[El-errata] ELSA-2018-3071 Low: Oracle Linux 7 krb5 security, bug fix, and enhancement update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Nov 6 15:04:33 PST 2018
Oracle Linux Security Advisory ELSA-2018-3071
http://linux.oracle.com/errata/ELSA-2018-3071.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
krb5-devel-1.15.1-34.el7.i686.rpm
krb5-devel-1.15.1-34.el7.x86_64.rpm
krb5-libs-1.15.1-34.el7.i686.rpm
krb5-libs-1.15.1-34.el7.x86_64.rpm
krb5-pkinit-1.15.1-34.el7.x86_64.rpm
krb5-server-1.15.1-34.el7.x86_64.rpm
krb5-server-ldap-1.15.1-34.el7.x86_64.rpm
krb5-workstation-1.15.1-34.el7.x86_64.rpm
libkadm5-1.15.1-34.el7.i686.rpm
libkadm5-1.15.1-34.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/krb5-1.15.1-34.el7.src.rpm
Description of changes:
[1.15.1-34]
- In FIPS mode, add plaintext fallback for RC4 usages and taint
- Resolves: #1570600
[1.15.1-33]
- Use SHA-256 instead of MD5 for audit ticket IDs
- Resolves: #1570600
[1.15.1-32]
- Include preauth name in trace output if possible
- Update cert generation scripts to work on modern openssl
- Fix per-request preauth scoping
- Add test case for PKINIT DH renegotiation
- Echo KDC cookies in preauth tryagain
- Fall back to other preauth mechanisms after failures
- Resolves: #1540130
[1.15.1-31]
- Add German translation
- Resolves: #1497301
[1.15.1-30]
- Add default pkinit_anchors value to krb5.conf
- Resolves: #1508081
[1.15.1-29]
- Process profile includedir in sorted order
- Also, ignore dotfiles in included directories
- Resolves: #1539824
[1.15.1-28]
- Exit with status 0 from kadmind
- Resolves: #1373909
[1.15.1-27]
- Continue after KRB5_CC_END in KCM cache iteration
- Resolves: #1563166
[1.15.1-26]
- Merge duplicate subsections in profile library
- Resolves: #1519625
[1.15.1-25]
- Fix service dependencies on network state
- Resolves: #1525232
[1.15.1-24]
- Explicitly use openssl rather than builtin crypto
- Resolves: #1570600
[1.15.1-23]
- Fix flaws in LDAP DN checking (CVE-2018-5729, CVE-2018-5730)
- Resolves: #1562684
- Resolves: #1562679
[1.15.1-22]
- Fix segfault in finish_dispatch()
- Resolves: #1568970
[1.15.1-21]
- Unparse SANs with NO_REALM
- Resolves: #1482457
[1.15.1-20]
- Fix hex conversion of PKINIT certid strings
- Resolves: #1538491
More information about the El-errata
mailing list