Security update for krb5
This update for krb5 fixes several issues.
This security issue was fixed:
- CVE-2017-11462: Prevent automatic security context deletion to prevent
double-free (bsc#1056995)
These non-security issues were fixed:
- Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf
in order to improve client security in handling service principle
names. (bsc#1054028)
- Prevent kadmind.service startup failure caused by absence of
LDAP service. (bsc#903543)
- Remove main package's dependency on systemd (bsc#1032680)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
-
Submitted by
Howard Guo (guohouzuo)
Fixed bugs
bnc#1054028
AUDIT-0: krb5: Insecure DNS dependency in many Kerberos deployments
bnc#1032680
krb5 requires systemd, but does not need this
bnc#903543
systemd kadmind.service missing openldap dependency
bnc#1056995
VUL-0: CVE-2017-11462: krb5: automatic sec context deletion could lead to double-free
