Change log for krb5 package in Ubuntu
76 → 150 of 251 results | First • Previous • Next • Last |
krb5 (1.12+dfsg-2ubuntu5.2) trusty-security; urgency=medium * SECURITY UPDATE: denial of service via incorrect null bytes - d/p/0030-Fix-krb5_read_message-handling-CVE-2014-5355.patch: properly handle null bytes in src/appl/user_user/server.c, src/lib/krb5/krb/recvauth.c. - CVE-2015-5355 * SECURITY UPDATE: preauthentication requirement bypass in kdcpreauth - d/p/0031-Prevent-requires_preauth-bypass-CVE-2015-2694.patch: improve logic in src/plugins/preauth/otp/main.c, src/plugins/preauth/pkinit/pkinit_srv.c. - CVE-2015-2694 * SECURITY UPDATE: SPNEGO context aliasing bugs - d/p/0031-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch: improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h, src/lib/gssapi/spnego/spnego_mech.c. - d/p/0036-Fix-SPNEGO-context-import.patch: fix SPNEGO context import in src/lib/gssapi/spnego/spnego_mech.c. - CVE-2015-2695 * SECURITY UPDATE: IAKERB context aliasing bugs - d/p/0032-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch: improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h, src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c. - d/p/0034-Fix-two-IAKERB-comments.patch: fix comments in src/lib/gssapi/krb5/iakerb.c. - CVE-2015-2696 * SECURITY UPDATE: KDC crash via invalid string processing - d/p/0033-Fix-build_principal-memory-bug-CVE-2015-2697.patch: use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c. - CVE-2015-2697 * SECURITY UPDATE: memory corruption in IAKERB context export/import - d/p/0035-Fix-IAKERB-context-export-import-CVE-2015-2698.patch: dereferencing the context_handle pointer before casting it in and implement implement an IAKERB gss_import_sec_context() function in src/lib/gssapi/krb5/gssapiP_krb5.h, src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c. - CVE-2015-2698 -- Marc Deslauriers <email address hidden> Wed, 11 Nov 2015 09:08:08 -0500
Available diffs
krb5 (1.13.2+dfsg-2ubuntu0.1) wily-security; urgency=medium * SECURITY UPDATE: SPNEGO context aliasing bugs - d/p/u/0011-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch: improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h, src/lib/gssapi/spnego/spnego_mech.c. - d/p/u/0016-Fix-SPNEGO-context-import.patch: fix SPNEGO context import in src/lib/gssapi/spnego/spnego_mech.c. - CVE-2015-2695 * SECURITY UPDATE: IAKERB context aliasing bugs - d/p/u/0012-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch: improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h, src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c. - d/p/u/0014-Fix-two-IAKERB-comments.patch: fix comments in src/lib/gssapi/krb5/iakerb.c. - CVE-2015-2696 * SECURITY UPDATE: KDC crash via invalid string processing - d/p/u/0013-Fix-build_principal-memory-bug-CVE-2015-2697.patch: use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c. - CVE-2015-2697 * SECURITY UPDATE: memory corruption in IAKERB context export/import - d/p/u/0015-Fix-IAKERB-context-export-import-CVE-2015-2698.patch: dereferencing the context_handle pointer before casting it in and implement implement an IAKERB gss_import_sec_context() function in src/lib/gssapi/krb5/gssapiP_krb5.h, src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c. - CVE-2015-2698 -- Marc Deslauriers <email address hidden> Wed, 11 Nov 2015 08:36:55 -0500
Available diffs
krb5 (1.12.1+dfsg-18ubuntu0.1) vivid-security; urgency=medium * SECURITY UPDATE: preauthentication requirement bypass in kdcpreauth - d/p/u/0031-Prevent-requires_preauth-bypass-CVE-2015-2694.patch: improve logic in src/plugins/preauth/otp/main.c, src/plugins/preauth/pkinit/pkinit_srv.c. - CVE-2015-2694 * SECURITY UPDATE: SPNEGO context aliasing bugs - d/p/u/0031-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch: improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h, src/lib/gssapi/spnego/spnego_mech.c. - d/p/u/0036-Fix-SPNEGO-context-import.patch: fix SPNEGO context import in src/lib/gssapi/spnego/spnego_mech.c. - CVE-2015-2695 * SECURITY UPDATE: IAKERB context aliasing bugs - d/p/u/0032-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch: improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h, src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c. - d/p/u/0034-Fix-two-IAKERB-comments.patch: fix comments in src/lib/gssapi/krb5/iakerb.c. - CVE-2015-2696 * SECURITY UPDATE: KDC crash via invalid string processing - d/p/u/0033-Fix-build_principal-memory-bug-CVE-2015-2697.patch: use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c. - CVE-2015-2697 * SECURITY UPDATE: memory corruption in IAKERB context export/import - d/p/u/0035-Fix-IAKERB-context-export-import-CVE-2015-2698.patch: dereferencing the context_handle pointer before casting it in and implement implement an IAKERB gss_import_sec_context() function in src/lib/gssapi/krb5/gssapiP_krb5.h, src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c. - CVE-2015-2698 -- Marc Deslauriers <email address hidden> Wed, 11 Nov 2015 08:52:46 -0500
Available diffs
krb5 (1.10+dfsg~beta1-2ubuntu0.7) precise-security; urgency=medium * SECURITY UPDATE: denial of service via udp ping-pong - debian/patches/CVE-2002-2443.patch: don't respond to improper packets in src/kadmin/server/schpw.c. - CVE-2002-2443 * SECURITY UPDATE: denial of service via incorrect null bytes - d/p/0030-Fix-krb5_read_message-handling-CVE-2014-5355.patch: properly handle null bytes in src/appl/user_user/server.c, src/lib/krb5/krb/recvauth.c. - CVE-2015-5355 * SECURITY UPDATE: SPNEGO context aliasing bugs - d/p/0031-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch: improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h, src/lib/gssapi/spnego/spnego_mech.c. - d/p/0035-Fix-SPNEGO-context-import.patch: fix SPNEGO context import in src/lib/gssapi/spnego/spnego_mech.c. - CVE-2015-2695 * SECURITY UPDATE: IAKERB context aliasing bugs - d/p/0032-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch: improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h, src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c. - d/p/0033-Fix-two-IAKERB-comments.patch: fix comments in src/lib/gssapi/krb5/iakerb.c. - CVE-2015-2696 * SECURITY UPDATE: KDC crash via invalid string processing - d/p/0033-Fix-build_principal-memory-bug-CVE-2015-2697.patch: use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c. - CVE-2015-2697 * SECURITY UPDATE: memory corruption in IAKERB context export/import - d/p/0034-Fix-IAKERB-context-export-import-CVE-2015-2698.patch: dereferencing the context_handle pointer before casting it in and implement implement an IAKERB gss_import_sec_context() function in src/lib/gssapi/krb5/gssapiP_krb5.h, src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c. - CVE-2015-2698 -- Marc Deslauriers <email address hidden> Wed, 11 Nov 2015 09:16:52 -0500
krb5 (1.13.2+dfsg-4) unstable; urgency=high * Import upstream patches fixing regressions in the previous upload: - CVE-2015-2698: the patch for CVE-2015-2696 caused memory corruption for applications calling gss_export_sec_context() on contexts established using the IAKERB mechanism. - Supply gss_import_sec_context implementations for SPNEGO and IAKERB, which were not implemented due to the erroneous belief that the exported context tokens would be tagged with the underlying context's mechanism. -- Benjamin Kaduk <email address hidden> Wed, 04 Nov 2015 22:47:22 -0500
Available diffs
- diff from 1.13.2+dfsg-3 to 1.13.2+dfsg-4 (3.3 KiB)
krb5 (1.13.2+dfsg-3) unstable; urgency=high * Import upstream patches for three CVEs: - CVE-2015-2695: SPNEGO context aliasing during establishment - CVE-2015-2696: IAKERB context aliasing during establishment - CVE-2015-2697: unsafe string handling in TGS processing -- Benjamin Kaduk <email address hidden> Mon, 26 Oct 2015 14:03:52 -0400
Available diffs
- diff from 1.13.2+dfsg-2 to 1.13.2+dfsg-3 (9.2 KiB)
Superseded in xenial-release |
Obsolete in wily-release |
Deleted in wily-proposed (Reason: moved to release) |
krb5 (1.13.2+dfsg-2) unstable; urgency=medium * No-change rebuild to target unstable -- Benjamin Kaduk <email address hidden> Thu, 25 Jun 2015 17:10:03 -0400
Available diffs
krb5 (1.12.1+dfsg-20) unstable; urgency=high * Import upstream patch for CVE-2015-2694, Closes: #783557 * Bump Standards-Version to 3.9.6 (no changes needed) -- Benjamin Kaduk <email address hidden> Wed, 13 May 2015 14:40:36 -0400
Available diffs
krb5 (1.12.1+dfsg-19) unstable; urgency=medium * mark systemd unit directories as optional, Closes: #780831 -- Sam Hartman <email address hidden> Fri, 20 Mar 2015 16:22:33 -0400
Available diffs
- diff from 1.12.1+dfsg-18 to 1.12.1+dfsg-19 (694 bytes)
Superseded in wily-release |
Obsolete in vivid-release |
Deleted in vivid-proposed (Reason: moved to release) |
krb5 (1.12.1+dfsg-18) unstable; urgency=high * Import upstream patch for CVE-2014-5355, Closes: #778647 -- Benjamin Kaduk <email address hidden> Wed, 18 Feb 2015 12:52:14 -0500
Available diffs
krb5 (1.12.1+dfsg-10ubuntu0.1) utopic-security; urgency=medium * SECURITY UPDATE: use-after-free and double-free memory access violations - debian/patches/CVE-2014-5352.patch: properly handle context deletion in src/lib/gssapi/krb5/context_time.c, src/lib/gssapi/krb5/export_sec_context.c, src/lib/gssapi/krb5/gssapiP_krb5.h, src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/inq_context.c, src/lib/gssapi/krb5/k5seal.c, src/lib/gssapi/krb5/k5sealiov.c, src/lib/gssapi/krb5/k5unseal.c, src/lib/gssapi/krb5/k5unsealiov.c, src/lib/gssapi/krb5/lucid_context.c, src/lib/gssapi/krb5/prf.c, src/lib/gssapi/krb5/process_context_token.c, src/lib/gssapi/krb5/wrap_size_limit.c. - CVE-2014-5352 * SECURITY UPDATE: denial of service via LDAP query with no results - debian/patches/CVE-2014-5353.patch: properly handle policy name in src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c. - CVE-2014-5353 * SECURITY UPDATE: denial of service via database entry for a keyless principal - debian/patches/CVE-2014-5354.patch: support keyless principals in src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. - CVE-2014-5354 * SECURITY UPDATE: denial of service or code execution in kadmind XDR data processing - debian/patches/CVE-2014-9421.patch: fix double free in src/lib/kadm5/kadm_rpc_xdr.c, src/lib/rpc/auth_gssapi_misc.c. - CVE-2014-9421 * SECURITY UPDATE: impersonation attack via two-component server principals - debian/patches/CVE-2014-9422.patch: fix kadmind server validation in src/kadmin/server/kadm_rpc_svc.c. - CVE-2014-9422 * SECURITY UPDATE: gssrpc data leakage - debian/patches/CVE-2014-9423.patch: fix leakage in src/lib/gssapi/mechglue/mglueP.h, src/lib/rpc/svc_auth_gss.c. - CVE-2014-9423 -- Marc Deslauriers <email address hidden> Fri, 06 Feb 2015 15:15:07 -0500
Available diffs
krb5 (1.8.1+dfsg-2ubuntu0.14) lucid-security; urgency=medium * SECURITY UPDATE: ticket forging via old keys - src/lib/kadm5/srv/svr_principal.c: return only new keys - af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca - CVE-2014-5321 * SECURITY UPDATE: use-after-free and double-free memory access violations - properly handle context deletion in src/lib/gssapi/krb5/context_time.c, src/lib/gssapi/krb5/export_sec_context.c, src/lib/gssapi/krb5/gssapiP_krb5.h, src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/inq_context.c, src/lib/gssapi/krb5/k5seal.c, src/lib/gssapi/krb5/k5sealiov.c, src/lib/gssapi/krb5/k5unseal.c, src/lib/gssapi/krb5/k5unsealiov.c, src/lib/gssapi/krb5/lucid_context.c, src/lib/gssapi/krb5/prf.c, src/lib/gssapi/krb5/process_context_token.c, src/lib/gssapi/krb5/wrap_size_limit.c. - 82dc33da50338ac84c7b4102dc6513d897d0506a - CVE-2014-5352 * SECURITY UPDATE: denial of service via LDAP query with no results - src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c: properly handle policy name. - d1f707024f1d0af6e54a18885322d70fa15ec4d3 - CVE-2014-5353 * SECURITY UPDATE: denial of service via database entry for a keyless principal - src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c: support keyless principals. - 877ad027ca2103f3ac2f581451fdd347a76b8981 - CVE-2014-5354 * SECURITY UPDATE: denial of service or code execution in kadmind XDR data processing - fix double free in src/lib/kadm5/kadm_rpc_xdr.c, src/lib/rpc/auth_gssapi_misc.c. - a197e92349a4aa2141b5dff12e9dd44c2a2166e3 - CVE-2014-9421 * SECURITY UPDATE: impersonation attack via two-component server principals - src/kadmin/server/kadm_rpc_svc.c: fix kadmind server validation. - 6609658db0799053fbef0d7d0aa2f1fd68ef32d8 - CVE-2014-9422 * SECURITY UPDATE: gssrpc data leakage - src/lib/rpc/svc_auth_gss.c: fix leakage. - 5bb8a6b9c9eb8dd22bc9526751610aaa255ead9c - CVE-2014-9423 -- Marc Deslauriers <email address hidden> Fri, 06 Feb 2015 15:51:07 -0500
Available diffs
krb5 (1.12+dfsg-2ubuntu5.1) trusty-security; urgency=medium * SECURITY UPDATE: ticket forging via old keys - debian/patches/CVE-2014-5321.patch: return only new keys in src/lib/kadm5/srv/svr_principal.c. - CVE-2014-5321 * SECURITY UPDATE: use-after-free and double-free memory access violations - debian/patches/CVE-2014-5352.patch: properly handle context deletion in src/lib/gssapi/krb5/context_time.c, src/lib/gssapi/krb5/export_sec_context.c, src/lib/gssapi/krb5/gssapiP_krb5.h, src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/inq_context.c, src/lib/gssapi/krb5/k5seal.c, src/lib/gssapi/krb5/k5sealiov.c, src/lib/gssapi/krb5/k5unseal.c, src/lib/gssapi/krb5/k5unsealiov.c, src/lib/gssapi/krb5/lucid_context.c, src/lib/gssapi/krb5/prf.c, src/lib/gssapi/krb5/process_context_token.c, src/lib/gssapi/krb5/wrap_size_limit.c. - CVE-2014-5352 * SECURITY UPDATE: denial of service via LDAP query with no results - debian/patches/CVE-2014-5353.patch: properly handle policy name in src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c. - CVE-2014-5353 * SECURITY UPDATE: denial of service via database entry for a keyless principal - debian/patches/CVE-2014-5354.patch: support keyless principals in src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. - CVE-2014-5354 * SECURITY UPDATE: denial of service or code execution in kadmind XDR data processing - debian/patches/CVE-2014-9421.patch: fix double free in src/lib/kadm5/kadm_rpc_xdr.c, src/lib/rpc/auth_gssapi_misc.c. - CVE-2014-9421 * SECURITY UPDATE: impersonation attack via two-component server principals - debian/patches/CVE-2014-9422.patch: fix kadmind server validation in src/kadmin/server/kadm_rpc_svc.c. - CVE-2014-9422 * SECURITY UPDATE: gssrpc data leakage - debian/patches/CVE-2014-9423.patch: fix leakage in src/lib/gssapi/mechglue/mglueP.h, src/lib/rpc/svc_auth_gss.c. - CVE-2014-9423 -- Marc Deslauriers <email address hidden> Fri, 06 Feb 2015 15:26:22 -0500
Available diffs
krb5 (1.10+dfsg~beta1-2ubuntu0.6) precise-security; urgency=medium * SECURITY UPDATE: ticket forging via old keys - debian/patches/CVE-2014-5321.patch: return only new keys in src/lib/kadm5/srv/svr_principal.c. - CVE-2014-5321 * SECURITY UPDATE: use-after-free and double-free memory access violations - debian/patches/CVE-2014-5352.patch: properly handle context deletion in src/lib/gssapi/krb5/context_time.c, src/lib/gssapi/krb5/export_sec_context.c, src/lib/gssapi/krb5/gssapiP_krb5.h, src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/inq_context.c, src/lib/gssapi/krb5/k5seal.c, src/lib/gssapi/krb5/k5sealiov.c, src/lib/gssapi/krb5/k5unseal.c, src/lib/gssapi/krb5/k5unsealiov.c, src/lib/gssapi/krb5/lucid_context.c, src/lib/gssapi/krb5/prf.c, src/lib/gssapi/krb5/process_context_token.c, src/lib/gssapi/krb5/wrap_size_limit.c. - CVE-2014-5352 * SECURITY UPDATE: denial of service via LDAP query with no results - debian/patches/CVE-2014-5353.patch: properly handle policy name in src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c. - CVE-2014-5353 * SECURITY UPDATE: denial of service via database entry for a keyless principal - debian/patches/CVE-2014-5354.patch: support keyless principals in src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. - CVE-2014-5354 * SECURITY UPDATE: denial of service or code execution in kadmind XDR data processing - debian/patches/CVE-2014-9421.patch: fix double free in src/lib/kadm5/kadm_rpc_xdr.c, src/lib/rpc/auth_gssapi_misc.c. - CVE-2014-9421 * SECURITY UPDATE: impersonation attack via two-component server principals - debian/patches/CVE-2014-9422.patch: fix kadmind server validation in src/kadmin/server/kadm_rpc_svc.c. - CVE-2014-9422 * SECURITY UPDATE: gssrpc data leakage - debian/patches/CVE-2014-9423.patch: fix leakage in src/lib/rpc/svc_auth_gss.c. - CVE-2014-9423 -- Marc Deslauriers <email address hidden> Fri, 06 Feb 2015 15:37:18 -0500
Available diffs
krb5 (1.12.1+dfsg-17) unstable; urgency=high * MITKRB5-SA-2015-001 - CVE-2014-5352: gss_process_context_token() incorrectly frees context - CVE-2014-9421: kadmind doubly frees partial deserialization results - CVE-2014-9422: kadmind incorrectly validates server principal name - CVE-2014-9423: libgssrpc server applications leak uninitialized bytes -- Sam Hartman <email address hidden> Tue, 03 Feb 2015 10:29:35 -0500
Available diffs
krb5 (1.12.1+dfsg-16) unstable; urgency=medium * Import upstream patches for CVE-2014-5353 and CVE-2014-5354, Closes: #773226, Closes: #773228 -- Benjamin Kaduk <email address hidden> Mon, 15 Dec 2014 16:18:26 -0500
Available diffs
krb5 (1.12.1+dfsg-15) unstable; urgency=medium * Also apply slapd-before-kdc.conf to krb5-admin-server.service.d, Closes: #769710 -- Benjamin Kaduk <email address hidden> Fri, 21 Nov 2014 12:36:08 -0500
Available diffs
- diff from 1.12.1+dfsg-14 to 1.12.1+dfsg-15 (507 bytes)
krb5 (1.12.1+dfsg-14) unstable; urgency=medium * The upstream patch in 1.12.1+dfsg-13 was incomplete; pull in another upstream patch upon which it depended, to fix the kfreebsd build, Closes: #768379 -- Benjamin Kaduk <email address hidden> Fri, 07 Nov 2014 13:17:36 -0500
Available diffs
krb5 (1.12.1+dfsg-13) unstable; urgency=medium * Remove the ExecReload line added in 1.12.1+dfsg-12; it is not a regression from the SysV init script and therefore not suitable for jessie post-freeze * Apply upstream patch to fix build on FreeBSD 10.1, Closes: #768379 -- Benjamin Kaduk <email address hidden> Thu, 06 Nov 2014 18:08:26 -0500
Available diffs
krb5 (1.12.1+dfsg-11) unstable; urgency=medium * Provide systemd service units for krb5-kdc, Partially affects: #734161 * Provide systemd overrides to start slapd first when krb5-kdc-ldap is installed, Thanks Michael Biebl, Closes: #758992 * Provide kadmind service unit, Closes: #734161 * Drop support for RUN_KADMIND in favor of update-rc.d disable * In krb5_newrealm, use service rather than calling init scripts directly -- Sam Hartman <email address hidden> Mon, 20 Oct 2014 16:51:09 -0400
Available diffs
- diff from 1.12.1+dfsg-10 to 1.12.1+dfsg-11 (16.5 KiB)
krb5 (1.12+dfsg-2ubuntu5) trusty; urgency=low * Use ADD_METHOD_NOLOOP rather than ADD_METHOD for new GSS-API entry points, avoids infinite recursive loop when a mechanism doesn't provide an entry point and does include calls back into the mechglue (LP: #1326500) * Make libkadm5srv-mit8 be arch: any multi-arch: same to work around upgrade bug (LP: #1334052) * Use tailq macros to work around GCC 4.8 optimizer bug and prevent infinite loop for database propagation (LP: #1347147) -- Sam Hartman <email address hidden> Wed, 30 Jul 2014 21:06:49 -0400
Available diffs
Superseded in vivid-release |
Obsolete in utopic-release |
Deleted in utopic-proposed (Reason: moved to release) |
krb5 (1.12.1+dfsg-10) unstable; urgency=medium * Import upstream's patch for CVE-2014-5351, Closes: #762479 -- Benjamin Kaduk <email address hidden> Mon, 22 Sep 2014 14:53:33 -0400
Available diffs
krb5 (1.12.1+dfsg-7) unstable; urgency=high * Apply upstream's patch for CVE-2014-4345 (MITKRB5-SA-2014-001), buffer overrun in kadmind with LDAP backend, Closes: #757416 -- Benjamin Kaduk <email address hidden> Thu, 07 Aug 2014 18:33:37 -0400
Available diffs
- diff from 1.12.1+dfsg-6 to 1.12.1+dfsg-7 (2.0 KiB)
krb5 (1.12+dfsg-2ubuntu4.2) trusty-security; urgency=medium * SECURITY UPDATE: denial of service via invalid tokens - debian/patches/CVE-2014-4341-4342.patch: handle invalid tokens in src/lib/gssapi/krb5/k5unseal.c, src/lib/gssapi/krb5/k5unsealiov.c. - CVE-2014-4341 - CVE-2014-4342 * SECURITY UPDATE: denial of service via double-free in SPNEGO - debian/patches/CVE-2014-4343.patch: fix double-free in src/lib/gssapi/spnego/spnego_mech.c. - CVE-2014-4343 * SECURITY UPDATE: denial of service via null deref in SPNEGO acceptor - debian/patches/CVE-2014-4344.patch: validate REMAIN in src/lib/gssapi/spnego/spnego_mech.c. - CVE-2014-4344 * SECURITY UPDATE: denial of service and possible code execution in kadmind with LDAP backend - debian/patches/CVE-2014-4345.patch: fix off-by-one in src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c - CVE-2014-4345 -- Marc Deslauriers <email address hidden> Fri, 08 Aug 2014 14:58:49 -0400
Available diffs
krb5 (1.8.1+dfsg-2ubuntu0.13) lucid-security; urgency=medium * SECURITY UPDATE: denial of service via malformed KRB5_PADATA_PK_AS_REQ AS-REQ request - src/plugins/preauth/pkinit/pkinit_crypto_openssl.c: don't dereference null pointer. - c773d3c775e9b2d88bcdff5f8a8ba88d7ec4e8ed - CVE-2013-1415 * SECURITY UPDATE: denial of service via crafted TGS-REQ request - src/kdc/do_tgs_req.c: don't pass null pointer to strlcpy(). - 8ee70ec63931d1e38567905387ab9b1d45734d81 - CVE-2013-1416 * SECURITY UPDATE: multi-realm denial of service via crafted request - src/kdc/main.c: don't dereference a null pointer. - c2ccf4197f697c4ff143b8a786acdd875e70a89d - CVE-2013-1418 - CVE-2013-6800 * SECURITY UPDATE: denial of service via invalid tokens - src/lib/gssapi/krb5/k5unseal.c, src/lib/gssapi/krb5/k5unsealiov.c: handle invalid tokens. - fb99962cbd063ac04c9a9d2cc7c75eab73f3533d - CVE-2014-4341 - CVE-2014-4342 * SECURITY UPDATE: denial of service via double-free in SPNEGO - src/lib/gssapi/spnego/spnego_mech.c: fix double-free. - f18ddf5d82de0ab7591a36e465bc24225776940f - CVE-2014-4343 * SECURITY UPDATE: denial of service via null deref in SPNEGO acceptor - src/lib/gssapi/spnego/spnego_mech.c: validate REMAIN. - 524688ce87a15fc75f87efc8c039ba4c7d5c197b - CVE-2014-4344 * SECURITY UPDATE: denial of service and possible code execution in kadmind with LDAP backend - src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c: fix off-by-one - 81c332e29f10887c6b9deb065f81ba259f4c7e03 - CVE-2014-4345 -- Marc Deslauriers <email address hidden> Fri, 08 Aug 2014 15:03:17 -0400
Available diffs
krb5 (1.10+dfsg~beta1-2ubuntu0.5) precise-security; urgency=medium * SECURITY UPDATE: denial of service via crafted Draft 9 request - debian/patches/CVE-2012-1016.patch: don't check for an agility KDF identifier in src/plugins/preauth/pkinit/pkinit_srv.c. - CVE-2012-1016 * SECURITY UPDATE: denial of service via malformed KRB5_PADATA_PK_AS_REQ AS-REQ request - debian/patches/CVE-2013-1415.patch: don't dereference null pointer in src/plugins/preauth/pkinit/pkinit_crypto_openssl.c. - CVE-2013-1415 * SECURITY UPDATE: denial of service via crafted TGS-REQ request - debian/patches/CVE-2013-1416.patch: don't pass null pointer to strlcpy() in src/kdc/do_tgs_req.c. - CVE-2013-1416 * SECURITY UPDATE: multi-realm denial of service via crafted request - debian/patches/CVE-2013-1418.patch: don't dereference a null pointer in src/kdc/main.c. - CVE-2013-1418 - CVE-2013-6800 * SECURITY UPDATE: denial of service via invalid tokens - debian/patches/CVE-2014-4341-4342.patch: handle invalid tokens in src/lib/gssapi/krb5/k5unseal.c, src/lib/gssapi/krb5/k5unsealiov.c. - CVE-2014-4341 - CVE-2014-4342 * SECURITY UPDATE: denial of service via double-free in SPNEGO - debian/patches/CVE-2014-4343.patch: fix double-free in src/lib/gssapi/spnego/spnego_mech.c. - CVE-2014-4343 * SECURITY UPDATE: denial of service via null deref in SPNEGO acceptor - debian/patches/CVE-2014-4344.patch: validate REMAIN in src/lib/gssapi/spnego/spnego_mech.c. - CVE-2014-4344 * SECURITY UPDATE: denial of service and possible code execution in kadmind with LDAP backend - debian/patches/CVE-2014-4345.patch: fix off-by-one in src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c - CVE-2014-4345 -- Marc Deslauriers <email address hidden> Fri, 08 Aug 2014 15:02:11 -0400
Available diffs
krb5 (1.12.1+dfsg-6) unstable; urgency=medium [ Benjamin Kaduk ] * Apply upstream's patch to switch to TAILQ macros instead of CIRCLEQ macros, to work around an issue with certain gcc versions. This is expected to resolve Ubuntu bug (LP: #1347147). [ Sam Hartman ] * Include a quick and dirty patch so we build cleanly with -O3 fixing incorrect may be uninitialized warnings. -- Benjamin Kaduk <email address hidden> Tue, 29 Jul 2014 17:05:37 -0400
Available diffs
krb5 (1.12.1+dfsg-3ubuntu1) utopic; urgency=low * Merge from Debian unstable. Remaining changes: - debian/rules: force -O2 to work around build failure with -O3 on ppc64el (see https://pad.lv/ubuntu/+source/krb5/1.12+dfsg-2ubuntu1/+build/5600781)
Available diffs
krb5 (1.12.1+dfsg-1ubuntu1) utopic; urgency=low * Merge from Debian unstable. Remaining changes: - Add alternate dependency on libverto-libevent1 as that's the package ABI name in ubuntu. - debian/rules: force -O2 to work around build failure with -O3. * drop transitional libkadm5srv-mit8 package
Available diffs
Superseded in utopic-release |
Published in trusty-release |
Deleted in trusty-proposed (Reason: moved to release) |
krb5 (1.12+dfsg-2ubuntu4) trusty; urgency=low * Add transitional libkadm5srv-mit8 package to help libapt calculating the upgrade (LP: #1304403) to trusty. This transitional package can be dropped once trusty is released. -- Michael Vogt <email address hidden> Wed, 09 Apr 2014 11:11:43 +0200
Available diffs
krb5 (1.12+dfsg-2ubuntu3) trusty; urgency=medium * Add missing versioned Replaces: libkadm5srv-mit8 to the libkdb5-7 package. Fixes upgrades from trusty. (LP: #1304403) -- Martin Pitt <email address hidden> Tue, 08 Apr 2014 18:04:14 +0200
Available diffs
krb5 (1.12+dfsg-2ubuntu2) trusty; urgency=medium * debian/rules: force -O2 to work around build failure with -O3. -- Adam Conrad <email address hidden> Mon, 17 Feb 2014 08:50:33 +0000
Available diffs
krb5 (1.12+dfsg-2ubuntu1) trusty; urgency=low * Merge from Debian unstable. Remaining changes: - Add alternate dependency on libverto-libevent1 as that's the package ABI name in ubuntu.
Available diffs
krb5 (1.11.3+dfsg-3ubuntu2) trusty; urgency=low * Add alternate dependency on libverto-libevent1 as that's the package ABI name in ubuntu. -- Dmitrijs Ledkovs <email address hidden> Sun, 10 Nov 2013 02:20:12 +0000
Available diffs
Superseded in trusty-proposed |
krb5 (1.11.3+dfsg-3ubuntu1) trusty; urgency=low * Add build dependency on python-lxml. Closes: #725596.
Available diffs
Superseded in trusty-proposed |
krb5 (1.11.3+dfsg-3) unstable; urgency=low [ Benjamin Kaduk ] * Update config.sub and config.guess, patch from upstream, Closes: #717840 * Update Brazillian Portugese Translation, thanks Fernando Ike, Closes: #719726 * Bump the version of the gssrpc_clnt_create symbol. The routine itself was changed in a backwards-compatible way, but callers from the kadm5 libraries were changed to rely on the new behavior, Closes: #718275 * Add symbols files for the kadm5 libraries. The KADM5 API version number was increased for the 1.11 release but the corresponding library sonames were not, so we must indicate the behavior change ourself, Closes: #716772 [ Sam Hartman ] * krb5-kdc depends on libverto-libev1, work around for #652699 * Remove krb5-kdc conflict since it's more than one release cycle old * Add Benjamin Kaduk to uploaders -- Sam Hartman <email address hidden> Sun, 25 Aug 2013 16:48:53 -0400
Superseded in trusty-release |
Obsolete in saucy-release |
Deleted in saucy-proposed (Reason: moved to release) |
krb5 (1.10.1+dfsg-6.1ubuntu1) saucy; urgency=low * Update config.{guess,sub} for Aarch64. -- Matthias Klose <email address hidden> Tue, 23 Jul 2013 22:15:04 +0200
Available diffs
krb5 (1.10.1+dfsg-6.1) unstable; urgency=low * Non-maintainer upload. * debian/patches/texinfo-doc-fix.diff: Fix FTBFS due to texinfo changes, thanks to Gianluigi Tiesi <email address hidden> (Closes: #708711) -- Laurent Bigonville <email address hidden> Fri, 05 Jul 2013 20:55:14 +0200
Available diffs
- diff from 1.10.1+dfsg-6 to 1.10.1+dfsg-6.1 (17.2 KiB)
krb5 (1.10.1+dfsg-6) unstable; urgency=high * Fix UDP ping-pong in kpasswd server [CVE-2002-2443], Closes: #708267 -- Sam Hartman <email address hidden> Tue, 14 May 2013 20:57:06 -0400
Available diffs
- diff from 1.10.1+dfsg-5 to 1.10.1+dfsg-6 (5.2 KiB)
krb5 (1.10.1+dfsg-5) unstable; urgency=high * Import workaround for getaddrinfo bug from upstream. Described in upstream's RT 7124, Closes: #704647 * Correct CVE number for CVE-2012-1016 in changelog and patches, Closes: #703457 * Import upstream's fix for CVE-2013-1416, Closes: #704775 -- Benjamin Kaduk <email address hidden> Fri, 05 Apr 2013 14:36:50 -0400
Available diffs
Superseded in saucy-release |
Obsolete in raring-release |
Deleted in raring-proposed (Reason: moved to release) |
krb5 (1.10.1+dfsg-4+nmu1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix cve-2013-1016: null pointer derefence when handling a draft9 request (closes: #702633). -- Michael Gilbert <email address hidden> Fri, 15 Mar 2013 04:15:27 +0000
Available diffs
- diff from 1.10.1+dfsg-4 to 1.10.1+dfsg-4+nmu1 (889 bytes)
krb5 (1.10.1+dfsg-4) unstable; urgency=high * KDC null pointer dereference with PKINIT, CVE-2013-1415 -- Benjamin Kaduk <email address hidden> Fri, 15 Feb 2013 16:07:53 -0500
Available diffs
- diff from 1.10.1+dfsg-3 to 1.10.1+dfsg-4 (6.3 KiB)
krb5 (1.10.1+dfsg-3) unstable; urgency=low * Kadmind crash only triggered by admin users, cve-2012-1013, Closes: #687647 * Don't unload GSS-API plugins to avoid crashing applications that use GSS-API on systems with plugins installed, Closes: #693741 -- Sam Hartman <email address hidden> Mon, 19 Nov 2012 17:35:04 -0500
Available diffs
- diff from 1.10.1+dfsg-2 to 1.10.1+dfsg-3 (2.0 KiB)
krb5 (1.10.1+dfsg-2) unstable; urgency=high * MITKRB5-SA-2012-001 [CVE-2012-1014 CVE-2012-1015] KDC frees uninitialized pointers * Break libgssglue1 << 0.2-2 for multiarch, Closes: #680612 * Don't free caller's principal in verify_init_creds, Closes: #512410 -- Sam Hartman <email address hidden> Tue, 31 Jul 2012 08:20:09 -0400
Available diffs
- diff from 1.10.1+dfsg-1 to 1.10.1+dfsg-2 (2.9 KiB)
krb5 (1.10+dfsg~beta1-2ubuntu0.3) precise-security; urgency=low * SECURITY UPDATE: KDC heap corruption and crash vulnerabilities - debian/patches/MITKRB5-SA-2012-001.patch: initialize pointers both at allocation and assignment time - CVE-2012-1015, CVE-2012-1014 * SECURITY UPDATE: denial of service in kadmind (LP: #1009422) - debian/patches/krb5-CVE-2012-1013.patch: check for null password - CVE-2012-1013 * SECURITY UPDATE: insufficient ACL checking on get_strings/set_string - debian/patches/krb5-CVE-2012-1012.patch: make the access controls for get_strings/set_string mirror those of get_principal/modify_principal - CVE-2012-1012 -- Steve Beattie <email address hidden> Thu, 26 Jul 2012 14:29:35 -0700
Available diffs
krb5 (1.8.1+dfsg-2ubuntu0.11) lucid-security; urgency=low * SECURITY UPDATE: KDC heap corruption and crash vulnerabilities - src/kdc/kdc_preauth.c, src/kdc/kdc_util.c, src/lib/kdb/kdb_default.c: initialize pointers both at allocation and assignment time - CVE-2012-1015 * SECURITY UPDATE: denial of service in kadmind (LP: #1009422) - src/lib/kadm5/srv/svr_principal.c: check for null password - CVE-2012-1013 -- Steve Beattie <email address hidden> Mon, 23 Jul 2012 22:16:20 -0700
Available diffs
krb5 (1.8.3+dfsg-5ubuntu2.3) natty-security; urgency=low * SECURITY UPDATE: KDC heap corruption and crash vulnerabilities - src/kdc/kdc_preauth.c, src/kdc/kdc_util.c, src/lib/kdb/kdb_default.c: initialize pointers both at allocation and assignment time - CVE-2012-1015 * SECURITY UPDATE: denial of service in kadmind (LP: #1009422) - src/lib/kadm5/srv/svr_principal.c: check for null password - CVE-2012-1013 -- Steve Beattie <email address hidden> Mon, 23 Jul 2012 22:15:03 -0700
Available diffs
krb5 (1.9.1+dfsg-1ubuntu2.3) oneiric-security; urgency=low * SECURITY UPDATE: KDC heap corruption and crash vulnerabilities - src/kdc/kdc_preauth.c, src/kdc/kdc_util.c, src/lib/kdb/kdb_default.c: initialize pointers both at allocation and assignment time - CVE-2012-1015 * SECURITY UPDATE: denial of service in kadmind (LP: #1009422) - src/lib/kadm5/srv/svr_principal.c: check for null password - CVE-2012-1013 -- Steve Beattie <email address hidden> Mon, 23 Jul 2012 22:14:04 -0700
Available diffs
krb5 (1.10+dfsg~beta1-2ubuntu0.2) precise-proposed; urgency=low * Re-introduce libkrb53 as a transitional package to libkrb5-3. Also revert the Conflicts against libkrb53 to the old versioned Break/Replaces. (LP: #1007314) -- Stephane Graber <email address hidden> Wed, 18 Jul 2012 17:41:48 -0400
Available diffs
krb5 (1.10+dfsg~beta1-2ubuntu0.1) precise-proposed; urgency=low * debian/patches/preauth-context.patch: fix preauth context initialisation (LP: #988520). -- Robie Basak <email address hidden> Tue, 15 May 2012 02:33:57 +0000
Available diffs
Superseded in quantal-release |
krb5 (1.10.1+dfsg-1) unstable; urgency=low * New Upstream Version - Set display_name in gss_get_name_attribute, Closes: #658514 * Fix use counts on preauthentication, Closes: #670457 * Fix kadmin access controls, Closes: #670918 * Accept NMU with longer hostname, Closes: #657027 * Fix history from old databases, Closes: #660869 * Fix gcc 4.6.2 may be used uninitialized warnings/errors, Closes: #672075 * Check all keys in keytab for verifying credentials, Possibly fixes: #669127 * Avoid multi-arch libpath in krb5-config, Closes: #642229 * Debconf translations: - Turkish debconf Translation, Thanks Atila KOC, Closes: #659072 - Polish, thanks Michal/ Kul/ach, Closes: #658437 -- Sam Hartman <email address hidden> Thu, 10 May 2012 16:32:13 -0400
Available diffs
- diff from 1.10+dfsg~beta1-2 to 1.10.1+dfsg-1 (98.8 KiB)
krb5 (1.10+dfsg~beta1-2) unstable; urgency=low * Oops, actually fix build flags, Closes: #655248 -- Sam Hartman <email address hidden> Fri, 13 Jan 2012 17:39:34 -0500
Available diffs
Superseded in precise-release |
krb5 (1.10+dfsg~alpha2-1) unstable; urgency=low * New upstream Version -- Sam Hartman <email address hidden> Tue, 27 Dec 2011 06:02:35 -0500
Available diffs
Superseded in precise-release |
krb5 (1.10+dfsg~alpha1-6ubuntu1) precise; urgency=low * fix LP: #907227 - Drop Breaks on libsmbclient to 2:3.5.11~dfsg-4ubuntu3 since that will be the version in Ubuntu which would be built against the version of libkrb5-3 with the private symbols (see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650541) - update debian/control * Mark Debian Vcs-* entries as XS-Debian-Vcs-* - update debian/control -- Micah Gersten <email address hidden> Wed, 21 Dec 2011 03:50:56 -0600
Available diffs
krb5 (1.9.1+dfsg-1ubuntu2.2) oneiric-security; urgency=low * SECURITY UPDATE: fix kdc denial of service issue: - src/kdc/do_tgs_req.c: check for NULL pointer after calling find_alternate_tgs() - src/kdc/Makefile.in, src/kdc/t_emptytgt.py: add testcase - applied inline - CVE-2011-1530, MITKRB5-SA-2011-007 -- Steve Beattie <email address hidden> Fri, 02 Dec 2011 11:01:02 -0800
Available diffs
Superseded in precise-release |
krb5 (1.10+dfsg~alpha1-6) unstable; urgency=low * Fix segfault with unknown hostnames in krb5_sname_to_principal, Closes: #650671 * Indicate that this library breaks libsmbclient versions that depend on krb5_locate_kdc, Closes: #650603, #650611 -- Sam Hartman <email address hidden> Thu, 01 Dec 2011 19:34:41 -0500
Available diffs
Superseded in precise-release |
krb5 (1.9.1+dfsg-3ubuntu1) precise; urgency=low * Merge from Debian testing, remaining changes: - db2/lockout.c, ldap/libkdb_ldap/ldap_principal2.c, ldap/libkdb_ldap/lockout.c: + more strict checking for null pointers + disable assert iand return when db is locked + applied inline - CVE-2011-1527, CVE-2011-1528, and CVE-2011-1529 * Dropped changes, included in Debian: - Build for multiarch, with pre-depends on multi-arch support virtual package. - Add Breaks: on old versions fo external packages (i.e., ssd) using /usr/lib/krb5 due to the path tranisition - src/lib/krb5/krb/get_creds.c: cherry pick an upstream fix to allow clients to work against older versions of KDCs that don't support the "canonicalize" option. -- Steve Langasek <email address hidden> Sun, 13 Nov 2011 18:24:17 -0800
Available diffs
Superseded in oneiric-updates |
Superseded in precise-release |
Deleted in oneiric-proposed (Reason: moved to -updates) |
krb5 (1.9.1+dfsg-1ubuntu2.1) oneiric-proposed; urgency=low * src/lib/krb5/krb/get_creds.c: cherry pick an upstream fix to allow clients to work against older versions of KDCs that don't support the "canonicalize" option. LP: #874130. -- Steve Langasek <email address hidden> Tue, 18 Oct 2011 18:40:10 -0700
Available diffs
Superseded in oneiric-proposed |
krb5 (1.9.1+dfsg-1ubuntu2) oneiric-proposed; urgency=low * src/lib/krb5/krb/get_creds.c: cherry pick an upstream fix to allow clients to work against older versions of KDCs that don't support the "canonicalize" option. LP: #874130. -- Steve Langasek <email address hidden> Fri, 14 Oct 2011 15:00:48 -0700
Available diffs
krb5 (1.8.1+dfsg-2ubuntu0.10) lucid-security; urgency=low * SECURITY UPDATE: fix multiple kdc DoS issues: - db2/lockout.c, ldap/libkdb_ldap/ldap_principal2.c, ldap/libkdb_ldap/lockout.c: + more strict checking for null pointers + disable assert and return when db is locked + applied inline from upstream - CVE-2011-1528 and CVE-2011-1529 - MITKRB5-SA-2011-006 -- Steve Beattie <email address hidden> Tue, 11 Oct 2011 06:52:21 -0700
Available diffs
krb5 (1.8.1+dfsg-5ubuntu0.8) maverick-security; urgency=low * SECURITY UPDATE: fix multiple kdc DoS issues: - db2/lockout.c, ldap/libkdb_ldap/ldap_principal2.c, ldap/libkdb_ldap/lockout.c: + more strict checking for null pointers + disable assert and return when db is locked + applied inline from upstream - CVE-2011-1528 and CVE-2011-1529 - MITKRB5-SA-2011-006 -- Steve Beattie <email address hidden> Tue, 11 Oct 2011 06:52:39 -0700
Available diffs
krb5 (1.8.3+dfsg-5ubuntu2.2) natty-security; urgency=low * SECURITY UPDATE: fix multiple kdc DoS issues: - db2/lockout.c, ldap/libkdb_ldap/ldap_principal2.c, ldap/libkdb_ldap/lockout.c: + more strict checking for null pointers + disable assert iand return when db is locked + applied inline - CVE-2011-1528 and CVE-2011-1529 - MITKRB5-SA-2011-006 -- Steve Beattie <email address hidden> Mon, 10 Oct 2011 15:23:12 -0700
Available diffs
krb5 (1.9.1+dfsg-1ubuntu1.1) oneiric-security; urgency=low * SECURITY UPDATE: fix multiple kdc DoS issues: - db2/lockout.c, ldap/libkdb_ldap/ldap_principal2.c, ldap/libkdb_ldap/lockout.c: + more strict checking for null pointers + disable assert iand return when db is locked + applied inline - CVE-2011-1527, CVE-2011-1528, and CVE-2011-1529 * -- Steve Beattie <email address hidden> Mon, 10 Oct 2011 11:11:47 -0700
Available diffs
krb5 (1.9.1+dfsg-1ubuntu1) oneiric; urgency=low * Merge from debian unstable. Remaining changes: - Build for multiarch, with pre-depends on multi-arch support virtual package. - Add Breaks: on old versions fo external packages (i.e., ssd) using /usr/lib/krb5 due to the path tranisition
Available diffs
Superseded in oneiric-release |
krb5 (1.9+dfsg-1ubuntu1) oneiric; urgency=low * Merge from debian unstable. Remaining changes: - Build for multiarch, with pre-depends on multi-arch support virtual package. - Add Breaks: on old versions fo external packages (i.e., ssd) using /usr/lib/krb5 due to the path tranisition.
Available diffs
krb5 (1.7dfsg~beta3-1ubuntu0.13) karmic-security; urgency=low * SECURITY UPDATE: kadmind denial of service from freeing of uninitialized pointer. - src/kadmin/server/{network,schpw}.c: fix, thanks to upstream. - CVE-2011-0285 - MITKRB5-SA-2011-004 -- Kees Cook <email address hidden> Mon, 18 Apr 2011 15:40:41 -0700
Available diffs
krb5 (1.8.1+dfsg-2ubuntu0.9) lucid-security; urgency=low * SECURITY UPDATE: kadmind denial of service from freeing of uninitialized pointer. - src/kadmin/server/{network,schpw}.c: fix, thanks to upstream. - CVE-2011-0285 - MITKRB5-SA-2011-004 -- Kees Cook <email address hidden> Mon, 18 Apr 2011 15:40:24 -0700
Available diffs
krb5 (1.8.1+dfsg-5ubuntu0.7) maverick-security; urgency=low * SECURITY UPDATE: kadmind denial of service from freeing of uninitialized pointer. - src/kadmin/server/{network,schpw}.c: fix, thanks to upstream. - CVE-2011-0285 - MITKRB5-SA-2011-004 -- Kees Cook <email address hidden> Mon, 18 Apr 2011 15:40:00 -0700
Available diffs
krb5 (1.8.3+dfsg-5ubuntu2.1) natty-security; urgency=low * SECURITY UPDATE: kadmind denial of service from freeing of uninitialized pointer. - src/kadmin/server/{network,schpw}.c: fix, thanks to upstream. - CVE-2011-0285 - MITKRB5-SA-2011-004 -- Kees Cook <email address hidden> Mon, 18 Apr 2011 15:38:18 -0700
Available diffs
krb5 (1.8.3+dfsg-5ubuntu2) natty; urgency=low * FFe LP: #733501 * Build for multiarch, with pre-depends on multiarch-support virtual package. * Add Breaks: on old versions of external packages (i.e., sssd) using /usr/lib/krb5 due to the path transition. -- Steve Langasek <email address hidden> Sat, 19 Mar 2011 04:15:00 -0700
Available diffs
Superseded in natty-release |
krb5 (1.8.3+dfsg-5ubuntu1) natty; urgency=low * SECURITY UPDATE: kdc denial of service due to double-free if PKINIT capability is used. - src/kdc/do_as_req.c: clear fields on allocation; applied inine, thanks to upstream - CVE-2011-0284 - MITKRB5-SA-2011-003 -- Steve Beattie <email address hidden> Tue, 15 Mar 2011 10:40:43 -0700
Available diffs
Superseded in natty-release |
krb5 (1.8.3+dfsg-5) unstable; urgency=low * KDC/LDAP DOS (CVE-2010-4022, CVE-2011-0281, and CVE-2011-0282, Closes: #613487 * Fix delegation of credentials against Windows servers; significant interoperability issue, Closes: #611906 * Set nt-srv-inst on TGS names to work against W2K8R2 KDCs, Closes: #616429 * Don't fail authentication when PAC verification fails; support hmac- md5 checksums even for non-RC4 keys, Closes: #616728 -- Chuck Short <email address hidden> Tue, 15 Mar 2011 11:21:57 +0000
Available diffs
krb5 (1.8.1+dfsg-2ubuntu0.8) lucid-security; urgency=low * SECURITY UPDATE: kdc denial of service due to double-free if PKINIT capability is used. - src/kdc/do_as_req.c: clear fields on allocation; applied inline, thanks to upstream - CVE-2011-0284 - MITKRB5-SA-2011-003 -- Steve Beattie <email address hidden> Mon, 14 Mar 2011 16:01:50 -0700
Available diffs
krb5 (1.8.1+dfsg-5ubuntu0.6) maverick-security; urgency=low * SECURITY UPDATE: kdc denial of service due to double-free if PKINIT capability is used. - src/kdc/do_as_req.c: clear fields on allocation; applied inline, thanks to upstream - CVE-2011-0284 - MITKRB5-SA-2011-003 -- Steve Beattie <email address hidden> Mon, 14 Mar 2011 15:46:36 -0700
Available diffs
krb5 (1.7dfsg~beta3-1ubuntu0.12) karmic-security; urgency=low * SECURITY UPDATE: kdc denial of service due to double-free if PKINIT capability is used. - src/kdc/do_as_req.c: clear fields on allocation; applied inline, thanks to upstream - CVE-2011-0284 - MITKRB5-SA-2011-003 -- Steve Beattie <email address hidden> Mon, 14 Mar 2011 15:38:57 -0700
Available diffs
76 → 150 of 251 results | First • Previous • Next • Last |