[Heimdal-announce] Heimdal 7.4 security release announcement.

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[Heimdal-announce] Heimdal 7.4 security release announcement.

Viktor.Dukhovni
Dear Heimdal Community,

A team consisting of staff from Two Sigma Open Source and AuriStor are
pleased to announce the release of Heimdal 7.4.

The release download page is:

    https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0

The source tarball can be downloaded from:

    https://github.com/heimdal/heimdal/releases/download/heimdal-7.4.0/heimdal-7.4.0.tar.gz
    https://github.com/heimdal/heimdal/releases/download/heimdal-7.4.0/heimdal-7.4.0.tar.gz.sig

    SHA256(heimdal-7.4.0.tar.gz)= 3de14ecd36ad21c1694a13da347512b047f4010d176fe412820664cb5d1429ad
    SHA1(heimdal-7.4.0.tar.gz)= e496db36f8a232c3b1aa87a1e08f299b6f8f57a5

The signature key fingerprint is: E659 41B7 1CF3 C459 A34F  A89C 45E7 572A 28CD 8CC8

Changes in Heimdal 7.4:

 Security

 - Fix CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation

   This is a critical vulnerability.

   In _krb5_extract_ticket() the KDC-REP service name must be obtained from
   encrypted version stored in 'enc_part' instead of the unencrypted version
   stored in 'ticket'.  Use of the unecrypted version provides an
   opportunity for successful server impersonation and other attacks.

   Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.

   See https://www.orpheus-lyre.info/ for more details.

--
   The Heimdal Release Team.
_______________________________________________
Heimdal-announce mailing list
[hidden email]
https://www.h5l.org/mailman/listinfo/heimdal-announce
Reply | Threaded
Open this post in threaded view
|

Re: [Heimdal-announce] Heimdal 7.4 security release announcement.

Ken Dreyer-2
On Tue, Jul 11, 2017 at 12:34 PM,  <[hidden email]> wrote:
> Dear Heimdal Community,
>
> A team consisting of staff from Two Sigma Open Source and AuriStor are
> pleased to announce the release of Heimdal 7.4.

Builds are available for Fedora and EPEL.

https://bodhi.fedoraproject.org/updates/?packages=heimdal

- Ken
_______________________________________________
Heimdal-announce mailing list
[hidden email]
https://www.h5l.org/mailman/listinfo/heimdal-announce