UbuntuUpdates.org

Package "libkadm5srv-mit9"

Name: libkadm5srv-mit9

Description:

MIT Kerberos runtime libraries - KDC and Admin Server

Latest version: 1.13.2+dfsg-5ubuntu2.1
Release: xenial (16.04)
Level: updates
Repository: main
Head package: krb5
Homepage: http://web.mit.edu/kerberos/

Links

Save this URL for the latest version of "libkadm5srv-mit9": https://www.ubuntuupdates.org/libkadm5srv-mit9


Download "libkadm5srv-mit9"


Other versions of "libkadm5srv-mit9" in Xenial

Repository Area Version
base main 1.13.2+dfsg-5
security main 1.13.2+dfsg-5ubuntu2.1

Changelog

Version: 1.13.2+dfsg-5ubuntu2.1 2019-01-14 23:06:34 UTC

  krb5 (1.13.2+dfsg-5ubuntu2.1) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to
    modify a principal
    - debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on
      empty arg
    - CVE-2016-3119
  * SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request
    - debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon
      is restricted
    - CVE-2016-3120
  * SECURITY UPDATE: KDC assertion failure
    - debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status
      assertion failures
    - debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment
    - CVE-2017-11368
  * SECURITY UPDATE: Double free vulnerability
    - debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept
      failure
    - CVE-2017-11462
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

 -- Eduardo Barretto <email address hidden> Fri, 11 Jan 2019 13:46:00 -0200

Source diff to previous version
CVE-2016-3119 The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through
CVE-2016-3120 The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.
CVE-2017-11368 In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requ
CVE-2017-11462 Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of securi
CVE-2018-5729 MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NUL
CVE-2018-5730 MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership

Version: 1.13.2+dfsg-5ubuntu2 2017-02-02 19:06:44 UTC

  krb5 (1.13.2+dfsg-5ubuntu2) xenial; urgency=medium

  * Fix segfault in context_handle (LP: #1648901).
    - d/p/check_internal_context_on_init_context_errors.patch:
    Cherry picked patch from upstream VCS.

 -- Eric Desrochers <email address hidden> Mon, 16 Jan 2017 15:06:57 +0100

Source diff to previous version
1648901 SPNEGO crash on mechanism failure

Version: 1.13.2+dfsg-5ubuntu1 2017-01-23 17:06:49 UTC

  krb5 (1.13.2+dfsg-5ubuntu1) xenial; urgency=medium

  * d/p/upstream/0001-Add-SPNEGO-special-case-for-NTLMSSP-MechListMIC.patch:
    Cherry-pick from upstream to add SPNEGO special case for
    NTLMSSP+MechListMIC. LP: #1643708.

 -- Steve Langasek <email address hidden> Mon, 21 Nov 2016 17:28:15 -0800

1643708 Add SPNEGO special case for NTLMSSP+MechListMIC



About   -   Send Feedback to @ubuntu_updates