krb5 1.12+dfsg-2ubuntu5.4 source package in Ubuntu
Changelog
krb5 (1.12+dfsg-2ubuntu5.4) trusty-security; urgency=medium
* SECURITY UPDATE: DoS (out-of-bounds read) via a crafted string
- debian/patches/CVE-2015-8629.patch: Verify decode kadmin C strings
- CVE-2015-8629
* SECURITY UPDATE: DoS (NULL pointer dereference) by specifying KADM5_POLICY
with a NULL policy name
- debian/patches/CVE-2015-8630.patch: Check for null kadm5 policy name
- CVE-2015-8630
* SECURITY UPDATE: DoS (memory consumption) via a request specifying a NULL
principal name
- debian/patches/CVE-2015-8631.patch: Fix leaks in kadmin server stubs
- CVE-2015-8631
* SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to
modify a principal
- debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on
empty arg
- CVE-2016-3119
* SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request
- debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon
is restricted
- CVE-2016-3120
* SECURITY UPDATE: KDC assertion failure
- debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status
assertion failures
- debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment
- CVE-2017-11368
* SECURITY UPDATE: Double free vulnerability
- debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept
failure
- CVE-2017-11462
* SECURITY UPDATE: Authenticated kadmin with permission to add principals
to an LDAP Kerberos can DoS or bypass DN container check.
- debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
checking
- CVE-2018-5729
- CVE-2018-5730
-- Eduardo Barretto <email address hidden> Wed, 09 Jan 2019 14:01:22 -0200
Upload details
- Uploaded by:
- Eduardo Barretto
- Uploaded to:
- Trusty
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- net
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Trusty | updates | main | net | |
| Trusty | security | main | net |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| krb5_1.12+dfsg.orig.tar.gz | 11.2 MiB | 8ff375113692946790aea5b246b14609c1d21e9017c920ab129452415dc69dfa |
| krb5_1.12+dfsg-2ubuntu5.4.debian.tar.gz | 152.4 KiB | 9307f54b2a641e2e1584fc047a06283b7c838fd5f71cdf99ab0d5088b0b9bde8 |
| krb5_1.12+dfsg-2ubuntu5.4.dsc | 3.2 KiB | b70e18475e66c10861636b19ffc0a24bb3387b7a0e4f7659ad54d021fad4356d |
Available diffs
Binary packages built by this source
- krb5-admin-server: MIT Kerberos master server (kadmind)
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the Kerberos master server (kadmind), which handles
account creations and deletions, password changes, and other
administrative commands via the Kerberos admin protocol. It also
contains the command used by the master KDC to propagate its database to
slave KDCs. This package is generally only used on the master KDC for a
Kerberos realm.
- krb5-admin-server-dbgsym: debug symbols for package krb5-admin-server
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the Kerberos master server (kadmind), which handles
account creations and deletions, password changes, and other
administrative commands via the Kerberos admin protocol. It also
contains the command used by the master KDC to propagate its database to
slave KDCs. This package is generally only used on the master KDC for a
Kerberos realm.
- krb5-doc: Documentation for MIT Kerberos
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the installation, administrator, and user reference
manuals for MIT Kerberos and the man pages for the MIT Kerberos
configuration files.
- krb5-gss-samples: MIT Kerberos GSS Sample applications
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains bgss-sample and gss-server, programs used to
test GSS-API mechanisms. These programs are most commonly used in
testing newly developed GSS-API mechanisms or in testing events
between Kerberos or GSS implementations.
- krb5-gss-samples-dbgsym: debug symbols for package krb5-gss-samples
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains bgss-sample and gss-server, programs used to
test GSS-API mechanisms. These programs are most commonly used in
testing newly developed GSS-API mechanisms or in testing events
between Kerberos or GSS implementations.
- krb5-kdc: MIT Kerberos key server (KDC)
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the Kerberos key server (KDC). The KDC manages all
authentication credentials for a Kerberos realm, holds the master keys
for the realm, and responds to authentication requests. This package
should be installed on both master and slave KDCs.
- krb5-kdc-dbgsym: debug symbols for package krb5-kdc
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the Kerberos key server (KDC). The KDC manages all
authentication credentials for a Kerberos realm, holds the master keys
for the realm, and responds to authentication requests. This package
should be installed on both master and slave KDCs.
- krb5-kdc-ldap: MIT Kerberos key server (KDC) LDAP plugin
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the LDAP plugin for the Kerberos key server (KDC)
and supporting utilities. This plugin allows the KDC data to be stored
in an LDAP server rather than the default local database. It should be
installed on both master and slave KDCs that use LDAP as a storage
backend.
- krb5-kdc-ldap-dbgsym: debug symbols for package krb5-kdc-ldap
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the LDAP plugin for the Kerberos key server (KDC)
and supporting utilities. This plugin allows the KDC data to be stored
in an LDAP server rather than the default local database. It should be
installed on both master and slave KDCs that use LDAP as a storage
backend.
- krb5-locales: Internationalization support for MIT Kerberos
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains internationalized messages for MIT Kerberos.
- krb5-multidev: Development files for MIT Kerberos without Heimdal conflict
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
Most users wishing to build applications against MIT Kerberos should
install libkrb5-dev. However, that package conflicts with heimdal-dev.
This package installs libraries and headers in /usr/include/mit-krb5 and
/usr/lib/mit-krb5 and can be installed along side heimdal-multidev, which
provides the same facilities for Heimdal.
- krb5-otp: OTP plugin for MIT Kerberos
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains a plugin for the OTP preauthentication method
(RFC 6560), which allows Kerberos tickets to be obtained using
One-Time Password authentication. This plugin is for use on the KDC; the
client support is built in to libkrb5.
- krb5-otp-dbgsym: debug symbols for package krb5-otp
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains a plugin for the OTP preauthentication method
(RFC 6560), which allows Kerberos tickets to be obtained using
One-Time Password authentication. This plugin is for use on the KDC; the
client support is built in to libkrb5.
- krb5-pkinit: PKINIT plugin for MIT Kerberos
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains a plugin for the PKINIT protocol, which allows
Kerberos tickets to be obtained using public-key credentials such as
X.509 certificates or a smart card. This plugin can be used by the
client libraries and the KDC.
- krb5-pkinit-dbgsym: debug symbols for package krb5-pkinit
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains a plugin for the PKINIT protocol, which allows
Kerberos tickets to be obtained using public-key credentials such as
X.509 certificates or a smart card. This plugin can be used by the
client libraries and the KDC.
- krb5-user: Basic programs to authenticate using MIT Kerberos
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the basic programs to authenticate to MIT Kerberos,
change passwords, and talk to the admin server (to create and delete
principals, list principals, etc.).
- krb5-user-dbgsym: debug symbols for package krb5-user
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the basic programs to authenticate to MIT Kerberos,
change passwords, and talk to the admin server (to create and delete
principals, list principals, etc.).
- libgssapi-krb5-2: MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the runtime library for the MIT Kerberos
implementation of GSS-API used by applications and Kerberos clients.
- libgssapi-krb5-2-dbgsym: debug symbols for package libgssapi-krb5-2
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the runtime library for the MIT Kerberos
implementation of GSS-API used by applications and Kerberos clients.
- libgssrpc4: MIT Kerberos runtime libraries - GSS enabled ONCRPC
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains an RPC library used by the Kerberos administrative
programs and potentially other applications.
- libgssrpc4-dbgsym: debug symbols for package libgssrpc4
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains an RPC library used by the Kerberos administrative
programs and potentially other applications.
- libk5crypto3: MIT Kerberos runtime libraries - Crypto Library
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the runtime cryptography libraries used by
applications and Kerberos clients.
- libk5crypto3-dbgsym: debug symbols for package libk5crypto3
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the runtime cryptography libraries used by
applications and Kerberos clients.
- libkadm5clnt-mit9: MIT Kerberos runtime libraries - Administration Clients
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the runtime library used by clients of the Kerberos
administration protocol.
- libkadm5clnt-mit9-dbgsym: debug symbols for package libkadm5clnt-mit9
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the runtime library used by clients of the Kerberos
administration protocol.
- libkadm5srv-mit8: transitional dummy package for libkadm5srv-mit9
This transitional dummy package is safe to remove.
- libkadm5srv-mit9: MIT Kerberos runtime libraries - KDC and Admin Server
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the runtime library used by Kerberos administrative
servers.
- libkadm5srv-mit9-dbgsym: debug symbols for package libkadm5srv-mit9
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the runtime library used by Kerberos administrative
servers.
- libkdb5-7: MIT Kerberos runtime libraries - Kerberos database
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the internal Kerberos database libraries.
- libkdb5-7-dbgsym: debug symbols for package libkdb5-7
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the internal Kerberos database libraries.
- libkrad-dev: MIT Kerberos RADIUS Library Development
This package includes development headers for libkrad0, the MIT
Kerberos RADIUS library. You should not use this RADIUS library in
packages unrelated to MIT Kerberos.
- libkrad0: MIT Kerberos runtime libraries - RADIUS library
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the internal support library for RADIUS functionality.
- libkrad0-dbgsym: debug symbols for package libkrad0
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the internal support library for RADIUS functionality.
- libkrb5-3: MIT Kerberos runtime libraries
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the runtime library for the main Kerberos v5 API
used by applications and Kerberos clients.
- libkrb5-3-dbgsym: debug symbols for package libkrb5-3
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the runtime library for the main Kerberos v5 API
used by applications and Kerberos clients.
- libkrb5-dbg: Debugging files for MIT Kerberos
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the debugging information for the MIT Kerberos
libraries. Install this package if you need to trace problems inside the
MIT Kerberos libraries with a debugger.
- libkrb5-dev: Headers and development libraries for MIT Kerberos
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains the symlinks, headers, and development libraries
needed to compile and link programs that use the Kerberos libraries.
- libkrb5support0: MIT Kerberos runtime libraries - Support library
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains an internal runtime support library used by other
Kerberos libraries.
- libkrb5support0-dbgsym: debug symbols for package libkrb5support0
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos V5.
.
This package contains an internal runtime support library used by other
Kerberos libraries.
