Overview

File _patchinfo of Package patchinfo.4894

<patchinfo incident="4894">
  <issue id="1054028" tracker="bnc">AUDIT-0: krb5: Insecure DNS dependency in many Kerberos deployments</issue>
  <issue id="1032680" tracker="bnc">krb5 requires systemd, but does not need this</issue>
  <issue id="903543" tracker="bnc">systemd kadmind.service missing openldap dependency</issue>
  <issue id="1056995" tracker="bnc">VUL-0: CVE-2017-11462: krb5: automatic sec context deletion could lead to double-free</issue>
  <issue id="2017-11462" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>guohouzuo</packager>
  <description>This update for krb5 fixes several issues.

This security issue was fixed:

- CVE-2017-11462: Prevent automatic security context deletion to prevent
  double-free (bsc#1056995)

These non-security issues were fixed:

- Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf
  in order to improve client security in handling service principle
  names. (bsc#1054028)
- Prevent kadmind.service startup failure caused by absence of
  LDAP service. (bsc#903543)
- Remove main package's dependency on systemd (bsc#1032680)
</description>
  <summary>Security update for krb5</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places