Fixing a Kerberos vulnerability with the bare necessities
- Track: Identity and Access Management devroom
- Room: K.3.401
- Day: Sunday
- Start: 14:30
- End: 14:55
- Video only: k3401
- Chat: Join the conversation!
Fixing vulnerabilities on long term support distributions can be a challenging task. Constraints such as protocol compatibility or ABI stability often get in the way of backporting security fixes. When a fix simply is incompatible with an older OS version, designing a new one taking advantage of the limited processes and data available might be required.
I will illustrate this with the case of the Bronze-Bit Kerberos vulnerability, which affected FreeIPA and couldn't be fixed the expected way on CentOS 8 Stream and RHEL 8.
Speakers
Julien Rische |