From owner-freebsd-security@FreeBSD.ORG Sun Jun 6 17:10:10 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 410C5106564A for ; Sun, 6 Jun 2010 17:10:10 +0000 (UTC) (envelope-from bf1783@googlemail.com) Received: from mail-ww0-f54.google.com (mail-ww0-f54.google.com [74.125.82.54]) by mx1.freebsd.org (Postfix) with ESMTP id CE7058FC0C for ; Sun, 6 Jun 2010 17:10:08 +0000 (UTC) Received: by wwb22 with SMTP id 22so2703227wwb.13 for ; Sun, 06 Jun 2010 10:10:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:received:reply-to:date :message-id:subject:from:to:content-type; bh=J4D9cENPt8MpF3/xtVwq6VwHerxHZhONWPn02J7HV8M=; b=dLq1TR+FXleHpWRakKBnd5/np+0lY3YfpfYtRX1fafInBIXzkcg1RqJrSgZhoA2ROT x1S5MRkLU6Qvk5/1487iHDbtMEK/jaFI/39EccplYiExF0AyCHiz/4xtafNRezEr8X4G 9RZztAhF9eMHvSLqN+lJiOra9F0UbDn+mLias= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:reply-to:date:message-id:subject:from:to:content-type; b=YbFd1VFKwauvl0zj6+d1dOCNs9k53WdCtUzHeNaCYRB/gHMshwZ2Qfi+mAE0cfAeAy cJGproyYeCVn+XgD7aC7ssQjgqdXeaBj3aT8r1txNPmZEQsqGZAh9X4oiB/jzhIrbPgL kTBfFQz9/LRjQ8c0zp+20ozVPMkRe7W+kkZR4= MIME-Version: 1.0 Received: by 10.216.93.2 with SMTP id k2mr1504906wef.56.1275842519840; Sun, 06 Jun 2010 09:41:59 -0700 (PDT) Received: by 10.216.183.5 with HTTP; Sun, 6 Jun 2010 09:41:59 -0700 (PDT) Date: Sun, 6 Jun 2010 16:41:59 +0000 Message-ID: From: "b. f." To: freebsd-current@freebsd.org, freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Mailman-Approved-At: Sun, 06 Jun 2010 17:55:44 +0000 Cc: Subject: Our aging base system heimdal X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bf1783@gmail.com List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Jun 2010 17:10:10 -0000 Is anybody planning to update the base system heimdal, which has been largely untouched since May 2008? In addition to the many other bug-fixes and improvements in the current version 1.3.3 (see, for example: http://www.h5l.org/releases.html ), there are patches for heimdal vulnerabilities 2010-05-27 and 2010-03-21 (CVE-2010-1321), which are described at: http://www.h5l.org/advisories.html Others have mentioned that they have problems using our base system heimdal -- problems that cannot be easily circumvented by rebuilding WITHOUT_KERBEROS, and using security/krb5 (security/heimdal is badly outdated), because this leaves various dependent base system utilities behind, if they are not modified. Regards, b.