[ol9_baseos_latest] krb5-server-1.21.1-4.0.1.el9_5.i686

Name:	krb5-server
Version:	1.21.1
Release:	4.0.1.el9_5
Architecture:	i686
Group:	Unspecified
Size:	785597
License:	MIT
RPM:	krb5-server-1.21.1-4.0.1.el9_5.i686.rpm
Source RPM:	krb5-1.21.1-4.0.1.el9_5.src.rpm
Build Date:	Wed Nov 20 2024
Build Host:	build-ol9-i386.oracle.com
Vendor:	Oracle America
URL:	https://web.mit.edu/kerberos/www/
Summary:	The KDC and related programs for Kerberos 5
Description:	Kerberos is a network authentication system. The krb5-server package contains the programs that must be installed on a Kerberos 5 key distribution center (KDC). If you are installing a Kerberos 5 KDC, you need to install this package (in other words, most people should NOT install this package).

Changelog (Show File list) (Show related packages)

Wed Nov 20 2024 EL Errata <el-errata_ww@oracle.com> - 1.21.1-4.0.1
```
- Fixed race condition in krb5_set_password() [Orabug: 33609767]
```

Thu Oct 17 2024 Julien Rische <jrische@redhat.com> - 1.21.1-4

- libkrad: implement support for Message-Authenticator (CVE-2024-3596)
  Resolves: RHEL-55423
- Fix various issues detected by static analysis
  Resolves: RHEL-58216
- Remove RSA protocol for PKINIT
  Resolves: RHEL-15323

Fri Jul 05 2024 Julien Rische <jrische@redhat.com> - 1.21.1-3

- CVE-2024-37370 CVE-2024-37371
  Fix vulnerabilities in GSS message token handling
  Resolves: RHEL-45402 RHEL-45392

Wed Mar 20 2024 Julien Rische <jrische@redhat.com> - 1.21.1-2

- Fix memory leak in GSSAPI interface
  Resolves: RHEL-27251
- Fix memory leak in PMAP RPC interface
  Resolves: RHEL-27245
- Fix memory leak in failing UTF-8 to UTF-16 re-encoding for PAC
  Resolves: RHEL-27253
- Make TCP waiting time configurable
  Resolves: RHEL-17132

Tue Aug 08 2023 Julien Rische <jrische@redhat.com> - 1.21.1-1

- New upstream version (1.21.1)
- Fix double-free in KDC TGS processing (CVE-2023-39975)
- Add support for "pac_privsvr_enctype" KDB string attribute
  Resolves: rhbz#2060421

Thu Jun 08 2023 Julien Rische <jrische@redhat.com> - 1.20.1-9

- Do not disable PKINIT if some of the well-known DH groups are unavailable
  Resolves: rhbz#2187722
- Make PKINIT CMS SHA-1 signature verification available in FIPS mode
  Resolves: rhbz#2155607
- Allow to set PAC ticket signature as optional
  Resolves: rhbz#2178298

Wed Feb 22 2023 Julien Rische <jrische@redhat.com> - 1.20.1-8

- Fix datetime parsing in kadmin on s390x
  Resolves: rhbz#2169985

Tue Feb 14 2023 Julien Rische <jrische@redhat.com> - 1.20.1-7

- Fix double free on kdb5_util key creation failure
  Resolves: rhbz#2166603

Tue Jan 31 2023 Julien Rische <jrische@redhat.com> - 1.20.1-6

- Add support for MS-PAC extended KDC signature (CVE-2022-37967)
  Resolves: rhbz#2165827

Thu Jan 19 2023 Julien Rische <jrische@redhat.com> - 1.20.1-5

- Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled
- Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode
  Resolves: rhbz#2162461