-
Thu Mar 06 2025 EL Errata <el-errata_ww@oracle.com> - 1.21.1-6.0.1
- Fixed race condition in krb5_set_password() [Orabug: 33609767]
-
Wed Jan 29 2025 Julien Rische <jrische@redhat.com> - 1.21.1-6
- Prevent overflow when calculating ulog block size (CVE-2025-24528)
Resolves: RHEL-76759
-
Fri Jan 17 2025 Julien Rische <jrische@redhat.com> - 1.21.1-5
- Support PKCS11 EC client certs in PKINIT
Resolves: RHEL-74374
- kdb5_util: fix DB entry flags on modification
Resolves: RHEL-56059
- Add ECDH support for PKINIT (RFC5349)
Resolves: RHEL-4902
-
Thu Oct 17 2024 Julien Rische <jrische@redhat.com> - 1.21.1-4
- libkrad: implement support for Message-Authenticator (CVE-2024-3596)
Resolves: RHEL-55423
- Fix various issues detected by static analysis
Resolves: RHEL-58216
- Remove RSA protocol for PKINIT
Resolves: RHEL-15323
-
Fri Jul 05 2024 Julien Rische <jrische@redhat.com> - 1.21.1-3
- CVE-2024-37370 CVE-2024-37371
Fix vulnerabilities in GSS message token handling
Resolves: RHEL-45402 RHEL-45392
-
Wed Mar 20 2024 Julien Rische <jrische@redhat.com> - 1.21.1-2
- Fix memory leak in GSSAPI interface
Resolves: RHEL-27251
- Fix memory leak in PMAP RPC interface
Resolves: RHEL-27245
- Fix memory leak in failing UTF-8 to UTF-16 re-encoding for PAC
Resolves: RHEL-27253
- Make TCP waiting time configurable
Resolves: RHEL-17132
-
Tue Aug 08 2023 Julien Rische <jrische@redhat.com> - 1.21.1-1
- New upstream version (1.21.1)
- Fix double-free in KDC TGS processing (CVE-2023-39975)
- Add support for "pac_privsvr_enctype" KDB string attribute
Resolves: rhbz#2060421
-
Thu Jun 08 2023 Julien Rische <jrische@redhat.com> - 1.20.1-9
- Do not disable PKINIT if some of the well-known DH groups are unavailable
Resolves: rhbz#2187722
- Make PKINIT CMS SHA-1 signature verification available in FIPS mode
Resolves: rhbz#2155607
- Allow to set PAC ticket signature as optional
Resolves: rhbz#2178298