Release Notes - Heimdal - Version Heimdal 1.5.2
Security fixes
- CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd - escalation of privilege
- Check that key types strictly match - denial of service
Release Notes - Heimdal - Version Heimdal 1.5.1
Bug fixes
- Fix building on Solaris, requires c99
- Fix building on Windows
- Build system updates
Release Notes - Heimdal - Version Heimdal 1.5
New features
- Support GSS name extensions/attributes
- SHA512 support
- No Kerberos 4 support
- Basic support for MIT Admin protocol (SECGSS flavor)
in kadmind (extract keytab)
- Replace editline with libedit
New features
* Support for reading MIT database file directly
* KCM is polished up and now used in production
* NTLM first class citizen, credentials stored in KCM
* Table driven ASN.1 compiler, smaller!, not enabled by default
* Native Windows client support
Notes
* Disabled write support NDBM hdb backend (read still in there) since
it can't handle large records, please migrate to a diffrent backend
(like BDB4)
Changes 1.3.3:
Bug fixes
* Check the GSS-API checksum exists before trying to use it [CVE-2010-1321]
* Check NULL pointers before dereference them [kdc]
Changes 1.3.2:
Bug fixes
* Don't mix length when clearing hmac (could memset too much)
* More paranoid underrun checking when decrypting packets
* Check the password change requests and refuse to answer empty packets
* Build on OpenSolaris
* Renumber AD-SIGNED-TICKET since it was stolen from US
* Don't cache /dev/*random file descriptor, it doesn't get unloaded
* Make C++ safe
* Misc warnings
