lp:ubuntu/edgy-security/krb5
- Get this branch:
- bzr branch lp:ubuntu/edgy-security/krb5
Branch merges
Branch information
Recent revisions
- 15. By Kees Cook
-
* SECURITY UPDATE: arbitrary code execution via freed pointer and memory
overflows.
* src/kdc/{kerberos_ v4,dispatch, network} .c: backported upstream fixes
patched inline (MITKRB5-SA-2008- 001: CVE-2008-0062, CVE-2008-0063).
* src/lib/rpc/{svc, svc_tcp} .c: upstream fixed patched inline
(MITKRB5-SA-2008- 002: CVE-2008-0947) - 14. By Kees Cook
-
* SECURITY UPDATE: 32 byte stack overflow in rpcsec_gss.
* src/lib/rpc/svc_ auth_gss. c: new upstream changes, patched inline.
* References
MIT-SA-2007-06
CVE-2007-4743 - 13. By Kees Cook
-
* SECURITY UPDATE: stack overflow in rpcsec_gss.
* src/lib/rpc/svc_ auth_gss. c: upstream changes patched inline.
* References
MIT-SA-2007-06
CVE-2007-3999 - 12. By Kees Cook
-
* SECURITY UPDATE: multiple remote code execution vectors.
* src/lib/rpc/svc_ auth_{gssapi, unix}.c: backported upstream fixes for
MITKRB5-SA-2007- 004 (CVE-2007-2442, CVE-2007-2443).
* src/kadmin/server/ server_ stubs.c: backported upstream fixes for
MITKRB5-SA-2007- 005 (CVE-2007-2798). - 11. By Kees Cook
-
* SECURITY UPDATE: arbitrary login via telnet, arbitrary code execution
via syslog buffer overflows, and heap corruption via GSS api.
* src/appl/telnet/ telnetd/ {state, sys_term} .c: MIT-SA-2007-1 fix from
upstream (CVE-2007-0956).
* src/lib/kadm5/logger. c: MIT-SA-2007-2 fix from Debian, based on
upstream fixes (CVE-2007-0957).
* src/lib/gssapi/ krb5/k5unseal. c: MIT-SA-2007-3 fix from upstream
(CVE-2007-1216).
* References
http://web.mit. edu/kerberos/ www/advisories/ MITKRB5- SA-2007- 001-telnetd. txt
http://web.mit. edu/kerberos/ www/advisories/ MITKRB5- SA-2007- 002-syslog. txt
http://web.mit. edu/kerberos/ www/advisories/ MITKRB5- SA-2007- 003.txt - 10. By Martin Pitt
-
* SECURITY UPDATE: Remote privilege escalation.
* src/lib/rpc/svc.c:
- Do not call an uninitialized pointer.
- Patch provided by upstream.
- References:
CVE-2006-6143
http://web.mit. edu/kerberos/ www/advisories/ MITKRB5- SA-2006- 002-rpc. txt - 9. By Martin Pitt
-
src/include/
k5-thread. h: Define__USE_GNU when #include'ing pthread.h so
that src/util/support/ threads. c has pthread_ mutexattr_ setrobust_ np()
available. Fixes FTBFS. - 8. By Sam Hartman
-
* Add error checking to setuid, setreuid to avoid local privilege
escalation ; fixes krb5-sa-2006-1, CVE-2006-3084, CVE-2006-3083
* Update standards version to 3.7.2 (no changes required).
* Translation updates.
- Russian, thanks Yuri Kozlov. (Closes: #380303) - 7. By Russ Allbery
-
* Fix double free caused by a zero-length keytab. Thanks, Steve
Langasek. (Closes: #344295)
* Fix segfault in krb5_kuserok if the local name doesn't correspond to a
local account. (Discovered in bug #354133.)
* Build a separate libkrb5-dbg package containing the detached debugging
information for libkrb53 and libkadm55.
* Update debhelper compatibility level to V5 since the dh_strip behavior
around debug packages changes in V5 and we should use the current
interface from the beginning.
* Translation updates.
- Dutch, thanks Vincent Zweije. (Closes: #360444)
- Galician, thanks Jacobo Tarrio. (Closes: #361809) - 6. By Sam Hartman
-
* Configure with --enable-shared --enable-static so that libkrb5-dev
gets static libraries.
* Fix double free in getting credentials, Closes: #344543
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/krb5