Skip navigation

STANFORD UNIVERSITY

INFORMATION TECHNOLOGY SERVICES

WebAuth 4.3.3 Announcement

The ITS WebAuth team is chagrined to announce Stanford WebAuth 4.3.3. This is a bug-fix release for the WebKDC and WebLogin services, correcting two memory management errors. One of those errors may theoretically be exploitable, so all users of mod_webkdc or the WebLogin service (or the underlying WebAuth Perl module) from WebAuth 4.2.0 or later should upgrade to this release.

For documentation and downloads of WebAuth 4.3.3, see:

<http://webauth.stanford.edu/>

New Debian packages built against Apache 2.4 have been uploaded to Debian experimental.

The user-visible changes in this release are:

  • Fix a memory initialization issue in the WebKDC that could cause incorrect handling of random multifactor verification, including requiring random multifactor when the WebAuth Application Server didn't request it.

  • Fix a memory allocation error in the WebAuth Perl module that could cause memory corruption in the WebLogin server.

Last modified Friday, 12-Dec-2014 02:31:13 PM

Stanford University Home Page