Heimdal 0.7.2 and 0.6.6

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Heimdal 0.7.2 and 0.6.6

Love Hörnquist Åstrand-2

A twin is forked into the world, Heimdal 0.7.2 and Heimdal 0.6.6, both are
healthy and represent an improvement over their older siblings.

You can find the source code here:

        ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2.tar.gz
        ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.6.tar.gz

Both are signed by the Heimdal signing key:
     Heimdal Signing Key <[hidden email]> keyid: 45D901D8

Heimdal 0.7.2 includes the following changes

* Fix security problem in rshd that enable an attacker to overwrite
  and change ownership of any file that root could write.

* Fix a DOS in telnetd. The attacker could force the server to crash
  in a NULL de-reference before the user logged in, resulting in inetd
  turning telnetd off because it forked too fast.

* Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name
  exists in the keytab before returning success. This allows servers
  to check if its even possible to use GSSAPI.

* Fix receiving end of token delegation for GSS-API. It still wrongly
  uses subkey for sending for compatibility reasons, this will change
  in 0.8.

* telnetd, login and rshd are now more verbose in logging failed and
  successful logins.

* Bug fixes

Heimdal 0.6.6 includes the following changes

* Fix security problem in rshd that enable an attacker to overwrite
  and change ownership of any file that root could write.

* Fix a DOS in telnetd. The attacker could force the server to crash
  in a NULL de-reference before the user logged in, resulting in inetd
  turning telnetd off because it forked too fast.



Thanks to those reporting bugs and waiting peacefully for the release,

Enjoy,
Assar, Jacques, Johan, Love, Luke

attachment0 (487 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Heimdal 0.7.2 and 0.6.6(problems upgrading to 0.7.2

jay alvarez-2
Hi,

    I have an existing heimda-0.7.1+openldap-backend setup. I built heimdal with these configure options:

./configure --prefix=/usr/local/heimdal --with-openldap=/usr/local/openldap --disable-berkeley-db --disable-ndbm-db --with-openldap-lib=/usr/local/openldap/lib --with-openldap-include=/usr/local/openldap/include --with-openldap-config=/usr/local/openldap/etc/openldap --with-openssl=/usr/local --with-openssl-lib=/usr/local/lib --with-openssl-niclude=/usr/local/include/openssl

Now what I did was:
# cd /usr/local
# mv heimdal heimdal-0.7.1
# cd /home/installers/heimdal-0.7.2
#./configure --prefix=/usr/local/heimdal --with-openldap=/usr/local/openldap --disable-berkeley-db --disable-ndbm-db --with-openldap-lib=/usr/local/openldap/lib --with-openldap-include=/usr/local/openldap/include --with-openldap-config=/usr/local/openldap/etc/openldap --with-openssl=/usr/local --with-openssl-lib=/usr/local/lib --with-openssl-niclude=/usr/local/include/openssl
# make install


mail2# kadmin -l
kadmin> list *
kadmin: opening database: ldap_sasl_bind_s: Can't contact LDAP server
kadmin: kadm5_get_principals: Wrong database version

What's happening here?
I just renamed my old installation(0.7.1) directory because I am afraid that I might ruin everything if I just overwrite it with (0.7.2) installation....
No changes have been made to openldap whatsoever..
When I use the old installation (0.7.1) everything works fine again..



Thanks..



Brings words and photos together (easily) with
PhotoMail - it's free and works with Yahoo! Mail.