lp:ubuntu/edgy-security/krb5

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

15. By Kees Cook on 2008-03-18

* SECURITY UPDATE: arbitrary code execution via freed pointer and memory
  overflows.
* src/kdc/{kerberos_v4,dispatch,network}.c: backported upstream fixes
  patched inline (MITKRB5-SA-2008-001: CVE-2008-0062, CVE-2008-0063).
* src/lib/rpc/{svc,svc_tcp}.c: upstream fixed patched inline
  (MITKRB5-SA-2008-002: CVE-2008-0947)

14. By Kees Cook on 2007-09-06

* SECURITY UPDATE: 32 byte stack overflow in rpcsec_gss.
* src/lib/rpc/svc_auth_gss.c: new upstream changes, patched inline.
* References
  MIT-SA-2007-06
  CVE-2007-4743

13. By Kees Cook on 2007-09-04

* SECURITY UPDATE: stack overflow in rpcsec_gss.
* src/lib/rpc/svc_auth_gss.c: upstream changes patched inline.
* References
  MIT-SA-2007-06
  CVE-2007-3999

12. By Kees Cook on 2007-06-19

* SECURITY UPDATE: multiple remote code execution vectors.
* src/lib/rpc/svc_auth_{gssapi,unix}.c: backported upstream fixes for
  MITKRB5-SA-2007-004 (CVE-2007-2442, CVE-2007-2443).
* src/kadmin/server/server_stubs.c: backported upstream fixes for
  MITKRB5-SA-2007-005 (CVE-2007-2798).

11. By Kees Cook on 2007-04-03

* SECURITY UPDATE: arbitrary login via telnet, arbitrary code execution
  via syslog buffer overflows, and heap corruption via GSS api.
* src/appl/telnet/telnetd/{state,sys_term}.c: MIT-SA-2007-1 fix from
  upstream (CVE-2007-0956).
* src/lib/kadm5/logger.c: MIT-SA-2007-2 fix from Debian, based on
  upstream fixes (CVE-2007-0957).
* src/lib/gssapi/krb5/k5unseal.c: MIT-SA-2007-3 fix from upstream
  (CVE-2007-1216).
* References
  http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-001-telnetd.txt
  http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt
  http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-003.txt

10. By Martin Pitt on 2007-01-15

* SECURITY UPDATE: Remote privilege escalation.
* src/lib/rpc/svc.c:
  - Do not call an uninitialized pointer.
  - Patch provided by upstream.
  - References:
    CVE-2006-6143
    http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt

9. By Martin Pitt on 2006-09-20

src/include/k5-thread.h: Define__USE_GNU when #include'ing pthread.h so
that src/util/support/threads.c has pthread_mutexattr_setrobust_np()
available. Fixes FTBFS.

8. By Sam Hartman on 2006-08-06

* Add error checking to setuid, setreuid to avoid local privilege
  escalation ; fixes krb5-sa-2006-1, CVE-2006-3084, CVE-2006-3083
* Update standards version to 3.7.2 (no changes required).
* Translation updates.
  - Russian, thanks Yuri Kozlov. (Closes: #380303)

7. By Russ Allbery on 2006-04-15

* Fix double free caused by a zero-length keytab. Thanks, Steve
  Langasek. (Closes: #344295)
* Fix segfault in krb5_kuserok if the local name doesn't correspond to a
  local account. (Discovered in bug #354133.)
* Build a separate libkrb5-dbg package containing the detached debugging
  information for libkrb53 and libkadm55.
* Update debhelper compatibility level to V5 since the dh_strip behavior
  around debug packages changes in V5 and we should use the current
  interface from the beginning.
* Translation updates.
  - Dutch, thanks Vincent Zweije. (Closes: #360444)
  - Galician, thanks Jacobo Tarrio. (Closes: #361809)

6. By Sam Hartman on 2005-12-25

* Configure with --enable-shared --enable-static so that libkrb5-dev
  gets static libraries.
* Fix double free in getting credentials, Closes: #344543