[Heimdal-source-changes] [heimdal/heimdal] d7bf24: Fix transit path validation CVE-2017-6594
GitHub
noreply at github.com
Tors Apr 13 22:27:00 CEST 2017
Branch: refs/heads/heimdal-7-1-branch
Home: https://github.com/heimdal/heimdal
Commit: d7bf245e793a9f9ec565e07dae9372597c0ece69
https://github.com/heimdal/heimdal/commit/d7bf245e793a9f9ec565e07dae9372597c0ece69
Author: Viktor Dukhovni <viktor at twosigma.com>
Date: 2017-04-11 (Tue, 11 Apr 2017)
Changed paths:
M NEWS
M kdc/krb5tgs.c
M tests/kdc/check-kdc.in
M tests/kdc/krb5.conf.in
Log Message:
-----------
Fix transit path validation CVE-2017-6594
Commit f469fc6 (2010-10-02) inadvertently caused the previous hop realm
to not be added to the transit path of issued tickets. This may, in
some cases, enable bypass of capath policy in Heimdal versions 1.5
through 7.2.
Note, this may break sites that rely on the bug. With the bug some
incomplete [capaths] worked, that should not have. These may now break
authentication in some cross-realm configurations.
Commit: 40d4229585ec17a9c051605aad7dd5d9e8831256
https://github.com/heimdal/heimdal/commit/40d4229585ec17a9c051605aad7dd5d9e8831256
Author: Nicolas Williams <nico at cryptonector.com>
Date: 2017-04-11 (Tue, 11 Apr 2017)
Changed paths:
M configure.ac
M windows/NTMakefile.version
Log Message:
-----------
Bump versions for upcoming Heimdal 7.3.0 release
Compare: https://github.com/heimdal/heimdal/compare/622ab5feac72...40d4229585ec
More information about the Heimdal-source-changes
mailing list