stable

krb5-1.14.3-8.fc23

FEDORA-2016-4a36663643 created by rharwood 7 years ago for Fedora 23

Misc samba and sssd-related bugfixes.


Bump version to 1.14.3 for the convenience of those needing the SNI fix.


Require krb5 to set the "Host:" header when speaking KKDCPP. This fixes use of TLS with SNI.


Fix low-impact CVE-2016-3120 where S4U2Self may cause KDC crash when anon is restricted

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2016-4a36663643

This update has been submitted for testing by rharwood.

7 years ago

This update has obsoleted krb5-1.14.3-4.fc23, and has inherited its bugs and notes.

7 years ago

This update has been pushed to testing.

7 years ago
User Icon lslebodn commented & provided feedback 7 years ago
karma

+1

BZ#1370622 Cannot authenticate with sssd-1.14 if there is no pre-auth

This update has been submitted for stable by bodhi.

7 years ago
User Icon em3rson commented & provided feedback 7 years ago
karma

works for me

This update has been pushed to stable.

7 years ago

Please login to add feedback.

Metadata
Type
security
Severity
low
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-2
Stable by Karma
2
Stable by Time
disabled
Dates
submitted
7 years ago
in testing
7 years ago
in stable
7 years ago
BZ#1361050 CVE-2016-3120 krb5: S4U2Self KDC crash when anon is restricted
0
0
BZ#1361051 CVE-2016-3120 krb5: S4U2Self KDC crash when anon is restricted [fedora-all]
0
0
BZ#1365028 MS-KKDCP with TLS SNI requires HTTP Host header
0
0
BZ#1365029 MS-KKDCP with TLS SNI requires HTTP Host header
0
0
BZ#1365030 MS-KKDCP with TLS SNI requires HTTP Host header
0
0
BZ#1370622 Cannot authenticate with sssd-1.14 if there is no pre-auth
0
1
BZ#1370980 Guess Samba client mutual flag using ap_options in gssapi krb5 mech
0
0

Automated Test Results