===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata34.html,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- www/errata34.html 2004/05/20 21:05:59 1.9
+++ www/errata34.html 2004/05/30 22:40:51 1.10
@@ -56,6 +56,22 @@
All architectures
+-
+022: SECURITY FIX: May 30,
+2004
+A flaw in the Kerberos V kdc(8)
+server could result in the administrator of a Kerberos realm having
+the ability to impersonate any principal in any other realm which
+has established a cross-realm trust with their realm. The flaw is due to
+inadequate checking of the "transited" field in a Kerberos request. For
+more details see
+Heimdal's announcement.
+
+
+A source code patch exists which remedies this problem.
+
-
021: SECURITY FIX: May 20,
2004
@@ -356,7 +372,7 @@
www@openbsd.org
-
$OpenBSD: errata34.html,v 1.9 2004/05/20 21:05:59 otto Exp $
+
$OpenBSD: errata34.html,v 1.10 2004/05/30 22:40:51 beck Exp $