IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Require krb5 with fix for CVE-2018-20217

Browse Source 
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5
(aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using
an older encryption type (single-DES, triple-DES, or RC4), the attacker
can crash the KDC by making an S4U2Self request.

1.16.1-24 comes without Fix-bugs-with-concurrent-use-of-MEMORY-ccaches,
which caused a regression with IPA.

See: https://nvd.nist.gov/vuln/detail/CVE-2018-20217
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Christian Heimes
2019-01-09 11:05:38 +01:00
parent 8276caf865
commit c26cb5afde
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
freeipa.spec.in
View File

@@ -57,7 +57,8 @@
# Fedora
%global package_name freeipa
%global alt_name ipa
%global krb5_version 1.16.1
# Fix for CVE-2018-20217
%global krb5_version 1.16.1-24
%global krb5_kdb_version 7.0
# 0.7.16: https://github.com/drkjam/netaddr/issues/71
%global python_netaddr_version 0.7.16