Package "krb5"
Name: |
krb5
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- Documentation for MIT Kerberos
- Internationalization support for MIT Kerberos
- Development files for MIT Kerberos without Heimdal conflict
- MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
|
Latest version: |
1.10+dfsg~beta1-2ubuntu0.7 |
Release: |
precise (12.04) |
Level: |
updates |
Repository: |
main |
Links
Other versions of "krb5" in Precise
Packages in group
Deleted packages are displayed in grey.
Changelog
krb5 (1.10+dfsg~beta1-2ubuntu0.7) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via udp ping-pong
- debian/patches/CVE-2002-2443.patch: don't respond to improper packets
in src/kadmin/server/schpw.c.
- CVE-2002-2443
* SECURITY UPDATE: denial of service via incorrect null bytes
- d/p/0030-Fix-krb5_read_message-handling-CVE-2014-5355.patch:
properly handle null bytes in src/appl/user_user/server.c,
src/lib/krb5/krb/recvauth.c.
- CVE-2015-5355
* SECURITY UPDATE: SPNEGO context aliasing bugs
- d/p/0031-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
src/lib/gssapi/spnego/spnego_mech.c.
- d/p/0035-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
in src/lib/gssapi/spnego/spnego_mech.c.
- CVE-2015-2695
* SECURITY UPDATE: IAKERB context aliasing bugs
- d/p/0032-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
- d/p/0033-Fix-two-IAKERB-comments.patch: fix comments in
src/lib/gssapi/krb5/iakerb.c.
- CVE-2015-2696
* SECURITY UPDATE: KDC crash via invalid string processing
- d/p/0033-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
- CVE-2015-2697
* SECURITY UPDATE: memory corruption in IAKERB context export/import
- d/p/0034-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
dereferencing the context_handle pointer before casting it in
and implement implement an IAKERB gss_import_sec_context() function
in src/lib/gssapi/krb5/gssapiP_krb5.h,
src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
- CVE-2015-2698
-- Marc Deslauriers Wed, 11 Nov 2015 09:16:52 -0500
|
Source diff to previous version |
CVE-2002-2443 |
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, |
CVE-2014-5355 |
MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' charac |
CVE-2015-5355 |
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via t |
CVE-2015-2695 |
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to |
CVE-2015-2696 |
lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a |
CVE-2015-2697 |
The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a den |
CVE-2015-2698 |
memory corruption caused due to original patch for CVE-2015-2696 |
|
krb5 (1.10+dfsg~beta1-2ubuntu0.6) precise-security; urgency=medium
* SECURITY UPDATE: ticket forging via old keys
- debian/patches/CVE-2014-5321.patch: return only new keys in
src/lib/kadm5/srv/svr_principal.c.
- CVE-2014-5321
* SECURITY UPDATE: use-after-free and double-free memory access
violations
- debian/patches/CVE-2014-5352.patch: properly handle context deletion
in src/lib/gssapi/krb5/context_time.c,
src/lib/gssapi/krb5/export_sec_context.c,
src/lib/gssapi/krb5/gssapiP_krb5.h,
src/lib/gssapi/krb5/gssapi_krb5.c,
src/lib/gssapi/krb5/inq_context.c,
src/lib/gssapi/krb5/k5seal.c,
src/lib/gssapi/krb5/k5sealiov.c,
src/lib/gssapi/krb5/k5unseal.c,
src/lib/gssapi/krb5/k5unsealiov.c,
src/lib/gssapi/krb5/lucid_context.c,
src/lib/gssapi/krb5/prf.c,
src/lib/gssapi/krb5/process_context_token.c,
src/lib/gssapi/krb5/wrap_size_limit.c.
- CVE-2014-5352
* SECURITY UPDATE: denial of service via LDAP query with no results
- debian/patches/CVE-2014-5353.patch: properly handle policy name in
src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c.
- CVE-2014-5353
* SECURITY UPDATE: denial of service via database entry for a keyless
principal
- debian/patches/CVE-2014-5354.patch: support keyless principals in
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c.
- CVE-2014-5354
* SECURITY UPDATE: denial of service or code execution in kadmind XDR
data processing
- debian/patches/CVE-2014-9421.patch: fix double free in
src/lib/kadm5/kadm_rpc_xdr.c, src/lib/rpc/auth_gssapi_misc.c.
- CVE-2014-9421
* SECURITY UPDATE: impersonation attack via two-component server
principals
- debian/patches/CVE-2014-9422.patch: fix kadmind server validation in
src/kadmin/server/kadm_rpc_svc.c.
- CVE-2014-9422
* SECURITY UPDATE: gssrpc data leakage
- debian/patches/CVE-2014-9423.patch: fix leakage in
src/lib/rpc/svc_auth_gss.c.
- CVE-2014-9423
-- Marc Deslauriers <email address hidden> Fri, 06 Feb 2015 15:37:18 -0500
|
Source diff to previous version |
CVE-2014-5321 |
FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to s |
CVE-2014-5353 |
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when |
CVE-2014-5354 |
plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote au |
|
krb5 (1.10+dfsg~beta1-2ubuntu0.5) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted Draft 9 request
- debian/patches/CVE-2012-1016.patch: don't check for an agility KDF
identifier in src/plugins/preauth/pkinit/pkinit_srv.c.
- CVE-2012-1016
* SECURITY UPDATE: denial of service via malformed KRB5_PADATA_PK_AS_REQ
AS-REQ request
- debian/patches/CVE-2013-1415.patch: don't dereference null pointer
in src/plugins/preauth/pkinit/pkinit_crypto_openssl.c.
- CVE-2013-1415
* SECURITY UPDATE: denial of service via crafted TGS-REQ request
- debian/patches/CVE-2013-1416.patch: don't pass null pointer to
strlcpy() in src/kdc/do_tgs_req.c.
- CVE-2013-1416
* SECURITY UPDATE: multi-realm denial of service via crafted request
- debian/patches/CVE-2013-1418.patch: don't dereference a null
pointer in src/kdc/main.c.
- CVE-2013-1418
- CVE-2013-6800
* SECURITY UPDATE: denial of service via invalid tokens
- debian/patches/CVE-2014-4341-4342.patch: handle invalid tokens in
src/lib/gssapi/krb5/k5unseal.c, src/lib/gssapi/krb5/k5unsealiov.c.
- CVE-2014-4341
- CVE-2014-4342
* SECURITY UPDATE: denial of service via double-free in SPNEGO
- debian/patches/CVE-2014-4343.patch: fix double-free in
src/lib/gssapi/spnego/spnego_mech.c.
- CVE-2014-4343
* SECURITY UPDATE: denial of service via null deref in SPNEGO acceptor
- debian/patches/CVE-2014-4344.patch: validate REMAIN in
src/lib/gssapi/spnego/spnego_mech.c.
- CVE-2014-4344
* SECURITY UPDATE: denial of service and possible code execution in
kadmind with LDAP backend
- debian/patches/CVE-2014-4345.patch: fix off-by-one in
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
- CVE-2014-4345
-- Marc Deslauriers <email address hidden> Fri, 08 Aug 2014 15:02:11 -0400
|
Source diff to previous version |
CVE-2012-1016 |
The pkinit_server_return_padata function in ... |
CVE-2013-1415 |
The pkinit_check_kdc_pkid function in ... |
CVE-2013-1416 |
The prep_reprocess_req function in do_tgs_req.c in the Key ... |
CVE-2013-1418 |
The setup_server_realm function in main.c in the Key Distribution ... |
CVE-2013-6800 |
An unspecified third-party database module for the Key Distribution ... |
CVE-2014-4341 |
MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to ... |
CVE-2014-4342 |
MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows ... |
CVE-2014-4343 |
double-free in SPNEGO initiators |
CVE-2014-4344 |
NULL dereference in GSSAPI servers |
CVE-2014-4345 |
buffer overrun in kadmind |
|
krb5 (1.10+dfsg~beta1-2ubuntu0.3) precise-security; urgency=low
* SECURITY UPDATE: KDC heap corruption and crash vulnerabilities
- debian/patches/MITKRB5-SA-2012-001.patch: initialize pointers both
at allocation and assignment time
- CVE-2012-1015, CVE-2012-1014
* SECURITY UPDATE: denial of service in kadmind (LP: #1009422)
- debian/patches/krb5-CVE-2012-1013.patch: check for null password
- CVE-2012-1013
* SECURITY UPDATE: insufficient ACL checking on get_strings/set_string
- debian/patches/krb5-CVE-2012-1012.patch: make the access
controls for get_strings/set_string mirror those of
get_principal/modify_principal
- CVE-2012-1012
-- Steve Beattie <email address hidden> Thu, 26 Jul 2012 14:29:35 -0700
|
Source diff to previous version |
1009422 |
(CVE-2012-1013) krb5 : kadmind denial of service |
CVE-2012-1015 |
KDC frees uninitialized pointer |
CVE-2012-1014 |
KDC dereferences uninitialized pointer |
CVE-2012-1013 |
The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows re |
CVE-2012-1012 |
server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) S |
|
krb5 (1.10+dfsg~beta1-2ubuntu0.2) precise-proposed; urgency=low
* Re-introduce libkrb53 as a transitional package to libkrb5-3.
Also revert the Conflicts against libkrb53 to the old versioned
Break/Replaces. (LP: #1007314)
-- Stephane Graber <email address hidden> Wed, 18 Jul 2012 17:41:48 -0400
|
1007314 |
trying to upgrade from 11.10 to 12.04: The package 'postgresql-contrib-8.2' is marked for removal but it's in the removal blacklist |
|
About
-
Send Feedback to @ubuntu_updates