Change log for krb5 package in Ubuntu
| 1 → 75 of 251 results | First • Previous • Next • Last |
| Published in oracular-proposed |
| Published in oracular-release |
| Published in noble-release |
| Deleted in noble-proposed (Reason: moved to release) |
krb5 (1.20.1-6ubuntu2) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 07:42:10 +0000
Available diffs
- diff from 1.20.1-6ubuntu1 to 1.20.1-6ubuntu2 (639 bytes)
krb5 (1.20.1-6ubuntu1) noble; urgency=medium * Fix tests with Python 3.12. -- Matthias Klose <email address hidden> Sun, 24 Mar 2024 12:51:41 +0100
Available diffs
| Superseded in noble-proposed |
krb5 (1.20.1-5.1ubuntu1) noble; urgency=medium * d/control: Change the krb5-kdc dependencies to use t64-suffixed libraries. -- Zixing Liu <email address hidden> Thu, 21 Mar 2024 14:02:29 -0600
Available diffs
- diff from 1.20.1-5.1build3 to 1.20.1-5.1ubuntu1 (505 bytes)
| Superseded in noble-proposed |
krb5 (1.20.1-5.1build3) noble; urgency=medium * No-change rebuild against libcom-err2 -- Steve Langasek <email address hidden> Tue, 12 Mar 2024 20:33:15 +0000
Available diffs
krb5 (1.20.1-6) unstable; urgency=medium * Fix up libverto1*->libverto1*t64, Closes: #1065702 -- Sam Hartman <email address hidden> Sun, 10 Mar 2024 19:36:33 -0600
Available diffs
| Superseded in noble-proposed |
krb5 (1.20.1-5.1build2) noble; urgency=medium * No-change rebuild for soname changes in dependencies. * Disable tests for a first build. -- Matthias Klose <email address hidden> Mon, 04 Mar 2024 12:31:39 +0100
Available diffs
- diff from 1.20.1-5.1 (in Debian) to 1.20.1-5.1build2 (462 bytes)
- diff from 1.20.1-5.1build1 to 1.20.1-5.1build2 (443 bytes)
| Superseded in noble-proposed |
krb5 (1.20.1-5.1) unstable; urgency=medium * Non-maintainer upload. * Rename libraries for 64-bit time_t transition. Closes: #1064164 -- Lukas Märdian <email address hidden> Wed, 28 Feb 2024 15:25:37 +0000
Available diffs
| Deleted in noble-updates (Reason: superseded by release) |
| Superseded in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
krb5 (1.20.1-5build1) noble; urgency=medium
* Rebuild against 'armhf -fstack-clash-protection breakage rebuild
with fixed dpkg'.
-- Gianfranco Costamagna <email address hidden> Fri, 24 Nov 2023 07:50:57 +0100
Available diffs
- diff from 1.20.1-3ubuntu1 to 1.20.1-5build1 (9.5 KiB)
- diff from 1.20.1-5 (in Debian) to 1.20.1-5build1 (346 bytes)
krb5 (1.20.1-1ubuntu0.1) lunar-security; urgency=medium
* SECURITY UPDATE: freeing of uninitialized memory
- debian/patches/CVE-2023-36054.patch: ensure array count consistency in
kadm5 RPC.
- CVE-2023-36054
-- Camila Camargo de Matos <email address hidden> Tue, 24 Oct 2023 14:00:59 -0300
Available diffs
krb5 (1.19.2-2ubuntu0.3) jammy-security; urgency=medium
* SECURITY UPDATE: freeing of uninitialized memory
- debian/patches/CVE-2023-36054.patch: ensure array count consistency in
kadm5 RPC.
- CVE-2023-36054
-- Camila Camargo de Matos <email address hidden> Tue, 24 Oct 2023 13:59:06 -0300
Available diffs
krb5 (1.17-6ubuntu4.4) focal-security; urgency=medium
* SECURITY UPDATE: freeing of uninitialized memory
- debian/patches/CVE-2023-36054.patch: ensure array count consistency in
kadm5 RPC.
- CVE-2023-36054
-- Camila Camargo de Matos <email address hidden> Tue, 24 Oct 2023 13:53:43 -0300
Available diffs
krb5 (1.20.1-5) unstable; urgency=medium [ Helmut Grohne ] * Annotate test dependencies <!nocheck>. (Closes: #1054461) [ Sam Hartman ] * Fix keyutils to be linux-any -- Helmut Grohne <email address hidden> Tue, 24 Oct 2023 07:17:27 +0200
| Superseded in noble-release |
| Published in mantic-release |
| Deleted in mantic-proposed (Reason: Moved to mantic) |
krb5 (1.20.1-3ubuntu1) mantic; urgency=medium
* Make krb5int_strl(cat|copy) optional symbols, since they are not needed
when built against glibc 2.38. Closes: #1043184.
* Declare Breaks: against older packages using these symbols.
* Make dependencies on libkrb5support0 strict to avoid future symbol skew.
-- Steve Langasek <email address hidden> Thu, 24 Aug 2023 18:07:33 +0000
Available diffs
krb5 (1.20.1-3) unstable; urgency=high
* Fixes CVE-2023-36054: a remote authenticated attacker can cause
kadmind to free an uninitialized pointer. Upstream believes remote
code execusion is unlikely, Closes: #1043431
-- Sam Hartman <email address hidden> Mon, 14 Aug 2023 14:06:53 -0600
Available diffs
- diff from 1.20.1-2 to 1.20.1-3 (1.4 KiB)
krb5 (1.20.1-2) unstable; urgency=medium
* Tighten dependencies on libkrb5support0. This means that the entire
upgrade from bullseye to bookworm needs to be lockstep, but it appears
that's what is required, Closes: #1036055
-- Sam Hartman <email address hidden> Mon, 15 May 2023 17:44:41 -0600
Available diffs
- diff from 1.20.1-1build1 (in Ubuntu) to 1.20.1-2 (948 bytes)
krb5 (1.19.2-2ubuntu0.2) jammy; urgency=medium
* d/kdc.conf: Do not specify master key type to avoid weak crypto for
new realms. Existing realms will not be changed. (LP: #1981697)
-- Andreas Hasenack <email address hidden> Thu, 06 Apr 2023 19:21:06 -0300
Available diffs
krb5 (1.16-2ubuntu0.4) bionic-security; urgency=medium
* SECURITY UPDATE: Null pointer dereference issue
- debian/patches/CVE-2021-36222.patch: Fix KDC null deref on bad
encrypted challenge
- debian/patches/CVE-2021-37750.patch: Fix KDC null deref on TGS inner
body null server
- CVE-2021-36222
- CVE-2021-37750
-- Nishit Majithia <email address hidden> Wed, 15 Mar 2023 19:38:38 +0530
Available diffs
krb5 (1.17-6ubuntu4.3) focal-security; urgency=medium
* SECURITY UPDATE: Null pointer dereference issue
- debian/patches/CVE-2021-36222.patch: Fix KDC null deref on bad
encrypted challenge
- debian/patches/CVE-2021-37750.patch: Fix KDC null deref on TGS inner
body null server
- CVE-2021-36222
- CVE-2021-37750
-- Nishit Majithia <email address hidden> Wed, 15 Mar 2023 19:47:40 +0530
Available diffs
krb5 (1.16-2ubuntu0.3) bionic-security; urgency=medium
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-42898.patch: add buffer length checks in
krb5_pac_parse() in src/lib/krb5/krb/pac.c and a test case for
invalid buffers in src/lib/krb5/krb/t_pac.c.
- CVE-2022-42898
* SECURITY UPDATE: DoS (crash) the KDC by making an S4U2Self request
- debian/patches/CVE-2018-20217-1.patch: Ignore password attributes for
S4U2Self requests.
- debian/patches/CVE-2018-20217-2.patch: remove incorrect KDC assertion.
- CVE-2018-20217
-- Rodrigo Figueiredo Zaiden <email address hidden> Fri, 20 Jan 2023 07:37:35 -0300
Available diffs
krb5 (1.17-6ubuntu4.2) focal-security; urgency=medium
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-42898.patch: add buffer length checks in
krb5_pac_parse() in src/lib/krb5/krb/pac.c and a test case for
invalid buffers in src/lib/krb5/krb/t_pac.c.
- CVE-2022-42898
-- Rodrigo Figueiredo Zaiden <email address hidden> Fri, 20 Jan 2023 08:14:35 -0300
Available diffs
krb5 (1.19.2-2ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-42898.patch: add buffer length checks in
krb5_pac_parse() in src/lib/krb5/krb/pac.c and a test case for
invalid buffers in src/lib/krb5/krb/t_pac.c.
- CVE-2022-42898
-- Rodrigo Figueiredo Zaiden <email address hidden> Fri, 20 Jan 2023 08:34:37 -0300
Available diffs
krb5 (1.20-1ubuntu0.1) kinetic-security; urgency=medium
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-42898.patch: add buffer length checks in
krb5_pac_parse() in src/lib/krb5/krb/pac.c and a test case for
invalid buffers in src/lib/krb5/krb/t_pac.c.
- CVE-2022-42898
-- Rodrigo Figueiredo Zaiden <email address hidden> Fri, 20 Jan 2023 09:03:36 -0300
Available diffs
| Superseded in mantic-release |
| Published in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to lunar) |
krb5 (1.20.1-1build1) lunar; urgency=medium * No-change rebuild against libldap-2 -- Steve Langasek <email address hidden> Thu, 15 Dec 2022 19:49:24 +0000
Available diffs
- diff from 1.20.1-1 (in Debian) to 1.20.1-1build1 (613 bytes)
krb5 (1.20.1-1) unstable; urgency=high
[ Bastian Germann ]
* Sync debian/copyright with NOTICE from upstream
[ Debian Janitor ]
* Trim trailing whitespace.
* Strip unusual field spacing from debian/control.
* Use secure URI in Homepage field.
* Merge upstream signing key files.
* Update renamed lintian tag names in lintian overrides.
* Update standards version to 4.6.1, no changes needed.
* Remove field Section on binary package krb5-gss-samples that
duplicates source.
* Fix field name cases in debian/control (VCS-Browser => Vcs-Browser,
VCS-Git => Vcs-Git).
[ Sam Hartman ]
* New upstream release
- Integer overflows in PAC parsing; potentially critical for 32-bit
KDCs or when cross-realm acts maliciously; DOS in other conditions;
CVE-2022-42898, Closes: #1024267
* Tighten version dependencies around crypto library, Closes: 1020424
* krb5-user reccomends rather than Depends on krb5-config. This avoids
a hard dependency on bind9-host, but also supports cases where
krb5-config is externally managed, Closes: #1005821
-- Sam Hartman <email address hidden> Thu, 17 Nov 2022 10:34:28 -0700
Available diffs
- diff from 1.20-1 to 1.20.1-1 (255.2 KiB)
| Superseded in lunar-release |
| Obsolete in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
krb5 (1.20-1) unstable; urgency=medium * New Upstream Version * Do not specify master key type to avoid weak crypto, Closes: #1009927 -- Sam Hartman <email address hidden> Fri, 22 Jul 2022 16:32:38 -0600
Available diffs
- diff from 1.19.2-2 to 1.20-1 (732.5 KiB)
| Superseded in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
krb5 (1.19.2-2) unstable; urgency=medium * Standards version 4.6.0; no change * kpropd: run after network.target, Closes: #948820 * krb5-kdc: Remove /var from PidFile, Closes: #982009 -- Sam Hartman <email address hidden> Mon, 21 Feb 2022 13:05:20 -0700
Available diffs
- diff from 1.19.2-1 to 1.19.2-2 (1.1 KiB)
krb5 (1.19.2-1) experimental; urgency=medium
* New Upstream version
* Include patch to work with OpenSSL 3.0, Closes: #995152
* Depend on tex-gyre, Closes: #997407
-- Sam Hartman <email address hidden> Wed, 27 Oct 2021 14:04:42 -0600
Available diffs
krb5 (1.19.2-0ubuntu1) jammy; urgency=medium
[ Sam Hartman ]
* New Upstream version
* Depend on tex-gyre, Closes: #997407
[Simon Chopin]
* d/p/0012-Fix-softpkcs11-build-issues-with-openssl-3.0.patch:
Cherry-picked from upstream master to fix OpenSSL3 build.
Closes: #995152, LP: #1945795
-- Simon Chopin <email address hidden> Tue, 30 Nov 2021 10:54:17 +0100
Available diffs
krb5 (1.18.3-7) unstable; urgency=medium
* Fix KDC null dereference crash on FAST request with no server field,
CVE-2021-37750, Closes: #992607
* Fix memory leak in krb5_gss_inquire_cred, Closes: #991140
* Add javascript libraries for docs, thanks Andreas Beckmann, Closes: #988743
* Drop build-dependency on libncurses5-dev which hasn't been needed
since krb5-appl was removed, Closes: #981161
-- Sam Hartman <email address hidden> Fri, 27 Aug 2021 08:13:47 -0600
Available diffs
- diff from 1.18.3-6 to 1.18.3-7 (2.5 KiB)
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
krb5 (1.18.3-6) unstable; urgency=high
* Pull in upstream patch to fix CVE-2021-36222 (KDC NULL dereference),
Closes: #991365
-- Benjamin Kaduk <email address hidden> Wed, 21 Jul 2021 11:07:07 -0700
Available diffs
krb5 (1.18.3-5build1) impish; urgency=medium * No-change rebuild due to OpenLDAP soname bump. -- Sergio Durigan Junior <email address hidden> Mon, 21 Jun 2021 17:49:26 -0400
Available diffs
- diff from 1.18.3-5 (in Debian) to 1.18.3-5build1 (359 bytes)
krb5 (1.18.3-5) unstable; urgency=medium
* Update breaks on libk5crypto3 toward other internal libraries because
of removed internal symbols, Closes: #985739
-- Sam Hartman <email address hidden> Sun, 28 Mar 2021 13:43:01 -0400
Available diffs
- diff from 1.18.3-4 to 1.18.3-5 (494 bytes)
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: moved to Release) |
krb5 (1.18.3-4) unstable; urgency=medium
* Sigh, either use <= with the old version in the
libapache-mod-auth-kerb constraint or << with the new version. <=
with the new version is no good. (used <= with the old version)
-- Sam Hartman <email address hidden> Mon, 23 Nov 2020 11:53:02 -0500
Available diffs
- diff from 1.17-10ubuntu1 (in Ubuntu) to 1.18.3-4 (1014.7 KiB)
krb5 (1.17-10ubuntu1) hirsute; urgency=medium
* SECURITY UPDATE: Unbounded recursion
- debian/patches/CVE-2020-28196.patch: adds recursion limit for ASN.1
indefinite lengths in src/lib/krb5/asn.1/asn1_encode.c.
- CVE-2020-28196
-- <email address hidden> (Leonidas S. Barbosa) Wed, 11 Nov 2020 11:22:12 -0300
Available diffs
krb5 (1.17-10ubuntu0.1) groovy-security; urgency=medium
* SECURITY UPDATE: Unbounded recursion
- debian/patches/CVE-2020-28196.patch: adds recursion limit for ASN.1
indefinite lenghts in src/lib/krb5/asn.1/asn1_encode.c.
- CVE-2020-28196
-- <email address hidden> (Leonidas S. Barbosa) Wed, 11 Nov 2020 11:22:52 -0300
Available diffs
krb5 (1.16-2ubuntu0.2) bionic-security; urgency=medium
* SECURITY UPDATE: Unbounded recursion
- debian/patches/CVE-2020-28196.patch: adds recursion limit for ASN.1
indefinite lenghts in src/lib/krb5/asn.1/asn1_encode.c.
- CVE-2020-28196
-- <email address hidden> (Leonidas S. Barbosa) Wed, 11 Nov 2020 11:23:49 -0300
Available diffs
krb5 (1.13.2+dfsg-5ubuntu2.2) xenial-security; urgency=medium
* SECURITY UPDATE: Unbounded recursion
- debian/patches/CVE-2020-28196.patch: adds recursion limit for ASN.1
indefinite lenghts in src/lib/krb5/asn.1/asn1_encode.c.
- CVE-2020-28196
-- <email address hidden> (Leonidas S. Barbosa) Wed, 11 Nov 2020 11:24:12 -0300
Available diffs
krb5 (1.17-6ubuntu4.1) focal-security; urgency=medium
* SECURITY UPDATE: Unbounded recursion
- debian/patches/CVE-2020-28196.patch: adds recursion limit for ASN.1
indefinite lenghts in src/lib/krb5/asn.1/asn1_encode.c.
- CVE-2020-28196
-- <email address hidden> (Leonidas S. Barbosa) Wed, 11 Nov 2020 11:23:12 -0300
Available diffs
| Superseded in hirsute-release |
| Obsolete in groovy-release |
| Deleted in groovy-proposed (Reason: moved to Release) |
krb5 (1.17-10) unstable; urgency=low * Also set localstatedir to be consistent with old builds, Closes: #962522 * Include journalctl dump from krb5kdc tests so we can figure out why ppc tests are breaking. -- Sam Hartman <email address hidden> Tue, 09 Jun 2020 09:52:34 -0400
Available diffs
| Superseded in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
krb5 (1.17-6ubuntu4) focal; urgency=medium * No-change rebuild with fixed binutils on arm64. -- Matthias Klose <email address hidden> Sat, 08 Feb 2020 11:05:44 +0000
Available diffs
- diff from 1.17-6ubuntu3 to 1.17-6ubuntu4 (335 bytes)
krb5 (1.17-6ubuntu3) focal; urgency=medium
* d/p/1000-doc-tools-py3.patch, d/rules, d/control: use python3 for
doc building (LP: #1858496)
-- Andreas Hasenack <email address hidden> Thu, 09 Jan 2020 11:11:49 -0300
Available diffs
| Superseded in focal-proposed |
krb5 (1.17-6ubuntu2) focal; urgency=medium * Build-depend on python2. -- Dimitri John Ledkov <email address hidden> Thu, 09 Jan 2020 03:08:25 +0000
Available diffs
- diff from 1.17-6ubuntu1 to 1.17-6ubuntu2 (805 bytes)
| Superseded in focal-proposed |
krb5 (1.17-6ubuntu1) focal; urgency=medium
* d/control: add "Multi-Arch: foreign" to allow krb5-doc to be used as
a dependency of architecture-dependent packages. In particular, this
lets krb5-doc:i386 be installed on an amd64 host. See
https://lists.ubuntu.com/archives/ubuntu-devel/2019-December/040859.html
for details.
-- Andreas Hasenack <email address hidden> Mon, 06 Jan 2020 16:24:39 -0300
Available diffs
- diff from 1.17-6 (in Debian) to 1.17-6ubuntu1 (854 bytes)
| Superseded in focal-release |
| Obsolete in eoan-release |
| Deleted in eoan-proposed (Reason: moved to release) |
krb5 (1.17-6) unstable; urgency=medium
* Stop depending on texlive-generic-extra, which is no longer built,
Closes: #933286
-- Sam Hartman <email address hidden> Thu, 01 Aug 2019 14:15:13 -0400
Available diffs
- diff from 1.17-5 to 1.17-6 (621 bytes)
krb5 (1.17-5) unstable; urgency=high
* Upstream patch to filter invalid enctypes when nfs calls to indicate
which enctypes it supports, Closes: #932000
* Do not error out if a keytab includes a single-des enctype, Closes:
#932132
-- Sam Hartman <email address hidden> Wed, 17 Jul 2019 09:20:27 -0400
Available diffs
- diff from 1.17-4 to 1.17-5 (2.3 KiB)
krb5 (1.17-4) unstable; urgency=low
* Remove single DES support entirely; it has been deprecated for a
number of years and is going away in 1.18. We want to find out now
any debian problems.
* Migrate from git-dpm to git-debrebase; it truly is better. Thanks Ian.
* Add a krb5-user.news for single DES going away
* Remove the old news file across all packages
-- Sam Hartman <email address hidden> Mon, 08 Jul 2019 22:04:39 -0400
Available diffs
- diff from 1.17-3 to 1.17-4 (61.3 KiB)
krb5 (1.17-3) unstable; urgency=medium * Fix memory leak in replay cache type none * Merge in two upstream documentation changes -- Sam Hartman <email address hidden> Tue, 18 Jun 2019 08:00:29 -0400
Available diffs
- diff from 1.17-2 to 1.17-3 (2.6 KiB)
krb5 (1.17-2) unstable; urgency=medium
* Finish removing the run kadmind debconf template which was obsoleted
when the systemd units were installed, LP: #1817376
-- Sam Hartman <email address hidden> Mon, 25 Feb 2019 13:55:57 -0500
Available diffs
- diff from 1.17-1 to 1.17-2 (1019 bytes)
krb5 (1.16-2ubuntu1.1) cosmic-security; urgency=medium
* SECURITY UPDATE: Authenticated kadmin with permission to add principals
to an LDAP Kerberos can DoS or bypass DN container check.
- debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
checking
- CVE-2018-5729
- CVE-2018-5730
-- Eduardo Barretto <email address hidden> Fri, 11 Jan 2019 13:49:38 -0200
Available diffs
krb5 (1.16-2ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Authenticated kadmin with permission to add principals
to an LDAP Kerberos can DoS or bypass DN container check.
- debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
checking
- CVE-2018-5729
- CVE-2018-5730
-- Eduardo Barretto <email address hidden> Fri, 11 Jan 2019 13:48:01 -0200
Available diffs
krb5 (1.13.2+dfsg-5ubuntu2.1) xenial-security; urgency=medium
* SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to
modify a principal
- debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on
empty arg
- CVE-2016-3119
* SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request
- debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon
is restricted
- CVE-2016-3120
* SECURITY UPDATE: KDC assertion failure
- debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status
assertion failures
- debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment
- CVE-2017-11368
* SECURITY UPDATE: Double free vulnerability
- debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept
failure
- CVE-2017-11462
* SECURITY UPDATE: Authenticated kadmin with permission to add principals
to an LDAP Kerberos can DoS or bypass DN container check.
- debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
checking
- CVE-2018-5729
- CVE-2018-5730
-- Eduardo Barretto <email address hidden> Fri, 11 Jan 2019 13:46:00 -0200
Available diffs
| Superseded in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
krb5 (1.17-1) unstable; urgency=low
* New Upstream release
* Don't include all memory ccaches in ccache collection, avoids invalid
mutex, Closes: #918088
* The default path for the KDC database even without a config file is
/var/lib/krb5kdc/principal, Closes: #777579
-- Sam Hartman <email address hidden> Sun, 13 Jan 2019 15:59:40 -0500
Available diffs
- diff from 1.16.2-1 to 1.17-1 (1.2 MiB)
krb5 (1.12+dfsg-2ubuntu5.4) trusty-security; urgency=medium
* SECURITY UPDATE: DoS (out-of-bounds read) via a crafted string
- debian/patches/CVE-2015-8629.patch: Verify decode kadmin C strings
- CVE-2015-8629
* SECURITY UPDATE: DoS (NULL pointer dereference) by specifying KADM5_POLICY
with a NULL policy name
- debian/patches/CVE-2015-8630.patch: Check for null kadm5 policy name
- CVE-2015-8630
* SECURITY UPDATE: DoS (memory consumption) via a request specifying a NULL
principal name
- debian/patches/CVE-2015-8631.patch: Fix leaks in kadmin server stubs
- CVE-2015-8631
* SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to
modify a principal
- debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on
empty arg
- CVE-2016-3119
* SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request
- debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon
is restricted
- CVE-2016-3120
* SECURITY UPDATE: KDC assertion failure
- debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status
assertion failures
- debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment
- CVE-2017-11368
* SECURITY UPDATE: Double free vulnerability
- debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept
failure
- CVE-2017-11462
* SECURITY UPDATE: Authenticated kadmin with permission to add principals
to an LDAP Kerberos can DoS or bypass DN container check.
- debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
checking
- CVE-2018-5729
- CVE-2018-5730
-- Eduardo Barretto <email address hidden> Wed, 09 Jan 2019 14:01:22 -0200
Available diffs
krb5 (1.16.2-1) unstable; urgency=medium
[ Ondřej Nový ]
* d/changelog: Remove trailing whitespaces
* d/control: Remove trailing whitespaces
* d/rules: Remove trailing whitespaces
[ Sam Hartman ]
* New Upstream version, Closes: #915780
* CVE-2018-20217: Incorrect KDC assertion leading to denial of service,
Closes: #917387
* Fix typo in tests
-- Sam Hartman <email address hidden> Mon, 31 Dec 2018 15:25:16 -0500
Available diffs
krb5 (1.16.1-1ubuntu1) disco; urgency=medium
* Merge with Debian unstable.
* Dropped:
- Add DEP8 tests (LP #1677881):
+ d/t/util: common functions used in the tests
+ d/t/control, d/t/kinit: simple kinit test
+ d/t/control, d/t/slapd-gssapi: DEP8 test for service principals
[Adopted in 1.16.1-1]
* Added:
- d/t/util: fix typo
Available diffs
- diff from 1.16-2ubuntu1 to 1.16.1-1ubuntu1 (243.1 KiB)
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Deleted in cosmic-proposed (Reason: moved to release) |
krb5 (1.16-2ubuntu1) cosmic; urgency=medium * Add DEP8 tests (LP: #1677881): - d/t/util: common functions used in the tests - d/t/control, d/t/kinit: simple kinit test - d/t/control, d/t/slapd-gssapi: DEP8 test for service principals -- Andreas Hasenack <email address hidden> Fri, 06 Jul 2018 15:39:44 -0300
Available diffs
- diff from 1.16-2build1 to 1.16-2ubuntu1 (1.9 KiB)
| Superseded in cosmic-release |
| Published in bionic-release |
| Deleted in bionic-proposed (Reason: moved to release) |
krb5 (1.16-2build1) bionic; urgency=high * No change rebuild against openssl1.1. -- Dimitri John Ledkov <email address hidden> Mon, 05 Feb 2018 16:50:17 +0000
Available diffs
- diff from 1.16-2 (in Debian) to 1.16-2build1 (634 bytes)
krb5 (1.16-2) unstable; urgency=medium
* Update location of packaging GIT repository
* krb5-config was incorrectly changed to include the multiarch tripple
in include paths. However, our include files are not architecture
specific; fix krb5-config to not include a multiarch tripple in
include paths, Closes: #887810
-- Sam Hartman <email address hidden> Sat, 20 Jan 2018 11:02:57 -0500
Available diffs
- diff from 1.15.1-2 to 1.16-2 (729.7 KiB)
- diff from 1.16-1 to 1.16-2 (2.1 KiB)
krb5 (1.16-1) unstable; urgency=medium
* New Upstream Version, Closes: #884490
- libkdb5 soname is now 9
* Note that we break moonshot-gss-eap less than 1.0.1. In particular
because /etc/gss/mech.d/README is no longer installed,
moonshot-gss-eap will drop a stray file in /usr/etc.
* make krb5-config identical on all architectures and make
krb5-multidev and libkrb5-dev multiarch installable; solution based on
discussion with Hugh McMaster, Closes: #881597
-- Sam Hartman <email address hidden> Thu, 04 Jan 2018 10:29:06 -0500
Available diffs
- diff from 1.15.2-2 to 1.16-1 (723.2 KiB)
krb5 (1.15.2-2) unstable; urgency=medium
* Apply upstream patch removing a fixed-size buffer in PKINIT client code,
Closes: #871698
-- Benjamin Kaduk <email address hidden> Sat, 28 Oct 2017 18:09:28 -0500
| Superseded in bionic-release |
| Obsolete in artful-release |
| Deleted in artful-proposed (Reason: moved to release) |
krb5 (1.15.1-2) unstable; urgency=high
* Depend on libsasl2-dev for LDAP SASL authentication, Thanks Hideki
Yamane, Closes: #868035
* Remove /etc/gss/mech.d/README on libgssapi-krb5-2 purge, Closes: #868121
* CVE-2017-11368: Remote authenticated attackers can crash the KDC,
Closes: #869260
* Set Restart=on-abnormal in krb5-kdc.service and krb5-admind.service to
minimize the impact of future DOS bugs.
-- Sam Hartman <email address hidden> Sun, 23 Jul 2017 14:16:38 -0400
Available diffs
- diff from 1.15.1-1 to 1.15.1-2 (2.8 KiB)
krb5 (1.15.1-1) unstable; urgency=medium
* New Upstream Version
- Samba wants this, Closes: #861651
* Include krb5-otp tmpfile for freeipa, Closes: #859243
* Move doxygen to build-indep, Closes: #754139
* For stage1 builds, skip LDAP, based on patch by Johannes Schauer and
Peter Pentchev, Closes: #752407
* Annotate control file for stage1 without ldap, Closes: #752409
* Remove /etc/gss/mech.d/README, Closes: #861218
-- Sam Hartman <email address hidden> Sun, 09 Jul 2017 14:38:55 -0400
Available diffs
- diff from 1.15-2 to 1.15.1-1 (256.7 KiB)
krb5 (1.15-1ubuntu0.1) zesty; urgency=medium
* Pulled in Debian fixes from Sam Hartman for:
- kinit fails for OTP user when using kdc discovery via DNS
(LP: #1683237)
- KDC/kadmind explicit wildcard listener addresses do not use pktinfo
(LP: #1688121)
- KDC/kadmind may fail to start on IPv4-only systems (LP: #1688310)
-- Andreas Hasenack <email address hidden> Fri, 05 May 2017 14:05:38 +0000
Available diffs
krb5 (1.15-2) experimental; urgency=medium
* Upstream patches to fix startup if getaddrinfo() returns a wildcard v6
address, and to fix handling of explicitly specified v4 wildcard
address; regression over previous versions, Closes: #860767
* Fix SRV lookups to respect udp_preference_limit, regression over
previous versions with OTP, Closes: #856307
-- Sam Hartman <email address hidden> Wed, 19 Apr 2017 16:50:01 -0400
Available diffs
- diff from 1.15-1 to 1.15-2 (6.0 KiB)
krb5 (1.13.2+dfsg-5ubuntu2) xenial; urgency=medium * Fix segfault in context_handle (LP: #1648901). - d/p/check_internal_context_on_init_context_errors.patch: Cherry picked patch from upstream VCS. -- Eric Desrochers <email address hidden> Mon, 16 Jan 2017 15:06:57 +0100
Available diffs
| Superseded in artful-release |
| Obsolete in zesty-release |
| Deleted in zesty-proposed (Reason: moved to release) |
krb5 (1.15-1) unstable; urgency=medium
[ Benjamin Kaduk ]
* New upstream version
- Make zap() more reliable and use it more consistently; the
previous version could be optimized out by gcc 5.1 or later
- Update license statement in ccapi/common/win/OldCC/autolock.hxx,
Closes: #846088
* Update Debian-HURD-compatibility.patch, Closes: #845381
* Bump debhelper compat level to 9
[ Sam Hartman ]
* Actually build and ship German translations, Closes: #842497
-- Benjamin Kaduk <email address hidden> Sun, 04 Dec 2016 15:37:57 -0500
Available diffs
- diff from 1.15~beta1-1 to 1.15-1 (239.3 KiB)
krb5 (1.12+dfsg-2ubuntu5.3) trusty; urgency=medium
* d/p/upstream/0001-Add-SPNEGO-special-case-for-NTLMSSP-MechListMIC.patch:
Cherry-pick from upstream to add SPNEGO special case for
NTLMSSP+MechListMIC. LP: #1643708.
-- Steve Langasek <email address hidden> Mon, 21 Nov 2016 18:14:47 -0800
Available diffs
krb5 (1.13.2+dfsg-5ubuntu1) xenial; urgency=medium
* d/p/upstream/0001-Add-SPNEGO-special-case-for-NTLMSSP-MechListMIC.patch:
Cherry-pick from upstream to add SPNEGO special case for
NTLMSSP+MechListMIC. LP: #1643708.
-- Steve Langasek <email address hidden> Mon, 21 Nov 2016 17:28:15 -0800
Available diffs
krb5 (1.14.3+dfsg-2ubuntu1) yakkety; urgency=medium
* d/p/upstream/0001-Add-SPNEGO-special-case-for-NTLMSSP-MechListMIC.patch:
Cherry-pick from upstream to add SPNEGO special case for
NTLMSSP+MechListMIC. LP: #1643708.
-- Steve Langasek <email address hidden> Mon, 21 Nov 2016 17:01:33 -0800
Available diffs
krb5 (1.15~beta1-1) unstable; urgency=low
[ Benjamin Kaduk ]
* New upstream version
- Upstream's tarball is now DFSG-free
- Builds against openssl 1.1.0, Closes: #828369
- Add support for the AES-SHA2 enctypes
- Add support to kadmin for remote extraction of current keys
and principal attributes to prevent such extraction
- Add DNS auto-discovery using URI records in addition to SRV records
- Improve LDAP backend to contain some features previously only
present in the BDB backend
- Use the getrandom system call on supported Linux kernels
- Use SHA256 instead of MD5 for hashing authenticators in the replay cache
* The symbol gssrpc_svcauth_gss_creds was removed upstream from
libgssrpc; no soname bump because this is an internal API never in a
public header
[ Sam Hartman ]
* Update standards version to 3.9.8
-- Benjamin Kaduk <email address hidden> Wed, 02 Nov 2016 00:12:46 -0400
Available diffs
- diff from 1.14.3+dfsg-2 to 1.15~beta1-1 (3.4 MiB)
| Superseded in zesty-release |
| Obsolete in yakkety-release |
| Deleted in yakkety-proposed (Reason: moved to release) |
krb5 (1.14.3+dfsg-2) UNRELEASED; urgency=medium
* Fix gcc -O3, thanks Ben Kaduk/Steve Langasek, Closes: #833798
* Fix kdb5_util create on 32-bit platforms, thanks Greg Hudson, Closes:
#834035
-- Sam Hartman <email address hidden> Mon, 05 Sep 2016 21:03:14 -0400
Available diffs
krb5 (1.14.3+dfsg-1ubuntu1) yakkety; urgency=low
* Merge from Debian unstable. Remaining changes:
- Fix uninitialized variable warning on ppc64el.
Available diffs
krb5 (1.14.2+dfsg-1ubuntu1) yakkety; urgency=medium * Fix uninitialized variable warning on ppc64el (LP: #1592841). Thanks to Sam Hartman for the preliminary patch. -- Steve Langasek <email address hidden> Wed, 16 Jun 2016 08:58:08 +0300
Available diffs
| Superseded in yakkety-proposed |
krb5 (1.14.2+dfsg-1) unstable; urgency=low
* New upstream version
- Includes fix for CVE-2016-3119: remote DOS with ldap for
authenticated attackers, Closes: #819468
* Fix short descriptions capitalization, Thanks Laura Arjona Reina,
Closes: #821021
* New German translation, Thanks Chris Leick, Closes: #816548
-- Sam Hartman <email address hidden> Mon, 30 May 2016 13:12:02 -0400
| Superseded in yakkety-release |
| Published in xenial-release |
| Deleted in xenial-proposed (Reason: moved to release) |
krb5 (1.13.2+dfsg-5) unstable; urgency=high
* Security Update
* Verify decoded kadmin C strings [CVE-2015-8629]
CVE-2015-8629: An authenticated attacker can cause kadmind to read
beyond the end of allocated memory by sending a string without a
terminating zero byte. Information leakage may be possible for an
attacker with permission to modify the database. (Closes: #813296)
* Check for null kadm5 policy name [CVE-2015-8630]
CVE-2015-8630: An authenticated attacker with permission to modify a
principal entry can cause kadmind to dereference a null pointer by
supplying a null policy value but including KADM5_POLICY in the mask.
(Closes: #813127)
* Fix leaks in kadmin server stubs [CVE-2015-8631]
CVE-2015-8631: An authenticated attacker can cause kadmind to leak
memory by supplying a null principal name in a request which uses one.
Repeating these requests will eventually cause kadmind to exhaust all
available memory. (Closes: #813126)
-- Sam Hartman <email address hidden> Tue, 23 Feb 2016 08:54:09 -0500
Available diffs
- diff from 1.13.2+dfsg-4 to 1.13.2+dfsg-5 (4.3 KiB)
| 1 → 75 of 251 results | First • Previous • Next • Last |
