File _patchinfo of Package patchinfo.5523

<patchinfo incident="5523">
  <issue id="1054028" tracker="bnc">AUDIT-0: krb5: Insecure DNS dependency in many Kerberos deployments</issue>
  <issue id="1055851" tracker="bnc">VUL-0: CVE-2017-7562: krb5: Authentication bypass by improper validation of certificate EKU and SAN</issue>
  <issue id="1081725" tracker="bnc">Kerberos SNCERR_GSSAPI  breaks Single Sign On SAP</issue>
  <issue id="2017-7562" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>guohouzuo</packager>
  <description>This update for krb5 provides the following fixes:

Security issues fixed:

- CVE-2017-7562: Improper validation of certificate EKU and SAN could lead to authentication
  bypass. (bsc#1055851)

Non-security issues fixed:

- Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf in order to improve
  client security in handling service principle names. (bsc#1054028)
- Fix a GSS failure in legacy applications by not indicating deprecated GSS mechanisms in
  gss_indicate_mech() list. (bsc#1081725)
</description>
  <summary>Security update for krb5</summary>
</patchinfo>
Places

File _patchinfo of Package patchinfo.5523

Places
