The MIT Kerberos Team announces the availability of the krb5-1.5.1 release. The detached PGP signature is available without going through the download page, if you wish to verify the authenticity of a distribution you have obtained elsewhere.
Kerberos 5 Release 1.5.1 includes many significant changes to the Kerberos build system, to GSS-API, and to the Kerberos KDC and administration system. These changes build up infrastructure as part of our effrots to make Kerberos more extensible and flexible. While we are confident that these changes will improve Kerberos in the long run, significant code restructuring may introduce portability problems or change behavior in ways that break applications. It is always important to test a new version of critical security software like Kerberos before deploying it in your environment to confirm that the new version meets your environment's requirements. Because of the significant restructuring, it is more important than usual to perform this testing and to report problems you find.
The only significant change in krb5-1.5.1 is to fix the security vulnerabilities decribed in MITKRB5-SA-2006-001, which are local privilege escalation vulnerabilities in applications running on Linux and AIX.
Please see the README file for a more complete list of changes.
You may also see the current full list of fixed bugs tracked in our RT bugtracking system.
Known bugs reported against krb5-1.5.1 are listed here.
Please note that the HTML versions of these documents are converted from texinfo, and that the conversion is imperfect. If you want PostScript or GNU info versions, please download the documentation tarball.
You may retrieve the Kerberos 5 Release 1.5.1 source from here. If you need to acquire the sources from some other distribution site, you may verify them against the detached PGP signature for krb5-1.5.1.