Kerberos 5 Release 1.6.4-beta1
The krb5-1.6.4 release is in beta test. This is a
development release, and is NOT intended for end
users. It is strongly recommended that you not deploy it
in production environments. Please send comments to the
krbdev list. This is primarily a security fix release.
You may download the krb5-1.6.4-beta1 snapshot from here.
For a complete list of changes, please see this
list in our RT bugtracking system.
Major changes in 1.6.4 include
- Fix long-standing bug in libdb btree page splits that could
cause database corruption under unusual circumstances. This
is believed to be one of the major causes of unexplained
database corruption events reported to us over many years.
- Fix MITKRB5-SA-2008-002 rpc/svc.c file descriptor array
overrun. [CVE-2008-0947]
- Fix MITKRB5-SA-2008-001 double-free in KDC krb4 code
[CVE-2008-0062], and uninitialized data in KDC krb4 code.
[CVE-2008-0063]
$Id: krb5-1.6.4.html,v 1.1 2008/03/24 23:12:52 tlyu Exp $
MIT Kerberos
[ home ]
[ contact ]