FOSDEM 2026

"Fixing a Kerberos vulnerability with the bare necessities" ( 2024 )

Sunday at 14:30, 25 minutes, K.3.401, K.3.401, Identity and Access Management devroom Julien Rische , slides , video

Fixing vulnerabilities on long term support distributions can be a challenging task. Constraints such as protocol compatibility or ABI stability often get in the way of backporting security fixes. When a fix simply is incompatible with an older OS version, designing a new one taking advantage of the limited processes and data available might be required.

I will illustrate this with the case of the Bronze-Bit Kerberos vulnerability, which affected FreeIPA and couldn't be fixed the expected way on CentOS 8 Stream and RHEL 8.

2026

0.51 "Reduce attack surface or keep compatibility: lessons of sudo-rs and run0 transition plans"

2025

0.51 "Fixing CVEs on Debian: _almost_ everything you should know about it"
0.50 "The SELinux problem that cast a months long shadow"
0.46 "How FreeBSD security audits have improved our security culture"

2024

0.50 "Remediating thousands of untracked security vulnerabilities in nixpkgs"
0.48 "Passkey authentication - the result"
0.47 "POSIX identities out of OAuth2 identity providers: how to redesign SSSD and Samba?"
0.46 "Beyond passwords: secure authentication with passkeys"
0.46 "Connecting IBM AIX to Red Hat Identity Manager (FreeIPA)"
0.46 "One way forward: finding a path to what comes after Unix"

Related: