-
krb5 (1.13.2+dfsg-5ubuntu2.2) xenial-security; urgency=medium
* SECURITY UPDATE: Unbounded recursion
- debian/patches/CVE-2020-28196.patch: adds recursion limit for ASN.1
indefinite lenghts in src/lib/krb5/asn.1/asn1_encode.c.
- CVE-2020-28196
-- <email address hidden> (Leonidas S. Barbosa) Wed, 11 Nov 2020 11:24:12 -0300
-
krb5 (1.13.2+dfsg-5ubuntu2.1) xenial-security; urgency=medium
* SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to
modify a principal
- debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on
empty arg
- CVE-2016-3119
* SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request
- debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon
is restricted
- CVE-2016-3120
* SECURITY UPDATE: KDC assertion failure
- debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status
assertion failures
- debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment
- CVE-2017-11368
* SECURITY UPDATE: Double free vulnerability
- debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept
failure
- CVE-2017-11462
* SECURITY UPDATE: Authenticated kadmin with permission to add principals
to an LDAP Kerberos can DoS or bypass DN container check.
- debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
checking
- CVE-2018-5729
- CVE-2018-5730
-- Eduardo Barretto <email address hidden> Fri, 11 Jan 2019 13:46:00 -0200
-
krb5 (1.13.2+dfsg-5ubuntu2) xenial; urgency=medium
* Fix segfault in context_handle (LP: #1648901).
- d/p/check_internal_context_on_init_context_errors.patch:
Cherry picked patch from upstream VCS.
-- Eric Desrochers <email address hidden> Mon, 16 Jan 2017 15:06:57 +0100
-
krb5 (1.13.2+dfsg-5ubuntu1) xenial; urgency=medium
* d/p/upstream/0001-Add-SPNEGO-special-case-for-NTLMSSP-MechListMIC.patch:
Cherry-pick from upstream to add SPNEGO special case for
NTLMSSP+MechListMIC. LP: #1643708.
-- Steve Langasek <email address hidden> Mon, 21 Nov 2016 17:28:15 -0800
-
krb5 (1.13.2+dfsg-5) unstable; urgency=high
* Security Update
* Verify decoded kadmin C strings [CVE-2015-8629]
CVE-2015-8629: An authenticated attacker can cause kadmind to read
beyond the end of allocated memory by sending a string without a
terminating zero byte. Information leakage may be possible for an
attacker with permission to modify the database. (Closes: #813296)
* Check for null kadm5 policy name [CVE-2015-8630]
CVE-2015-8630: An authenticated attacker with permission to modify a
principal entry can cause kadmind to dereference a null pointer by
supplying a null policy value but including KADM5_POLICY in the mask.
(Closes: #813127)
* Fix leaks in kadmin server stubs [CVE-2015-8631]
CVE-2015-8631: An authenticated attacker can cause kadmind to leak
memory by supplying a null principal name in a request which uses one.
Repeating these requests will eventually cause kadmind to exhaust all
available memory. (Closes: #813126)
-- Sam Hartman <email address hidden> Tue, 23 Feb 2016 08:54:09 -0500
-
krb5 (1.13.2+dfsg-4) unstable; urgency=high
* Import upstream patches fixing regressions in the previous upload:
- CVE-2015-2698: the patch for CVE-2015-2696 caused memory corruption
for applications calling gss_export_sec_context() on contexts
established using the IAKERB mechanism.
- Supply gss_import_sec_context implementations for SPNEGO and IAKERB,
which were not implemented due to the erroneous belief that the
exported context tokens would be tagged with the underlying
context's mechanism.
-- Benjamin Kaduk <email address hidden> Wed, 04 Nov 2015 22:47:22 -0500
-
krb5 (1.13.2+dfsg-3) unstable; urgency=high
* Import upstream patches for three CVEs:
- CVE-2015-2695: SPNEGO context aliasing during establishment
- CVE-2015-2696: IAKERB context aliasing during establishment
- CVE-2015-2697: unsafe string handling in TGS processing
-- Benjamin Kaduk <email address hidden> Mon, 26 Oct 2015 14:03:52 -0400
-
krb5 (1.13.2+dfsg-2) unstable; urgency=medium
* No-change rebuild to target unstable
-- Benjamin Kaduk <email address hidden> Thu, 25 Jun 2015 17:10:03 -0400
