- Fix multiple checksum handling vulnerabilities

(MITKRB5-SA-2010-007, bnc#650650) CVE-2010-1324 * krb5 GSS-API applications may accept unkeyed checksums * krb5 application services may accept unkeyed PAC checksums * krb5 KDC may accept low-entropy KrbFastArmoredReq checksums CVE-2010-1323 * krb5 clients may accept unkeyed SAM-2 challenge checksums * krb5 may accept KRB-SAFE checksums with low-entropy derived keys CVE-2010-4020 * krb5 may accept authdata checksums with low-entropy derived keys CVE-2010-4021 * krb5 KDC may issue unrequested tickets due to KrbFastReq forgery OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=37
2010-12-01 10:45:18 +00:00
parent 2689697c16
commit 248552dcc5
5 changed files with 243 additions and 1 deletions
--- a/krb5.changes
+++ b/krb5.changes
@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Wed Dec  1 11:44:15 CET 2010 - mc@suse.de
+
+- Fix multiple checksum handling vulnerabilities 
+  (MITKRB5-SA-2010-007, bnc#650650)
+  CVE-2010-1324
+  * krb5 GSS-API applications may accept unkeyed checksums
+  * krb5 application services may accept unkeyed PAC checksums
+  * krb5 KDC may accept low-entropy KrbFastArmoredReq checksums
+  CVE-2010-1323
+  * krb5 clients may accept unkeyed SAM-2 challenge checksums
+  * krb5 may accept KRB-SAFE checksums with low-entropy derived keys
+  CVE-2010-4020
+  * krb5 may accept authdata checksums with low-entropy derived keys
+  CVE-2010-4021
+  * krb5 KDC may issue unrequested tickets due to KrbFastReq forgery 
+
 -------------------------------------------------------------------
 Thu Oct 28 12:53:13 CEST 2010 - mc@suse.de