Oracle alert ELSA-2018-3071 (krb5)
| From: | Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> | |
| To: | el-errata@oss.oracle.com | |
| Subject: | [El-errata] ELSA-2018-3071 Low: Oracle Linux 7 krb5 security, bug fix, and enhancement update | |
| Date: | Tue, 6 Nov 2018 15:04:33 -0800 | |
| Message-ID: | <840465e8-73b1-e528-60c6-440200fbb6c0@oracle.com> |
Oracle Linux Security Advisory ELSA-2018-3071 http://linux.oracle.com/errata/ELSA-2018-3071.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: krb5-devel-1.15.1-34.el7.i686.rpm krb5-devel-1.15.1-34.el7.x86_64.rpm krb5-libs-1.15.1-34.el7.i686.rpm krb5-libs-1.15.1-34.el7.x86_64.rpm krb5-pkinit-1.15.1-34.el7.x86_64.rpm krb5-server-1.15.1-34.el7.x86_64.rpm krb5-server-ldap-1.15.1-34.el7.x86_64.rpm krb5-workstation-1.15.1-34.el7.x86_64.rpm libkadm5-1.15.1-34.el7.i686.rpm libkadm5-1.15.1-34.el7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/krb5-1.15.1-34.el... Description of changes: [1.15.1-34] - In FIPS mode, add plaintext fallback for RC4 usages and taint - Resolves: #1570600 [1.15.1-33] - Use SHA-256 instead of MD5 for audit ticket IDs - Resolves: #1570600 [1.15.1-32] - Include preauth name in trace output if possible - Update cert generation scripts to work on modern openssl - Fix per-request preauth scoping - Add test case for PKINIT DH renegotiation - Echo KDC cookies in preauth tryagain - Fall back to other preauth mechanisms after failures - Resolves: #1540130 [1.15.1-31] - Add German translation - Resolves: #1497301 [1.15.1-30] - Add default pkinit_anchors value to krb5.conf - Resolves: #1508081 [1.15.1-29] - Process profile includedir in sorted order - Also, ignore dotfiles in included directories - Resolves: #1539824 [1.15.1-28] - Exit with status 0 from kadmind - Resolves: #1373909 [1.15.1-27] - Continue after KRB5_CC_END in KCM cache iteration - Resolves: #1563166 [1.15.1-26] - Merge duplicate subsections in profile library - Resolves: #1519625 [1.15.1-25] - Fix service dependencies on network state - Resolves: #1525232 [1.15.1-24] - Explicitly use openssl rather than builtin crypto - Resolves: #1570600 [1.15.1-23] - Fix flaws in LDAP DN checking (CVE-2018-5729, CVE-2018-5730) - Resolves: #1562684 - Resolves: #1562679 [1.15.1-22] - Fix segfault in finish_dispatch() - Resolves: #1568970 [1.15.1-21] - Unparse SANs with NO_REALM - Resolves: #1482457 [1.15.1-20] - Fix hex conversion of PKINIT certid strings - Resolves: #1538491 _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata