February 2020 Russ Allbery > Eagle's Path May 2020 >

Posts for March 2020

Syndication

RSS All posts
 RSS Only reviews
 RSS Only software releases
 RSS Debian-focused
 RSS Web site changes
 DW: eaglespath_feed

Comments

This journal does not support comments. Read why.

Archives

Book and magazine reviews are not included in the journal archives. For older book reviews, see all book reviews sorted by date and all magazine reviews.

2024: 01

2023: 01 02 03 04 05 06 07 08 09 10 11 12

2022: 01 02 03 04 05 06 07 08 09 10 11 12

2021: 01 02 03 04 05 06 07 08 09 10 11 12

2020: 01 02 03 04 05 06 07 08 09 10 11 12

2019: 01 02 03 04 05 06 07 08 09 10 11 12

2018: 01 02 03 04 05 06 07 08 09 10 11 12

2017: 01 02 03 04 05 06 07 08 09 10 11 12

2016: 01 02 03 04 05 06 07 08 09 10 11 12

2015: 01 02 03 04 05 06 07 08 09 10 11 12

2014: 01 02 03 04 05 06 07 08 09 10 11 12

2013: 01 02 03 04 05 06 07 08 09 10 11 12

2012: 01 02 03 04 05 06 07 08 09 10 11 12

2011: 01 02 03 04 05 06 07 08 09 10 11 12

2010: 01 02 03 04 05 06 07 08 09 10 11 12

2009: 01 02 03 04 05 06 07 08 09 10 11 12

2008: 01 02 03 04 05 06 07 08 09 10 11 12

2007: 01 02 03 04 05 06 07 08 09 10 11 12

2006: 01 02 03 04 05 06 07 08 09 10 11 12

2005: 01 02 03 04 05 06 07 08 09 10 11 12

2004: 01 02 03 04 05 06 07 08 09 10 11 12

2003: 03 04 05 06 07 08 09 10 11 12

Other Book Reviews

Light Reads
James Davis Nicoll
Martin's Booklog
Outside of a Dog
rushthatspeaks
Salon Futura
Susan Stepney
Tor.com
Weasel Words

Fiction Authors

Elizabeth Bear
Steven Brust
Nicola Griffith
David Langford
Yoon Ha Lee
N.K. Jemisin
Rosemary Kirstein
Sarah Monette
Lyda Morehouse
John Scalzi
Karl Schroeder
Ursula Vernon

Social Commentary

Ask A Manager
Camestros Felapton
Captain Awkward
DNA Lounge
Camestros Felapton
Lowering the Bar
Cal Newport
James Nicoll
Anne Helen Petersen
Slacktivist (Fred Clark)
Adam Tooze
Jamie Zawinski

Technology and Science

Eye on the Storm
Linux Weekly News
Dan Luu
Bruce Schneier

Comics

Penny Arcade
XKCD
XKCD What If?

2020-03-30: pam-krb5 4.9

This is a security release fixing a one-byte buffer overflow when relaying prompts from the underlying Kerberos library. All users of my pam-krb5 module should upgrade as soon as possible. See the security advisory for more information.

There are also a couple more minor security improvements in this release: The module now rejects passwords as long or longer than PAM_MAX_RESP_SIZE (normally 512 octets) since they can be a denial of service attack via the Kerberos string-to-key function, and uses explicit_bzero where available to clear passwords before releasing memory.

Also in this release, use_pkinit is now supported with MIT Kerberos, the Kerberos prompter function returns more accurate error messages, I fixed an edge-case memory leak in pam_chauthtok, and the module/basic test will run properly with a system krb5.conf file that doesn't specify a realm.

You can get the latest release from the pam-krb5 distribution page. I've also uploaded the new version to Debian unstable and patched security releases with only the security fix to Debian stable and oldstable.

2020-03-30 19:34 — Permanent link

February 2020 Russ Allbery > Eagle's Path May 2020 >
Last spun 2024-01-01 from thread modified 2020-03-31