===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata34.html,v
retrieving revision 1.9
retrieving revision 1.10
diff -c -r1.9 -r1.10
*** www/errata34.html 2004/05/20 21:05:59 1.9
--- www/errata34.html 2004/05/30 22:40:51 1.10
***************
*** 56,61 ****
--- 56,77 ----
All architectures
+ -
+ 022: SECURITY FIX: May 30,
+ 2004
+ A flaw in the Kerberos V kdc(8)
+ server could result in the administrator of a Kerberos realm having
+ the ability to impersonate any principal in any other realm which
+ has established a cross-realm trust with their realm. The flaw is due to
+ inadequate checking of the "transited" field in a Kerberos request. For
+ more details see
+ Heimdal's announcement.
+
+
+ A source code patch exists which remedies this problem.
+
-
021: SECURITY FIX: May 20,
2004
***************
*** 356,362 ****
www@openbsd.org
!
$OpenBSD: errata34.html,v 1.9 2004/05/20 21:05:59 otto Exp $