lp:ubuntu/hardy-updates/krb5

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

29. By Steve Beattie on 2011-02-09

* SECURITY UPDATE: kdc denial of service from unauthenticated remote
  attackers
  - src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h,
    src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c,
    src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c,
    src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:
    applied inline
  - CVE-2011-0281
  - CVE-2011-0282
  - MITKRB5-SA-2011-002

28. By Marc Deslauriers on 2010-12-08

* SECURITY UPDATE: message forgery and privilege escalation via
  unacceptable checksums
  - src/lib/crypto/krb/dk/derive.c, src/lib/crypto/krb/keyed_checksum_types.c,
    src/lib/krb5/krb/mk_safe.c, src/lib/krb5/krb/preauth2.c,
    src/plugins/preauth/pkinit/pkinit_srv.c: patched inline, thanks to
    upstream.
  - CVE-2010-1323
  - MITKRB5-SA-2010-007

27. By Kees Cook on 2010-05-18

* SECURITY UPDATE: unauthenticated remote attacker can crash kadmind.
  - debian/patches/MITKRB5-SA-2010-005: applied upstream fixes inline
  - CVE-2010-1321

26. By Kees Cook on 2010-04-06

* SECURITY UPDATE: unauthenticated remote KDC service crash.
  - debian/patches/MITKRB5-SA-2010-003 applied inline.
* SECURITY UPDATE: potential service crashes.
  - applied inline, from upstream svn:
    - debian/patches/CVE-2007-5901
    - debian/patches/CVE-2007-5902
    - debian/patches/CVE-2007-5971
    - debian/patches/CVE-2007-5972

25. By Kees Cook on 2010-01-11

* SECURITY UPDATE: unauthenticated remote attacker can crash or
  compromise the KDC via flaws in AES and RC4 decryption (CVE-2009-4212).
  - debian/patches/MITKRB5-SA-2009-004 applied inline.
  - http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt

24. By Kees Cook on 2009-04-07

* SECURITY UPDATE: denial of service via buffer overflows.
  - src/lib/gssapi/spnego/spnego_mech.c, src/lib/krb5/asn.1/asn1buf.c:
    GSS-API could be crashed remotely (MITKRB5-SA-2009-001: CVE-2009-0844,
    CVE-2009-0845, CVE-2009-0847).
  - src/lib/krb5/asn.1/asn1_decode.c: ASN.1 decoder freed uninitialized
    pointers (MITKRB5-SA-2009-002: CVE-2009-0846).

23. By Kees Cook on 2008-03-18

* SECURITY UPDATE: arbitrary code execution via freed pointer and memory
  overflows.
* src/kdc/{kerberos_v4,dispatch,network}.c: upstream fixes patched inline
  (MITKRB5-SA-2008-001: CVE-2008-0062, CVE-2008-0063).
* src/lib/rpc/{svc,svc_tcp}.c: upstream fixed patched inline
  (MITKRB5-SA-2008-002: CVE-2008-0947)

22. By Sam Hartman on 2007-10-18

* Move pkinit into a new package krb5-pkinit. We don't want pkinit to
  always be installed because this pulls in an openssl dependency and
  most people don't need it. However we want the plugin available when
  needed, Closes: #444938
* I had hoped to wait for the upstream release, but that is being a bit slow.

21. By LaMont Jones on 2007-10-02

Trigger rebuild for hppa.

20. By Sam Hartman on 2007-09-04

* mit-sa-2007-6:
    - CVE 2007-3999 rpc library buffer overflow
    - CVE 2007-uninitialized kadmin pointer