[19698] in Kerberos_V5_Development
Is the vulnerability CVE-2017-11462 applicable to older MIT
daemon@ATHENA.MIT.EDU (Sergey Emantayev)
Sun Dec 3 05:11:19 2017
Date: Sun, 3 Dec 2017 10:10:53 +0000 (UTC)
From: Sergey Emantayev <sergeem@yahoo.com>
To: "krbdev@mit.edu" <krbdev@mit.edu>
Message-ID: <2137567410.584623.1512295853265@mail.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hi,
We're using a 3rd party software integrated with the MIT Kerberos 5 library version 1.9.1. This is used to communicate to MS Active Directory in Linux. I found a fix is available for the latest versions 1.13, 1.14, 1.15: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598. However should we apply (back port) the fix to our library 1.9.1? I know that they made few patches in the original MIT Kerberos code, I'm in doubt about an upgrade option.
Thanks,
Sergey Emantayev
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev