Change log for krb5 package in Ubuntu
1 → 75 of 251 results | First • Previous • Next • Last |
Published in oracular-proposed |
Published in oracular-release |
Published in noble-release |
Deleted in noble-proposed (Reason: moved to release) |
krb5 (1.20.1-6ubuntu2) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 07:42:10 +0000
Available diffs
- diff from 1.20.1-6ubuntu1 to 1.20.1-6ubuntu2 (639 bytes)
krb5 (1.20.1-6ubuntu1) noble; urgency=medium * Fix tests with Python 3.12. -- Matthias Klose <email address hidden> Sun, 24 Mar 2024 12:51:41 +0100
Available diffs
Superseded in noble-proposed |
krb5 (1.20.1-5.1ubuntu1) noble; urgency=medium * d/control: Change the krb5-kdc dependencies to use t64-suffixed libraries. -- Zixing Liu <email address hidden> Thu, 21 Mar 2024 14:02:29 -0600
Available diffs
- diff from 1.20.1-5.1build3 to 1.20.1-5.1ubuntu1 (505 bytes)
Superseded in noble-proposed |
krb5 (1.20.1-5.1build3) noble; urgency=medium * No-change rebuild against libcom-err2 -- Steve Langasek <email address hidden> Tue, 12 Mar 2024 20:33:15 +0000
Available diffs
krb5 (1.20.1-6) unstable; urgency=medium * Fix up libverto1*->libverto1*t64, Closes: #1065702 -- Sam Hartman <email address hidden> Sun, 10 Mar 2024 19:36:33 -0600
Available diffs
Superseded in noble-proposed |
krb5 (1.20.1-5.1build2) noble; urgency=medium * No-change rebuild for soname changes in dependencies. * Disable tests for a first build. -- Matthias Klose <email address hidden> Mon, 04 Mar 2024 12:31:39 +0100
Available diffs
- diff from 1.20.1-5.1 (in Debian) to 1.20.1-5.1build2 (462 bytes)
- diff from 1.20.1-5.1build1 to 1.20.1-5.1build2 (443 bytes)
Superseded in noble-proposed |
krb5 (1.20.1-5.1) unstable; urgency=medium * Non-maintainer upload. * Rename libraries for 64-bit time_t transition. Closes: #1064164 -- Lukas Märdian <email address hidden> Wed, 28 Feb 2024 15:25:37 +0000
Available diffs
Deleted in noble-updates (Reason: superseded by release) |
Superseded in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
krb5 (1.20.1-5build1) noble; urgency=medium * Rebuild against 'armhf -fstack-clash-protection breakage rebuild with fixed dpkg'. -- Gianfranco Costamagna <email address hidden> Fri, 24 Nov 2023 07:50:57 +0100
Available diffs
- diff from 1.20.1-3ubuntu1 to 1.20.1-5build1 (9.5 KiB)
- diff from 1.20.1-5 (in Debian) to 1.20.1-5build1 (346 bytes)
krb5 (1.20.1-1ubuntu0.1) lunar-security; urgency=medium * SECURITY UPDATE: freeing of uninitialized memory - debian/patches/CVE-2023-36054.patch: ensure array count consistency in kadm5 RPC. - CVE-2023-36054 -- Camila Camargo de Matos <email address hidden> Tue, 24 Oct 2023 14:00:59 -0300
Available diffs
krb5 (1.19.2-2ubuntu0.3) jammy-security; urgency=medium * SECURITY UPDATE: freeing of uninitialized memory - debian/patches/CVE-2023-36054.patch: ensure array count consistency in kadm5 RPC. - CVE-2023-36054 -- Camila Camargo de Matos <email address hidden> Tue, 24 Oct 2023 13:59:06 -0300
Available diffs
krb5 (1.17-6ubuntu4.4) focal-security; urgency=medium * SECURITY UPDATE: freeing of uninitialized memory - debian/patches/CVE-2023-36054.patch: ensure array count consistency in kadm5 RPC. - CVE-2023-36054 -- Camila Camargo de Matos <email address hidden> Tue, 24 Oct 2023 13:53:43 -0300
Available diffs
krb5 (1.20.1-5) unstable; urgency=medium [ Helmut Grohne ] * Annotate test dependencies <!nocheck>. (Closes: #1054461) [ Sam Hartman ] * Fix keyutils to be linux-any -- Helmut Grohne <email address hidden> Tue, 24 Oct 2023 07:17:27 +0200
Superseded in noble-release |
Published in mantic-release |
Deleted in mantic-proposed (Reason: Moved to mantic) |
krb5 (1.20.1-3ubuntu1) mantic; urgency=medium * Make krb5int_strl(cat|copy) optional symbols, since they are not needed when built against glibc 2.38. Closes: #1043184. * Declare Breaks: against older packages using these symbols. * Make dependencies on libkrb5support0 strict to avoid future symbol skew. -- Steve Langasek <email address hidden> Thu, 24 Aug 2023 18:07:33 +0000
Available diffs
krb5 (1.20.1-3) unstable; urgency=high * Fixes CVE-2023-36054: a remote authenticated attacker can cause kadmind to free an uninitialized pointer. Upstream believes remote code execusion is unlikely, Closes: #1043431 -- Sam Hartman <email address hidden> Mon, 14 Aug 2023 14:06:53 -0600
Available diffs
- diff from 1.20.1-2 to 1.20.1-3 (1.4 KiB)
krb5 (1.20.1-2) unstable; urgency=medium * Tighten dependencies on libkrb5support0. This means that the entire upgrade from bullseye to bookworm needs to be lockstep, but it appears that's what is required, Closes: #1036055 -- Sam Hartman <email address hidden> Mon, 15 May 2023 17:44:41 -0600
Available diffs
- diff from 1.20.1-1build1 (in Ubuntu) to 1.20.1-2 (948 bytes)
krb5 (1.19.2-2ubuntu0.2) jammy; urgency=medium * d/kdc.conf: Do not specify master key type to avoid weak crypto for new realms. Existing realms will not be changed. (LP: #1981697) -- Andreas Hasenack <email address hidden> Thu, 06 Apr 2023 19:21:06 -0300
Available diffs
krb5 (1.16-2ubuntu0.4) bionic-security; urgency=medium * SECURITY UPDATE: Null pointer dereference issue - debian/patches/CVE-2021-36222.patch: Fix KDC null deref on bad encrypted challenge - debian/patches/CVE-2021-37750.patch: Fix KDC null deref on TGS inner body null server - CVE-2021-36222 - CVE-2021-37750 -- Nishit Majithia <email address hidden> Wed, 15 Mar 2023 19:38:38 +0530
Available diffs
krb5 (1.17-6ubuntu4.3) focal-security; urgency=medium * SECURITY UPDATE: Null pointer dereference issue - debian/patches/CVE-2021-36222.patch: Fix KDC null deref on bad encrypted challenge - debian/patches/CVE-2021-37750.patch: Fix KDC null deref on TGS inner body null server - CVE-2021-36222 - CVE-2021-37750 -- Nishit Majithia <email address hidden> Wed, 15 Mar 2023 19:47:40 +0530
Available diffs
krb5 (1.16-2ubuntu0.3) bionic-security; urgency=medium * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-42898.patch: add buffer length checks in krb5_pac_parse() in src/lib/krb5/krb/pac.c and a test case for invalid buffers in src/lib/krb5/krb/t_pac.c. - CVE-2022-42898 * SECURITY UPDATE: DoS (crash) the KDC by making an S4U2Self request - debian/patches/CVE-2018-20217-1.patch: Ignore password attributes for S4U2Self requests. - debian/patches/CVE-2018-20217-2.patch: remove incorrect KDC assertion. - CVE-2018-20217 -- Rodrigo Figueiredo Zaiden <email address hidden> Fri, 20 Jan 2023 07:37:35 -0300
Available diffs
krb5 (1.17-6ubuntu4.2) focal-security; urgency=medium * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-42898.patch: add buffer length checks in krb5_pac_parse() in src/lib/krb5/krb/pac.c and a test case for invalid buffers in src/lib/krb5/krb/t_pac.c. - CVE-2022-42898 -- Rodrigo Figueiredo Zaiden <email address hidden> Fri, 20 Jan 2023 08:14:35 -0300
Available diffs
krb5 (1.19.2-2ubuntu0.1) jammy-security; urgency=medium * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-42898.patch: add buffer length checks in krb5_pac_parse() in src/lib/krb5/krb/pac.c and a test case for invalid buffers in src/lib/krb5/krb/t_pac.c. - CVE-2022-42898 -- Rodrigo Figueiredo Zaiden <email address hidden> Fri, 20 Jan 2023 08:34:37 -0300
Available diffs
krb5 (1.20-1ubuntu0.1) kinetic-security; urgency=medium * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-42898.patch: add buffer length checks in krb5_pac_parse() in src/lib/krb5/krb/pac.c and a test case for invalid buffers in src/lib/krb5/krb/t_pac.c. - CVE-2022-42898 -- Rodrigo Figueiredo Zaiden <email address hidden> Fri, 20 Jan 2023 09:03:36 -0300
Available diffs
Superseded in mantic-release |
Published in lunar-release |
Deleted in lunar-proposed (Reason: Moved to lunar) |
krb5 (1.20.1-1build1) lunar; urgency=medium * No-change rebuild against libldap-2 -- Steve Langasek <email address hidden> Thu, 15 Dec 2022 19:49:24 +0000
Available diffs
- diff from 1.20.1-1 (in Debian) to 1.20.1-1build1 (613 bytes)
krb5 (1.20.1-1) unstable; urgency=high [ Bastian Germann ] * Sync debian/copyright with NOTICE from upstream [ Debian Janitor ] * Trim trailing whitespace. * Strip unusual field spacing from debian/control. * Use secure URI in Homepage field. * Merge upstream signing key files. * Update renamed lintian tag names in lintian overrides. * Update standards version to 4.6.1, no changes needed. * Remove field Section on binary package krb5-gss-samples that duplicates source. * Fix field name cases in debian/control (VCS-Browser => Vcs-Browser, VCS-Git => Vcs-Git). [ Sam Hartman ] * New upstream release - Integer overflows in PAC parsing; potentially critical for 32-bit KDCs or when cross-realm acts maliciously; DOS in other conditions; CVE-2022-42898, Closes: #1024267 * Tighten version dependencies around crypto library, Closes: 1020424 * krb5-user reccomends rather than Depends on krb5-config. This avoids a hard dependency on bind9-host, but also supports cases where krb5-config is externally managed, Closes: #1005821 -- Sam Hartman <email address hidden> Thu, 17 Nov 2022 10:34:28 -0700
Available diffs
- diff from 1.20-1 to 1.20.1-1 (255.2 KiB)
Superseded in lunar-release |
Obsolete in kinetic-release |
Deleted in kinetic-proposed (Reason: Moved to kinetic) |
krb5 (1.20-1) unstable; urgency=medium * New Upstream Version * Do not specify master key type to avoid weak crypto, Closes: #1009927 -- Sam Hartman <email address hidden> Fri, 22 Jul 2022 16:32:38 -0600
Available diffs
- diff from 1.19.2-2 to 1.20-1 (732.5 KiB)
Superseded in kinetic-release |
Published in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
krb5 (1.19.2-2) unstable; urgency=medium * Standards version 4.6.0; no change * kpropd: run after network.target, Closes: #948820 * krb5-kdc: Remove /var from PidFile, Closes: #982009 -- Sam Hartman <email address hidden> Mon, 21 Feb 2022 13:05:20 -0700
Available diffs
- diff from 1.19.2-1 to 1.19.2-2 (1.1 KiB)
krb5 (1.19.2-1) experimental; urgency=medium * New Upstream version * Include patch to work with OpenSSL 3.0, Closes: #995152 * Depend on tex-gyre, Closes: #997407 -- Sam Hartman <email address hidden> Wed, 27 Oct 2021 14:04:42 -0600
Available diffs
krb5 (1.19.2-0ubuntu1) jammy; urgency=medium [ Sam Hartman ] * New Upstream version * Depend on tex-gyre, Closes: #997407 [Simon Chopin] * d/p/0012-Fix-softpkcs11-build-issues-with-openssl-3.0.patch: Cherry-picked from upstream master to fix OpenSSL3 build. Closes: #995152, LP: #1945795 -- Simon Chopin <email address hidden> Tue, 30 Nov 2021 10:54:17 +0100
Available diffs
krb5 (1.18.3-7) unstable; urgency=medium * Fix KDC null dereference crash on FAST request with no server field, CVE-2021-37750, Closes: #992607 * Fix memory leak in krb5_gss_inquire_cred, Closes: #991140 * Add javascript libraries for docs, thanks Andreas Beckmann, Closes: #988743 * Drop build-dependency on libncurses5-dev which hasn't been needed since krb5-appl was removed, Closes: #981161 -- Sam Hartman <email address hidden> Fri, 27 Aug 2021 08:13:47 -0600
Available diffs
- diff from 1.18.3-6 to 1.18.3-7 (2.5 KiB)
Superseded in jammy-release |
Obsolete in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
krb5 (1.18.3-6) unstable; urgency=high * Pull in upstream patch to fix CVE-2021-36222 (KDC NULL dereference), Closes: #991365 -- Benjamin Kaduk <email address hidden> Wed, 21 Jul 2021 11:07:07 -0700
Available diffs
krb5 (1.18.3-5build1) impish; urgency=medium * No-change rebuild due to OpenLDAP soname bump. -- Sergio Durigan Junior <email address hidden> Mon, 21 Jun 2021 17:49:26 -0400
Available diffs
- diff from 1.18.3-5 (in Debian) to 1.18.3-5build1 (359 bytes)
krb5 (1.18.3-5) unstable; urgency=medium * Update breaks on libk5crypto3 toward other internal libraries because of removed internal symbols, Closes: #985739 -- Sam Hartman <email address hidden> Sun, 28 Mar 2021 13:43:01 -0400
Available diffs
- diff from 1.18.3-4 to 1.18.3-5 (494 bytes)
Superseded in impish-release |
Obsolete in hirsute-release |
Deleted in hirsute-proposed (Reason: moved to Release) |
krb5 (1.18.3-4) unstable; urgency=medium * Sigh, either use <= with the old version in the libapache-mod-auth-kerb constraint or << with the new version. <= with the new version is no good. (used <= with the old version) -- Sam Hartman <email address hidden> Mon, 23 Nov 2020 11:53:02 -0500
Available diffs
- diff from 1.17-10ubuntu1 (in Ubuntu) to 1.18.3-4 (1014.7 KiB)
krb5 (1.17-10ubuntu1) hirsute; urgency=medium * SECURITY UPDATE: Unbounded recursion - debian/patches/CVE-2020-28196.patch: adds recursion limit for ASN.1 indefinite lengths in src/lib/krb5/asn.1/asn1_encode.c. - CVE-2020-28196 -- <email address hidden> (Leonidas S. Barbosa) Wed, 11 Nov 2020 11:22:12 -0300
Available diffs
krb5 (1.17-10ubuntu0.1) groovy-security; urgency=medium * SECURITY UPDATE: Unbounded recursion - debian/patches/CVE-2020-28196.patch: adds recursion limit for ASN.1 indefinite lenghts in src/lib/krb5/asn.1/asn1_encode.c. - CVE-2020-28196 -- <email address hidden> (Leonidas S. Barbosa) Wed, 11 Nov 2020 11:22:52 -0300
Available diffs
krb5 (1.16-2ubuntu0.2) bionic-security; urgency=medium * SECURITY UPDATE: Unbounded recursion - debian/patches/CVE-2020-28196.patch: adds recursion limit for ASN.1 indefinite lenghts in src/lib/krb5/asn.1/asn1_encode.c. - CVE-2020-28196 -- <email address hidden> (Leonidas S. Barbosa) Wed, 11 Nov 2020 11:23:49 -0300
Available diffs
krb5 (1.13.2+dfsg-5ubuntu2.2) xenial-security; urgency=medium * SECURITY UPDATE: Unbounded recursion - debian/patches/CVE-2020-28196.patch: adds recursion limit for ASN.1 indefinite lenghts in src/lib/krb5/asn.1/asn1_encode.c. - CVE-2020-28196 -- <email address hidden> (Leonidas S. Barbosa) Wed, 11 Nov 2020 11:24:12 -0300
Available diffs
krb5 (1.17-6ubuntu4.1) focal-security; urgency=medium * SECURITY UPDATE: Unbounded recursion - debian/patches/CVE-2020-28196.patch: adds recursion limit for ASN.1 indefinite lenghts in src/lib/krb5/asn.1/asn1_encode.c. - CVE-2020-28196 -- <email address hidden> (Leonidas S. Barbosa) Wed, 11 Nov 2020 11:23:12 -0300
Available diffs
Superseded in hirsute-release |
Obsolete in groovy-release |
Deleted in groovy-proposed (Reason: moved to Release) |
krb5 (1.17-10) unstable; urgency=low * Also set localstatedir to be consistent with old builds, Closes: #962522 * Include journalctl dump from krb5kdc tests so we can figure out why ppc tests are breaking. -- Sam Hartman <email address hidden> Tue, 09 Jun 2020 09:52:34 -0400
Available diffs
Superseded in groovy-release |
Published in focal-release |
Deleted in focal-proposed (Reason: moved to Release) |
krb5 (1.17-6ubuntu4) focal; urgency=medium * No-change rebuild with fixed binutils on arm64. -- Matthias Klose <email address hidden> Sat, 08 Feb 2020 11:05:44 +0000
Available diffs
- diff from 1.17-6ubuntu3 to 1.17-6ubuntu4 (335 bytes)
krb5 (1.17-6ubuntu3) focal; urgency=medium * d/p/1000-doc-tools-py3.patch, d/rules, d/control: use python3 for doc building (LP: #1858496) -- Andreas Hasenack <email address hidden> Thu, 09 Jan 2020 11:11:49 -0300
Available diffs
Superseded in focal-proposed |
krb5 (1.17-6ubuntu2) focal; urgency=medium * Build-depend on python2. -- Dimitri John Ledkov <email address hidden> Thu, 09 Jan 2020 03:08:25 +0000
Available diffs
- diff from 1.17-6ubuntu1 to 1.17-6ubuntu2 (805 bytes)
Superseded in focal-proposed |
krb5 (1.17-6ubuntu1) focal; urgency=medium * d/control: add "Multi-Arch: foreign" to allow krb5-doc to be used as a dependency of architecture-dependent packages. In particular, this lets krb5-doc:i386 be installed on an amd64 host. See https://lists.ubuntu.com/archives/ubuntu-devel/2019-December/040859.html for details. -- Andreas Hasenack <email address hidden> Mon, 06 Jan 2020 16:24:39 -0300
Available diffs
- diff from 1.17-6 (in Debian) to 1.17-6ubuntu1 (854 bytes)
Superseded in focal-release |
Obsolete in eoan-release |
Deleted in eoan-proposed (Reason: moved to release) |
krb5 (1.17-6) unstable; urgency=medium * Stop depending on texlive-generic-extra, which is no longer built, Closes: #933286 -- Sam Hartman <email address hidden> Thu, 01 Aug 2019 14:15:13 -0400
Available diffs
- diff from 1.17-5 to 1.17-6 (621 bytes)
krb5 (1.17-5) unstable; urgency=high * Upstream patch to filter invalid enctypes when nfs calls to indicate which enctypes it supports, Closes: #932000 * Do not error out if a keytab includes a single-des enctype, Closes: #932132 -- Sam Hartman <email address hidden> Wed, 17 Jul 2019 09:20:27 -0400
Available diffs
- diff from 1.17-4 to 1.17-5 (2.3 KiB)
krb5 (1.17-4) unstable; urgency=low * Remove single DES support entirely; it has been deprecated for a number of years and is going away in 1.18. We want to find out now any debian problems. * Migrate from git-dpm to git-debrebase; it truly is better. Thanks Ian. * Add a krb5-user.news for single DES going away * Remove the old news file across all packages -- Sam Hartman <email address hidden> Mon, 08 Jul 2019 22:04:39 -0400
Available diffs
- diff from 1.17-3 to 1.17-4 (61.3 KiB)
krb5 (1.17-3) unstable; urgency=medium * Fix memory leak in replay cache type none * Merge in two upstream documentation changes -- Sam Hartman <email address hidden> Tue, 18 Jun 2019 08:00:29 -0400
Available diffs
- diff from 1.17-2 to 1.17-3 (2.6 KiB)
krb5 (1.17-2) unstable; urgency=medium * Finish removing the run kadmind debconf template which was obsoleted when the systemd units were installed, LP: #1817376 -- Sam Hartman <email address hidden> Mon, 25 Feb 2019 13:55:57 -0500
Available diffs
- diff from 1.17-1 to 1.17-2 (1019 bytes)
krb5 (1.16-2ubuntu1.1) cosmic-security; urgency=medium * SECURITY UPDATE: Authenticated kadmin with permission to add principals to an LDAP Kerberos can DoS or bypass DN container check. - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN checking - CVE-2018-5729 - CVE-2018-5730 -- Eduardo Barretto <email address hidden> Fri, 11 Jan 2019 13:49:38 -0200
Available diffs
krb5 (1.16-2ubuntu0.1) bionic-security; urgency=medium * SECURITY UPDATE: Authenticated kadmin with permission to add principals to an LDAP Kerberos can DoS or bypass DN container check. - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN checking - CVE-2018-5729 - CVE-2018-5730 -- Eduardo Barretto <email address hidden> Fri, 11 Jan 2019 13:48:01 -0200
Available diffs
krb5 (1.13.2+dfsg-5ubuntu2.1) xenial-security; urgency=medium * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to modify a principal - debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on empty arg - CVE-2016-3119 * SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request - debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon is restricted - CVE-2016-3120 * SECURITY UPDATE: KDC assertion failure - debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status assertion failures - debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment - CVE-2017-11368 * SECURITY UPDATE: Double free vulnerability - debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept failure - CVE-2017-11462 * SECURITY UPDATE: Authenticated kadmin with permission to add principals to an LDAP Kerberos can DoS or bypass DN container check. - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN checking - CVE-2018-5729 - CVE-2018-5730 -- Eduardo Barretto <email address hidden> Fri, 11 Jan 2019 13:46:00 -0200
Available diffs
Superseded in eoan-release |
Obsolete in disco-release |
Deleted in disco-proposed (Reason: moved to release) |
krb5 (1.17-1) unstable; urgency=low * New Upstream release * Don't include all memory ccaches in ccache collection, avoids invalid mutex, Closes: #918088 * The default path for the KDC database even without a config file is /var/lib/krb5kdc/principal, Closes: #777579 -- Sam Hartman <email address hidden> Sun, 13 Jan 2019 15:59:40 -0500
Available diffs
- diff from 1.16.2-1 to 1.17-1 (1.2 MiB)
krb5 (1.12+dfsg-2ubuntu5.4) trusty-security; urgency=medium * SECURITY UPDATE: DoS (out-of-bounds read) via a crafted string - debian/patches/CVE-2015-8629.patch: Verify decode kadmin C strings - CVE-2015-8629 * SECURITY UPDATE: DoS (NULL pointer dereference) by specifying KADM5_POLICY with a NULL policy name - debian/patches/CVE-2015-8630.patch: Check for null kadm5 policy name - CVE-2015-8630 * SECURITY UPDATE: DoS (memory consumption) via a request specifying a NULL principal name - debian/patches/CVE-2015-8631.patch: Fix leaks in kadmin server stubs - CVE-2015-8631 * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to modify a principal - debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on empty arg - CVE-2016-3119 * SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request - debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon is restricted - CVE-2016-3120 * SECURITY UPDATE: KDC assertion failure - debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status assertion failures - debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment - CVE-2017-11368 * SECURITY UPDATE: Double free vulnerability - debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept failure - CVE-2017-11462 * SECURITY UPDATE: Authenticated kadmin with permission to add principals to an LDAP Kerberos can DoS or bypass DN container check. - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN checking - CVE-2018-5729 - CVE-2018-5730 -- Eduardo Barretto <email address hidden> Wed, 09 Jan 2019 14:01:22 -0200
Available diffs
krb5 (1.16.2-1) unstable; urgency=medium [ Ondřej Nový ] * d/changelog: Remove trailing whitespaces * d/control: Remove trailing whitespaces * d/rules: Remove trailing whitespaces [ Sam Hartman ] * New Upstream version, Closes: #915780 * CVE-2018-20217: Incorrect KDC assertion leading to denial of service, Closes: #917387 * Fix typo in tests -- Sam Hartman <email address hidden> Mon, 31 Dec 2018 15:25:16 -0500
Available diffs
krb5 (1.16.1-1ubuntu1) disco; urgency=medium * Merge with Debian unstable. * Dropped: - Add DEP8 tests (LP #1677881): + d/t/util: common functions used in the tests + d/t/control, d/t/kinit: simple kinit test + d/t/control, d/t/slapd-gssapi: DEP8 test for service principals [Adopted in 1.16.1-1] * Added: - d/t/util: fix typo
Available diffs
- diff from 1.16-2ubuntu1 to 1.16.1-1ubuntu1 (243.1 KiB)
Superseded in disco-release |
Obsolete in cosmic-release |
Deleted in cosmic-proposed (Reason: moved to release) |
krb5 (1.16-2ubuntu1) cosmic; urgency=medium * Add DEP8 tests (LP: #1677881): - d/t/util: common functions used in the tests - d/t/control, d/t/kinit: simple kinit test - d/t/control, d/t/slapd-gssapi: DEP8 test for service principals -- Andreas Hasenack <email address hidden> Fri, 06 Jul 2018 15:39:44 -0300
Available diffs
- diff from 1.16-2build1 to 1.16-2ubuntu1 (1.9 KiB)
Superseded in cosmic-release |
Published in bionic-release |
Deleted in bionic-proposed (Reason: moved to release) |
krb5 (1.16-2build1) bionic; urgency=high * No change rebuild against openssl1.1. -- Dimitri John Ledkov <email address hidden> Mon, 05 Feb 2018 16:50:17 +0000
Available diffs
- diff from 1.16-2 (in Debian) to 1.16-2build1 (634 bytes)
krb5 (1.16-2) unstable; urgency=medium * Update location of packaging GIT repository * krb5-config was incorrectly changed to include the multiarch tripple in include paths. However, our include files are not architecture specific; fix krb5-config to not include a multiarch tripple in include paths, Closes: #887810 -- Sam Hartman <email address hidden> Sat, 20 Jan 2018 11:02:57 -0500
Available diffs
- diff from 1.15.1-2 to 1.16-2 (729.7 KiB)
- diff from 1.16-1 to 1.16-2 (2.1 KiB)
krb5 (1.16-1) unstable; urgency=medium * New Upstream Version, Closes: #884490 - libkdb5 soname is now 9 * Note that we break moonshot-gss-eap less than 1.0.1. In particular because /etc/gss/mech.d/README is no longer installed, moonshot-gss-eap will drop a stray file in /usr/etc. * make krb5-config identical on all architectures and make krb5-multidev and libkrb5-dev multiarch installable; solution based on discussion with Hugh McMaster, Closes: #881597 -- Sam Hartman <email address hidden> Thu, 04 Jan 2018 10:29:06 -0500
Available diffs
- diff from 1.15.2-2 to 1.16-1 (723.2 KiB)
krb5 (1.15.2-2) unstable; urgency=medium * Apply upstream patch removing a fixed-size buffer in PKINIT client code, Closes: #871698 -- Benjamin Kaduk <email address hidden> Sat, 28 Oct 2017 18:09:28 -0500
Superseded in bionic-release |
Obsolete in artful-release |
Deleted in artful-proposed (Reason: moved to release) |
krb5 (1.15.1-2) unstable; urgency=high * Depend on libsasl2-dev for LDAP SASL authentication, Thanks Hideki Yamane, Closes: #868035 * Remove /etc/gss/mech.d/README on libgssapi-krb5-2 purge, Closes: #868121 * CVE-2017-11368: Remote authenticated attackers can crash the KDC, Closes: #869260 * Set Restart=on-abnormal in krb5-kdc.service and krb5-admind.service to minimize the impact of future DOS bugs. -- Sam Hartman <email address hidden> Sun, 23 Jul 2017 14:16:38 -0400
Available diffs
- diff from 1.15.1-1 to 1.15.1-2 (2.8 KiB)
krb5 (1.15.1-1) unstable; urgency=medium * New Upstream Version - Samba wants this, Closes: #861651 * Include krb5-otp tmpfile for freeipa, Closes: #859243 * Move doxygen to build-indep, Closes: #754139 * For stage1 builds, skip LDAP, based on patch by Johannes Schauer and Peter Pentchev, Closes: #752407 * Annotate control file for stage1 without ldap, Closes: #752409 * Remove /etc/gss/mech.d/README, Closes: #861218 -- Sam Hartman <email address hidden> Sun, 09 Jul 2017 14:38:55 -0400
Available diffs
- diff from 1.15-2 to 1.15.1-1 (256.7 KiB)
krb5 (1.15-1ubuntu0.1) zesty; urgency=medium * Pulled in Debian fixes from Sam Hartman for: - kinit fails for OTP user when using kdc discovery via DNS (LP: #1683237) - KDC/kadmind explicit wildcard listener addresses do not use pktinfo (LP: #1688121) - KDC/kadmind may fail to start on IPv4-only systems (LP: #1688310) -- Andreas Hasenack <email address hidden> Fri, 05 May 2017 14:05:38 +0000
Available diffs
krb5 (1.15-2) experimental; urgency=medium * Upstream patches to fix startup if getaddrinfo() returns a wildcard v6 address, and to fix handling of explicitly specified v4 wildcard address; regression over previous versions, Closes: #860767 * Fix SRV lookups to respect udp_preference_limit, regression over previous versions with OTP, Closes: #856307 -- Sam Hartman <email address hidden> Wed, 19 Apr 2017 16:50:01 -0400
Available diffs
- diff from 1.15-1 to 1.15-2 (6.0 KiB)
krb5 (1.13.2+dfsg-5ubuntu2) xenial; urgency=medium * Fix segfault in context_handle (LP: #1648901). - d/p/check_internal_context_on_init_context_errors.patch: Cherry picked patch from upstream VCS. -- Eric Desrochers <email address hidden> Mon, 16 Jan 2017 15:06:57 +0100
Available diffs
Superseded in artful-release |
Obsolete in zesty-release |
Deleted in zesty-proposed (Reason: moved to release) |
krb5 (1.15-1) unstable; urgency=medium [ Benjamin Kaduk ] * New upstream version - Make zap() more reliable and use it more consistently; the previous version could be optimized out by gcc 5.1 or later - Update license statement in ccapi/common/win/OldCC/autolock.hxx, Closes: #846088 * Update Debian-HURD-compatibility.patch, Closes: #845381 * Bump debhelper compat level to 9 [ Sam Hartman ] * Actually build and ship German translations, Closes: #842497 -- Benjamin Kaduk <email address hidden> Sun, 04 Dec 2016 15:37:57 -0500
Available diffs
- diff from 1.15~beta1-1 to 1.15-1 (239.3 KiB)
krb5 (1.12+dfsg-2ubuntu5.3) trusty; urgency=medium * d/p/upstream/0001-Add-SPNEGO-special-case-for-NTLMSSP-MechListMIC.patch: Cherry-pick from upstream to add SPNEGO special case for NTLMSSP+MechListMIC. LP: #1643708. -- Steve Langasek <email address hidden> Mon, 21 Nov 2016 18:14:47 -0800
Available diffs
krb5 (1.13.2+dfsg-5ubuntu1) xenial; urgency=medium * d/p/upstream/0001-Add-SPNEGO-special-case-for-NTLMSSP-MechListMIC.patch: Cherry-pick from upstream to add SPNEGO special case for NTLMSSP+MechListMIC. LP: #1643708. -- Steve Langasek <email address hidden> Mon, 21 Nov 2016 17:28:15 -0800
Available diffs
krb5 (1.14.3+dfsg-2ubuntu1) yakkety; urgency=medium * d/p/upstream/0001-Add-SPNEGO-special-case-for-NTLMSSP-MechListMIC.patch: Cherry-pick from upstream to add SPNEGO special case for NTLMSSP+MechListMIC. LP: #1643708. -- Steve Langasek <email address hidden> Mon, 21 Nov 2016 17:01:33 -0800
Available diffs
krb5 (1.15~beta1-1) unstable; urgency=low [ Benjamin Kaduk ] * New upstream version - Upstream's tarball is now DFSG-free - Builds against openssl 1.1.0, Closes: #828369 - Add support for the AES-SHA2 enctypes - Add support to kadmin for remote extraction of current keys and principal attributes to prevent such extraction - Add DNS auto-discovery using URI records in addition to SRV records - Improve LDAP backend to contain some features previously only present in the BDB backend - Use the getrandom system call on supported Linux kernels - Use SHA256 instead of MD5 for hashing authenticators in the replay cache * The symbol gssrpc_svcauth_gss_creds was removed upstream from libgssrpc; no soname bump because this is an internal API never in a public header [ Sam Hartman ] * Update standards version to 3.9.8 -- Benjamin Kaduk <email address hidden> Wed, 02 Nov 2016 00:12:46 -0400
Available diffs
- diff from 1.14.3+dfsg-2 to 1.15~beta1-1 (3.4 MiB)
Superseded in zesty-release |
Obsolete in yakkety-release |
Deleted in yakkety-proposed (Reason: moved to release) |
krb5 (1.14.3+dfsg-2) UNRELEASED; urgency=medium * Fix gcc -O3, thanks Ben Kaduk/Steve Langasek, Closes: #833798 * Fix kdb5_util create on 32-bit platforms, thanks Greg Hudson, Closes: #834035 -- Sam Hartman <email address hidden> Mon, 05 Sep 2016 21:03:14 -0400
Available diffs
krb5 (1.14.3+dfsg-1ubuntu1) yakkety; urgency=low * Merge from Debian unstable. Remaining changes: - Fix uninitialized variable warning on ppc64el.
Available diffs
krb5 (1.14.2+dfsg-1ubuntu1) yakkety; urgency=medium * Fix uninitialized variable warning on ppc64el (LP: #1592841). Thanks to Sam Hartman for the preliminary patch. -- Steve Langasek <email address hidden> Wed, 16 Jun 2016 08:58:08 +0300
Available diffs
Superseded in yakkety-proposed |
krb5 (1.14.2+dfsg-1) unstable; urgency=low * New upstream version - Includes fix for CVE-2016-3119: remote DOS with ldap for authenticated attackers, Closes: #819468 * Fix short descriptions capitalization, Thanks Laura Arjona Reina, Closes: #821021 * New German translation, Thanks Chris Leick, Closes: #816548 -- Sam Hartman <email address hidden> Mon, 30 May 2016 13:12:02 -0400
Superseded in yakkety-release |
Published in xenial-release |
Deleted in xenial-proposed (Reason: moved to release) |
krb5 (1.13.2+dfsg-5) unstable; urgency=high * Security Update * Verify decoded kadmin C strings [CVE-2015-8629] CVE-2015-8629: An authenticated attacker can cause kadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database. (Closes: #813296) * Check for null kadm5 policy name [CVE-2015-8630] CVE-2015-8630: An authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying a null policy value but including KADM5_POLICY in the mask. (Closes: #813127) * Fix leaks in kadmin server stubs [CVE-2015-8631] CVE-2015-8631: An authenticated attacker can cause kadmind to leak memory by supplying a null principal name in a request which uses one. Repeating these requests will eventually cause kadmind to exhaust all available memory. (Closes: #813126) -- Sam Hartman <email address hidden> Tue, 23 Feb 2016 08:54:09 -0500
Available diffs
- diff from 1.13.2+dfsg-4 to 1.13.2+dfsg-5 (4.3 KiB)
1 → 75 of 251 results | First • Previous • Next • Last |