=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN470
_____________________________________________________________________

DATE                      : 28/08/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running MIT Kerberos 5.

======================================================================
http://mailman.mit.edu/pipermail/kerberos-announce/2006q3/000059.html
http://mailman.mit.edu/pipermail/kerberos-announce/2006q3/000058.html
http://mailman.mit.edu/pipermail/kerberos-announce/2006q3/000056.html

----------------------------------------------------------------------

The MIT Kerberos Team announces the availability of MIT Kerberos 5
Release 1.4.4.  Please see below for a list of some major changes
included, or consult the README file in the source tree for a more
detailed list of significant changes.

RETRIEVING KERBEROS 5 RELEASE 1.4.4
===================================

You may retrieve the Kerberos 5 Release 1.4.4 source from the
following URL:

         http://web.mit.edu/kerberos/dist/

The homepage for the krb5-1.4.4 release is:

         http://web.mit.edu/kerberos/krb5-1.4/

Further information about Kerberos 5 may be found at the following
URL:

         http://web.mit.edu/kerberos/

MAJOR CHANGES
=============

The only significant change in krb5-1.4.4 is to fix the security
vulnerabilities decribed in MITKRB5-SA-2006-001, which are local
privilege escalation vulnerabilities in applications running on Linux
and AIX.


-------------------------------------------------------------------------
2.

The MIT Kerberos Team announces the availability of MIT Kerberos 5
Release 1.5.1.  Please see below for a list of some major changes
included, or consult the README file in the source tree for a more
detailed list of significant changes.

RETRIEVING KERBEROS 5 RELEASE 1.5.1
===================================

You may retrieve the Kerberos 5 Release 1.5.1 source from the
following URL:

         http://web.mit.edu/kerberos/dist/

The homepage for the krb5-1.5.1 release is:

         http://web.mit.edu/kerberos/krb5-1.5/

Further information about Kerberos 5 may be found at the following
URL:

         http://web.mit.edu/kerberos/

MAJOR CHANGES
=============

The only significant change in krb5-1.5.1 is to fix the security
vulnerabilities decribed in MITKRB5-SA-2006-001, which are local
privilege escalation vulnerabilities in applications running on Linux
and AIX.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================