Package "krb5"

Name: krb5


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Documentation for MIT Kerberos
  • Internationalization support for MIT Kerberos
  • Development files for MIT Kerberos without Heimdal conflict
  • MIT Kerberos runtime libraries - krb5 GSS-API Mechanism

Latest version: 1.12+dfsg-2ubuntu5.4
Release: trusty (14.04)
Level: updates
Repository: main


Other versions of "krb5" in Trusty

Repository Area Version
base main 1.12+dfsg-2ubuntu4
base universe 1.12+dfsg-2ubuntu4
security main 1.12+dfsg-2ubuntu5.4
security universe 1.12+dfsg-2ubuntu5.4
updates universe 1.12+dfsg-2ubuntu5.4

Packages in group

Deleted packages are displayed in grey.


Version: 1.12+dfsg-2ubuntu4.2 2014-08-11 15:06:33 UTC

  krb5 (1.12+dfsg-2ubuntu4.2) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via invalid tokens
    - debian/patches/CVE-2014-4341-4342.patch: handle invalid tokens in
      src/lib/gssapi/krb5/k5unseal.c, src/lib/gssapi/krb5/k5unsealiov.c.
    - CVE-2014-4341
    - CVE-2014-4342
  * SECURITY UPDATE: denial of service via double-free in SPNEGO
    - debian/patches/CVE-2014-4343.patch: fix double-free in
    - CVE-2014-4343
  * SECURITY UPDATE: denial of service via null deref in SPNEGO acceptor
    - debian/patches/CVE-2014-4344.patch: validate REMAIN in
    - CVE-2014-4344
  * SECURITY UPDATE: denial of service and possible code execution in
    kadmind with LDAP backend
    - debian/patches/CVE-2014-4345.patch: fix off-by-one in
    - CVE-2014-4345
 -- Marc Deslauriers <email address hidden> Fri, 08 Aug 2014 14:58:49 -0400

CVE-2014-4341 MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to ...
CVE-2014-4342 MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows ...
CVE-2014-4343 double-free in SPNEGO initiators
CVE-2014-4344 NULL dereference in GSSAPI servers
CVE-2014-4345 buffer overrun in kadmind

About   -   Send Feedback to @ubuntu_updates