-
krb5 (1.3.6-1ubuntu0.2) hoary-security; urgency=low
* SECURITY UPDATE: root privilege escalation in systems which restrict the
number of per-user processes.
* Added: debian/patch.setuid_fixes
- verify return from setuid family of calls.
- applied patch inline (debian/rules does not apply patches automatically)
* CVE-2006-3083, CVE-2006-3084
-- Kees Cook <email address hidden> Thu, 10 Aug 2006 11:58:05 -0700
-
krb5 (1.3.6-1ubuntu0.1) hoary-security; urgency=low
* SECURITY UPDATE: Multiple buffer overflows.
* Fix buffer overflow in env_opt_add() in telnet clients. [CVE-2005-0468]
* Fix buffer overflow in in the handling of the LINEMODE suboptions in
telnet clients. [CVE-2005-0469]
* Fix double free in krb5_recvauth(). [CVE-2005-1689]
* krb5_unparse_name overflows allocated storage by one byte on 0 element
principal name. [CVE-2005-1175, VU#885830]
* Do not free unallocated storage in the KDC's TCP request handling
path. [CVE-2005-1174, VU#259798]
-- Martin Pitt <email address hidden> Mon, 5 Dec 2005 16:39:04 +0100
-
krb5 (1.3.6-1) unstable; urgency=medium
* New upstream version
* Changing a password afwter the size of password history has been
reduced may double free or write past end of an arry; fix
(CAN-2004-1189/ CERT VU#948033)
* Conflict between krb5-kdc and kerberos4kth-kdc; also deals with
krb5-admin-server conflict indirectly, Closes: #274763
-- Sam Hartman <email address hidden> Sun, 2 Jan 2005 15:55:25 -0500
