Sat, 28 Feb 2026 03:27:37 UTC | login

Information for build krb5-1.21.3-8.el10_0

ID4551
Package Namekrb5
Version1.21.3
Release8.el10_0
Epoch
DraftFalse
SummaryThe Kerberos network authentication system
DescriptionKerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted form.
Built bykojiadmin
State complete
Volume DEFAULT
StartedTue, 17 Feb 2026 16:49:49 UTC
CompletedTue, 17 Feb 2026 16:49:49 UTC
Tags
almalinux-10.0
v9.0-incoming
RPMs
src
krb5-1.21.3-8.el10_0.src.rpm (info) (download)
x86_64_v2
krb5-libs-1.21.3-8.el10_0.x86_64_v2.rpm (info) (download)
Changelog * Mon Apr 28 2025 Julien Rische <jrische@redhat.com> - 1.21.3-8 - Do not block HMAC-MD4/5 in FIPS mode Resolves: RHEL-88705 - Don't issue RC4 session keys by default (CVE-2025-3576) Resolves: RHEL-88047 - Add PKINIT paChecksum2 from MS-PKCA v20230920 Resolves: RHEL-74295 * Wed Jan 29 2025 Julien Rische <jrische@redhat.com> - 1.21.3-7 - Prevent overflow when calculating ulog block size (CVE-2025-24528) Resolves: RHEL-76758 * Fri Jan 17 2025 Julien Rische <jrische@redhat.com> - 1.21.3-6 - Support PKCS11 EC client certs in PKINIT Resolves: RHEL-74373 - kdb5_util: fix DB entry flags on modification Resolves: RHEL-56058 - Add ECDH support for PKINIT (RFC5349) Resolves: RHEL-71881 * Mon Nov 04 2024 Julien Rische <jrische@redhat.com> - 1.21.3-5 - Make test dependencies optional if not part of CentOS/RHEL 10 Resolves: RHEL-65724 * Wed Oct 30 2024 Julien Rische <jrische@redhat.com> - 1.21.3-4 - libkrad: implement support for Message-Authenticator (CVE-2024-3596) Resolves: RHEL-55427 - Fix various issues detected by static analysis Resolves: RHEL-45165 - Remove RSA protocol for PKINIT Resolves: RHEL-56070 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.21.3-3 - Bump release for October 2024 mass rebuild: Resolves: RHEL-64018 * Fri Jul 12 2024 Julien Rische <jrische@redhat.com> - 1.21.3-2 - Do not include files with "~" termination in krb5-tests Resolves: RHEL-45995 * Fri Jul 12 2024 Julien Rische <jrische@redhat.com> - 1.21.3-1 - New upstream version (1.21.3) - CVE-2024-37370 CVE-2024-37371 Fix vulnerabilities in GSS message token handling Resolves: RHEL-45387 RHEL-45378 - Fix memory leak in GSSAPI interface Resolves: RHEL-47284 - Fix memory leak in PMAP RPC interface Resolves: RHEL-47287 - Fix memory leak in failing UTF-8 to UTF-16 re-encoding for PAC Resolves: RHEL-47285 - Make TCP waiting time configurable Resolves: RHEL-47278 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.21.2-7 - Bump release for June 2024 mass rebuild * Wed Jun 19 2024 Julien Rische <jrische@redhat.com> - 1.21.2-6 - Add missing SPDX license identifiers Resolves: RHEL-44383 * Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.21.2-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.21.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Wed Jan 17 2024 Julien Rische <jrische@redhat.com> - 1.21.2-3 - Fix double free in klist's show_ccache() Resolves: rhbz#2257301 - Store krb5-tests files in architecture-specific directories Resolves: rhbz#2244601 * Tue Oct 10 2023 Julien Rische <jrische@redhat.com> - 1.21.2-2 - Use SPDX expression for license tag - Fix unimportant memory leaks Resolves: rhbz#2223274 * Wed Aug 16 2023 Julien Rische <jrische@redhat.com> - 1.21.2-1 - New upstream version (1.21.2) - Fix double-free in KDC TGS processing (CVE-2023-39975) Resolves: rhbz#2229113 - Make tests compatible with Python 3.12 Resolves: rhbz#2224013 * Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.21-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu Jun 29 2023 Marek Blaha <mblaha@redhat.com> - 1.21-2 - Replace file dependency with package name Resolves: rhbz#2216903 * Mon Jun 12 2023 Julien Rische <jrische@redhat.com> - 1.21-1 - New upstream version (1.21) - Do not disable PKINIT if some of the well-known DH groups are unavailable Resolves: rhbz#2214297 - Make PKINIT CMS SHA-1 signature verification available in FIPS mode Resolves: rhbz#2214300 - Allow to set PAC ticket signature as optional Resolves: rhbz#2181311 - Add support for MS-PAC extended KDC signature (CVE-2022-37967) Resolves: rhbz#2166001 - Fix syntax error in aclocal.m4 Resolves: rhbz#2143306