@vdukhovni vdukhovni released this Dec 8, 2017 · 1 commit to heimdal-7-1-branch since this release

Assets 4

This is a security release of Heimdal

This release patches a remote denial of service

CVE-2017-17439: In Heimdal 7.1 through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm.

@nicowilliams nicowilliams released this Jul 11, 2017 · 7 commits to heimdal-7-1-branch since this release

Assets 4

This is a security release of Heimdal.

This release patches a critical vulnerability:

CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation

In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'.  Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.

Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.

See https://www.orpheus-lyre.info/

@nicowilliams nicowilliams released this Apr 13, 2017 · 264 commits to master since this release

Assets 4

This is the Heimdal 7.3 security release.

This release addresses CVE-2017-6594. See the NEWS file for details.

@nicowilliams nicowilliams released this Dec 15, 2016 · 264 commits to master since this release

Assets 4

This is rc3 for 7.1. This fixes make dist issues in rc2:

  • Doxygen issues
  • missing files

@nicowilliams nicowilliams released this Dec 14, 2016 · 264 commits to master since this release

Assets 4

Use the first two download links below, not the github-generated archive links labeled Source code.

Nov 29, 2016
Heimdal 7.1 rc1

@nicowilliams nicowilliams released this Nov 29, 2016 · 264 commits to master since this release

Assets 4

This is the Heimdal 7.0.1 release, a release candidate for 7.1.

Feb 18, 2014
update copyright year