UbuntuUpdates.org

Package "krb5-pkinit"

Name: krb5-pkinit

Description:

PKINIT plugin for MIT Kerberos

Latest version: 1.12+dfsg-2ubuntu5.4
Release: trusty (14.04)
Level: security
Repository: universe
Head package: krb5
Homepage: http://web.mit.edu/kerberos/

Links


Download "krb5-pkinit"


Other versions of "krb5-pkinit" in Trusty

Repository Area Version
base universe 1.12+dfsg-2ubuntu4
updates universe 1.12+dfsg-2ubuntu5.4

Changelog

Version: 1.12+dfsg-2ubuntu5.4 2019-01-10 20:07:32 UTC

  krb5 (1.12+dfsg-2ubuntu5.4) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS (out-of-bounds read) via a crafted string
    - debian/patches/CVE-2015-8629.patch: Verify decode kadmin C strings
    - CVE-2015-8629
  * SECURITY UPDATE: DoS (NULL pointer dereference) by specifying KADM5_POLICY
    with a NULL policy name
    - debian/patches/CVE-2015-8630.patch: Check for null kadm5 policy name
    - CVE-2015-8630
  * SECURITY UPDATE: DoS (memory consumption) via a request specifying a NULL
    principal name
    - debian/patches/CVE-2015-8631.patch: Fix leaks in kadmin server stubs
    - CVE-2015-8631
  * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to
    modify a principal
    - debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on
      empty arg
    - CVE-2016-3119
  * SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request
    - debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon
      is restricted
    - CVE-2016-3120
  * SECURITY UPDATE: KDC assertion failure
    - debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status
      assertion failures
    - debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment
    - CVE-2017-11368
  * SECURITY UPDATE: Double free vulnerability
    - debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept
      failure
    - CVE-2017-11462
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

 -- Eduardo Barretto <email address hidden> Wed, 09 Jan 2019 14:01:22 -0200

Source diff to previous version
CVE-2015-8629 The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verif
CVE-2015-8630 The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.
CVE-2015-8631 Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote aut
CVE-2016-3119 The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through
CVE-2016-3120 The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.
CVE-2017-11368 In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requ
CVE-2017-11462 Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of securi
CVE-2018-5729 MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NUL
CVE-2018-5730 MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership

Version: 1.12+dfsg-2ubuntu5.2 2015-11-12 18:08:07 UTC

  krb5 (1.12+dfsg-2ubuntu5.2) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via incorrect null bytes
    - d/p/0030-Fix-krb5_read_message-handling-CVE-2014-5355.patch:
      properly handle null bytes in src/appl/user_user/server.c,
      src/lib/krb5/krb/recvauth.c.
    - CVE-2015-5355
  * SECURITY UPDATE: preauthentication requirement bypass in kdcpreauth
    - d/p/0031-Prevent-requires_preauth-bypass-CVE-2015-2694.patch:
      improve logic in src/plugins/preauth/otp/main.c,
      src/plugins/preauth/pkinit/pkinit_srv.c.
    - CVE-2015-2694
  * SECURITY UPDATE: SPNEGO context aliasing bugs
    - d/p/0031-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
      improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
      src/lib/gssapi/spnego/spnego_mech.c.
    - d/p/0036-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
      in src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2015-2695
  * SECURITY UPDATE: IAKERB context aliasing bugs
    - d/p/0032-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
      improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - d/p/0034-Fix-two-IAKERB-comments.patch: fix comments in
      src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2696
  * SECURITY UPDATE: KDC crash via invalid string processing
    - d/p/0033-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
      use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
    - CVE-2015-2697
  * SECURITY UPDATE: memory corruption in IAKERB context export/import
    - d/p/0035-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
      dereferencing the context_handle pointer before casting it in
      and implement implement an IAKERB gss_import_sec_context() function
      in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2698

 -- Marc Deslauriers Wed, 11 Nov 2015 09:08:08 -0500

Source diff to previous version
CVE-2014-5355 MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' charac
CVE-2015-5355 Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via t
CVE-2015-2694 The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validat
CVE-2015-2695 lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to
CVE-2015-2696 lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a
CVE-2015-2697 The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a den
CVE-2015-2698 memory corruption caused due to original patch for CVE-2015-2696

Version: 1.12+dfsg-2ubuntu5.1 2015-02-10 21:07:27 UTC

  krb5 (1.12+dfsg-2ubuntu5.1) trusty-security; urgency=medium

  * SECURITY UPDATE: ticket forging via old keys
    - debian/patches/CVE-2014-5321.patch: return only new keys in
      src/lib/kadm5/srv/svr_principal.c.
    - CVE-2014-5321
  * SECURITY UPDATE: use-after-free and double-free memory access
    violations
    - debian/patches/CVE-2014-5352.patch: properly handle context deletion
      in src/lib/gssapi/krb5/context_time.c,
      src/lib/gssapi/krb5/export_sec_context.c,
      src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c,
      src/lib/gssapi/krb5/inq_context.c,
      src/lib/gssapi/krb5/k5seal.c,
      src/lib/gssapi/krb5/k5sealiov.c,
      src/lib/gssapi/krb5/k5unseal.c,
      src/lib/gssapi/krb5/k5unsealiov.c,
      src/lib/gssapi/krb5/lucid_context.c,
      src/lib/gssapi/krb5/prf.c,
      src/lib/gssapi/krb5/process_context_token.c,
      src/lib/gssapi/krb5/wrap_size_limit.c.
    - CVE-2014-5352
  * SECURITY UPDATE: denial of service via LDAP query with no results
    - debian/patches/CVE-2014-5353.patch: properly handle policy name in
      src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c.
    - CVE-2014-5353
  * SECURITY UPDATE: denial of service via database entry for a keyless
    principal
    - debian/patches/CVE-2014-5354.patch: support keyless principals in
      src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c.
    - CVE-2014-5354
  * SECURITY UPDATE: denial of service or code execution in kadmind XDR
    data processing
    - debian/patches/CVE-2014-9421.patch: fix double free in
      src/lib/kadm5/kadm_rpc_xdr.c, src/lib/rpc/auth_gssapi_misc.c.
    - CVE-2014-9421
  * SECURITY UPDATE: impersonation attack via two-component server
    principals
    - debian/patches/CVE-2014-9422.patch: fix kadmind server validation in
      src/kadmin/server/kadm_rpc_svc.c.
    - CVE-2014-9422
  * SECURITY UPDATE: gssrpc data leakage
    - debian/patches/CVE-2014-9423.patch: fix leakage in
      src/lib/gssapi/mechglue/mglueP.h, src/lib/rpc/svc_auth_gss.c.
    - CVE-2014-9423
 -- Marc Deslauriers <email address hidden> Fri, 06 Feb 2015 15:26:22 -0500

Source diff to previous version
CVE-2014-5321 FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to s
CVE-2014-5353 The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when
CVE-2014-5354 plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote au

Version: 1.12+dfsg-2ubuntu4.2 2014-08-11 14:06:43 UTC

  krb5 (1.12+dfsg-2ubuntu4.2) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via invalid tokens
    - debian/patches/CVE-2014-4341-4342.patch: handle invalid tokens in
      src/lib/gssapi/krb5/k5unseal.c, src/lib/gssapi/krb5/k5unsealiov.c.
    - CVE-2014-4341
    - CVE-2014-4342
  * SECURITY UPDATE: denial of service via double-free in SPNEGO
    - debian/patches/CVE-2014-4343.patch: fix double-free in
      src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2014-4343
  * SECURITY UPDATE: denial of service via null deref in SPNEGO acceptor
    - debian/patches/CVE-2014-4344.patch: validate REMAIN in
      src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2014-4344
  * SECURITY UPDATE: denial of service and possible code execution in
    kadmind with LDAP backend
    - debian/patches/CVE-2014-4345.patch: fix off-by-one in
      src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
    - CVE-2014-4345
 -- Marc Deslauriers <email address hidden> Fri, 08 Aug 2014 14:58:49 -0400

CVE-2014-4341 MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to ...
CVE-2014-4342 MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows ...
CVE-2014-4343 double-free in SPNEGO initiators
CVE-2014-4344 NULL dereference in GSSAPI servers
CVE-2014-4345 buffer overrun in kadmind



About   -   Send Feedback to @ubuntu_updates