[ol9_baseos_latest] krb5-libs-1.21.1-4.0.1.el9_5.aarch64

Name:	krb5-libs
Version:	1.21.1
Release:	4.0.1.el9_5
Architecture:	aarch64
Group:	Unspecified
Size:	2705743
License:	MIT
RPM:	krb5-libs-1.21.1-4.0.1.el9_5.aarch64.rpm
Source RPM:	krb5-1.21.1-4.0.1.el9_5.src.rpm
Build Date:	Wed Nov 20 2024
Build Host:	build-ol9-aarch64.oracle.com
Vendor:	Oracle America
URL:	https://web.mit.edu/kerberos/www/
Summary:	The non-admin shared libraries used by Kerberos 5
Description:	Kerberos is a network authentication system. The krb5-libs package contains the shared libraries needed by Kerberos 5. If you are using Kerberos, you need to install this package.

Changelog (Show File list) (Show related packages)

Wed Nov 20 2024 EL Errata <el-errata_ww@oracle.com> - 1.21.1-4.0.1
```
- Fixed race condition in krb5_set_password() [Orabug: 33609767]
```

Thu Oct 17 2024 Julien Rische <jrische@redhat.com> - 1.21.1-4

- libkrad: implement support for Message-Authenticator (CVE-2024-3596)
  Resolves: RHEL-55423
- Fix various issues detected by static analysis
  Resolves: RHEL-58216
- Remove RSA protocol for PKINIT
  Resolves: RHEL-15323

Fri Jul 05 2024 Julien Rische <jrische@redhat.com> - 1.21.1-3

- CVE-2024-37370 CVE-2024-37371
  Fix vulnerabilities in GSS message token handling
  Resolves: RHEL-45402 RHEL-45392

Wed Mar 20 2024 Julien Rische <jrische@redhat.com> - 1.21.1-2

- Fix memory leak in GSSAPI interface
  Resolves: RHEL-27251
- Fix memory leak in PMAP RPC interface
  Resolves: RHEL-27245
- Fix memory leak in failing UTF-8 to UTF-16 re-encoding for PAC
  Resolves: RHEL-27253
- Make TCP waiting time configurable
  Resolves: RHEL-17132

Tue Aug 08 2023 Julien Rische <jrische@redhat.com> - 1.21.1-1

- New upstream version (1.21.1)
- Fix double-free in KDC TGS processing (CVE-2023-39975)
- Add support for "pac_privsvr_enctype" KDB string attribute
  Resolves: rhbz#2060421

Thu Jun 08 2023 Julien Rische <jrische@redhat.com> - 1.20.1-9

- Do not disable PKINIT if some of the well-known DH groups are unavailable
  Resolves: rhbz#2187722
- Make PKINIT CMS SHA-1 signature verification available in FIPS mode
  Resolves: rhbz#2155607
- Allow to set PAC ticket signature as optional
  Resolves: rhbz#2178298

Wed Feb 22 2023 Julien Rische <jrische@redhat.com> - 1.20.1-8

- Fix datetime parsing in kadmin on s390x
  Resolves: rhbz#2169985

Tue Feb 14 2023 Julien Rische <jrische@redhat.com> - 1.20.1-7

- Fix double free on kdb5_util key creation failure
  Resolves: rhbz#2166603

Tue Jan 31 2023 Julien Rische <jrische@redhat.com> - 1.20.1-6

- Add support for MS-PAC extended KDC signature (CVE-2022-37967)
  Resolves: rhbz#2165827

Thu Jan 19 2023 Julien Rische <jrische@redhat.com> - 1.20.1-5

- Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled
- Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode
  Resolves: rhbz#2162461