

[1.15.1-24]
- Explicitly use openssl rather than builtin crypto
- Resolves: #1570600

[1.15.1-23]
- Fix flaws in LDAP DN checking (CVE-2018-5729, CVE-2018-5730)
- Resolves: #1562684
- Resolves: #1562679

[1.15.1-22]
- Fix segfault in finish_dispatch()
- Resolves: #1568970

[1.15.1-21]
- Unparse SANs with NO_REALM
- Resolves: #1482457

[1.15.1-20]
- Fix hex conversion of PKINIT certid strings
- Resolves: #1538491




More information about the El-errata mailing list