Kerberos Versions
Would someone do a blog like Darren Moffat's that explains kerberos versioning?
https://blogs.oracle.com/darren/en_GB/entry/openssl_versions_in_solaris
It seems like kerberos has been stuck on an old version for a very long time, but I just heard that it was synched up with 1.8 for Solaris 10 and CVEs 2012-1012, 1014, and 1015 do not apply. Yet Retina keeps hitting on these CVEs because it does a version check using krb5-config -version. eEYE won't fix their code until there is some kind of public post that states Solaris is not affected by these CVEs. Can anyone help?
https://blogs.oracle.com/darren/en_GB/entry/openssl_versions_in_solaris
It seems like kerberos has been stuck on an old version for a very long time, but I just heard that it was synched up with 1.8 for Solaris 10 and CVEs 2012-1012, 1014, and 1015 do not apply. Yet Retina keeps hitting on these CVEs because it does a version check using krb5-config -version. eEYE won't fix their code until there is some kind of public post that states Solaris is not affected by these CVEs. Can anyone help?
0