Synopsis: Moderate: krb5 security, bug fix, and enhancement update Advisory ID: SLSA-2018:0666-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-11368 CVE-2017-7562 -- Security Fix(es): * krb5: Authentication bypass by improper validation of certificate EKU and SAN (CVE-2017-7562) * krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure (CVE-2017-11368) Additional Changes: -- SL7 x86_64 krb5-debuginfo-1.15.1-18.el7.i686.rpm krb5-debuginfo-1.15.1-18.el7.x86_64.rpm krb5-libs-1.15.1-18.el7.i686.rpm krb5-libs-1.15.1-18.el7.x86_64.rpm krb5-pkinit-1.15.1-18.el7.x86_64.rpm krb5-workstation-1.15.1-18.el7.x86_64.rpm libkadm5-1.15.1-18.el7.i686.rpm libkadm5-1.15.1-18.el7.x86_64.rpm krb5-devel-1.15.1-18.el7.i686.rpm krb5-devel-1.15.1-18.el7.x86_64.rpm krb5-server-1.15.1-18.el7.x86_64.rpm krb5-server-ldap-1.15.1-18.el7.x86_64.rpm - Scientific Linux Development Team