lp:~peter-pearse/ubuntu/natty/krb5/bootstrap1
- Get this branch:
- bzr branch lp:~peter-pearse/ubuntu/natty/krb5/bootstrap1
Branch merges
Branch information
- Owner:
- Peter Pearse
- Status:
- Development
Recent revisions
- 33. By Steve Beattie
-
* SECURITY UPDATE: kpropd denial of service via invalid network input
- src/slave/kpropd.c: don't return on kpropd child exit; applied
inline.
- CVE-2010-4022
- MITKRB5-SA-2011-001
* SECURITY UPDATE: kdc denial of service from unauthenticated remote
attackers
- src/plugins/kdb/ldap/ libkdb_ ldap/kdb_ ldap.h,
src/plugins/ kdb/ldap/ libkdb_ ldap/kdb_ ldap_conn. c,
src/plugins/ kdb/ldap/ libkdb_ ldap/ldap_ misc.c,
src/plugins/ kdb/ldap/ libkdb_ ldap/ldap_ principal2. c:
applied inline
- CVE-2011-0281
- CVE-2011-0282
- MITKRB5-SA-2011-002 - 32. By Sam Hartman
-
Ignore PACs without a server signature generated by OS X Open
Directory rather than failing authentication, Closes: #604925 - 31. By Sam Hartman
-
* MITKRB5-SA-2010-007
* CVE-2010-1324: An unauthenticated attacker can inject arbitrary
content into an existing GSS connection that appears to be integrity
protected from the legitimate peer under some circumstances
* GSS applications may accept a PAC produced by an attacker as if it
were signed by a KDC
* CVE-2010-1323: attackers have a 1/256 chance of being able to
produce krb_safe messages that appear to be from legitimate remote
sources. Other than use in KDC database copies this may not be a
huge issue only because no one actually uses krb_safe
messages. Similarly, an attacker can force clients to display
challenge/response values of the attacker's choice.
* CVE-2010-4020: An attacker may be able to generate what is
accepted as a ad-signedpath or ad-kdc-issued checksum with 1/256
probability
* New Vietnamese debconf translations, Thanks Clytie Siddall,
Closes: #601533
* Update standards version to 3.9.1 (no changes required - 30. By Sam Hartman
-
* MITKRB5-SA-2010-006 [CVE-2010-1322]: null pointer dereference in
kdc_authdata.c leading to KDC crash, Closes: #599237
* Fix two memory leaks in krb5_get_init_creds path; one of these memory
leaks is quite common for any application such as PAM or kinit that
gets initial credentials, thanks Bastian Blank, Closes: #598032
* Install doc/CHANGES only in krb5-doc, not in all packages, saves
several megabytes on most Debian systems, Closes: #599562 - 29. By Kees Cook
-
* SECURITY UPDATE: remote authenticated user denial of service.
- src/kdc/kdc_authdata. c: patched inline, thanks to upstream.
- CVE-2010-1322, MITKRB5-SA-2010-006 - 28. By Sam Hartman
-
* Ignore duplicate token sent in mechListMIC from Windows 2000 SPNEGO
(LP: #551901)
* krb5-admin-server starts after krb5-kdc, Closes: #583494 - 27. By Sam Hartman
-
* CVE-2010-1321 GSS-API accept sec context null pointer deref, Closes:
#582261
* Force use of bash for build, Closes: #581473
* Start slapd before krb5 when krb5-kdc-ldap installed, Closes:
#582122 - 26. By Sam Hartman
-
Fix crash in renewal and validation, Thanks Joel Johnson for such a
prompt bug report, Closes: #577490
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/natty/krb5