Search Mailing List Archives
WebAuth 4.3.3 released
eagle at windlord.stanford.edu
Mon Nov 5 13:40:00 PST 2012
The ITS WebAuth team is chagrined to announce Stanford WebAuth 4.3.3.
This is a bug-fix release for the WebKDC and WebLogin services, correcting
two memory management errors. One of those errors may theoretically be
exploitable, so all users of mod_webkdc or the WebLogin service (or the
underlying WebAuth Perl module) from WebAuth 4.2.0 or later should upgrade
to this release.
For documentation and downloads of WebAuth 4.3.3, see:
New Debian packages built against Apache 2.4 have been uploaded to Debian
The user-visible changes in this release are:
* Fix a memory initialization issue in the WebKDC that could cause
incorrect handling of random multifactor verification, including
requiring random multifactor when the WebAuth Application Server didn't
* Fix a memory allocation error in the WebAuth Perl module that could
cause memory corruption in the WebLogin server.
Russ Allbery <eagle at windlord.stanford.edu>
Technical Lead, ITS Infrastructure Delivery Group, Stanford University
More information about the webauth-announce