lp:ubuntu/hardy-updates/krb5
- Get this branch:
- bzr branch lp:ubuntu/hardy-updates/krb5
Branch merges
Branch information
Recent revisions
- 29. By Steve Beattie
-
* SECURITY UPDATE: kdc denial of service from unauthenticated remote
attackers
- src/plugins/kdb/ldap/ libkdb_ ldap/kdb_ ldap.h,
src/plugins/ kdb/ldap/ libkdb_ ldap/kdb_ ldap_conn. c,
src/plugins/ kdb/ldap/ libkdb_ ldap/ldap_ misc.c,
src/plugins/ kdb/ldap/ libkdb_ ldap/ldap_ principal2. c:
applied inline
- CVE-2011-0281
- CVE-2011-0282
- MITKRB5-SA-2011-002 - 28. By Marc Deslauriers
-
* SECURITY UPDATE: message forgery and privilege escalation via
unacceptable checksums
- src/lib/crypto/ krb/dk/ derive. c, src/lib/ crypto/ krb/keyed_ checksum_ types.c,
src/lib/krb5/ krb/mk_ safe.c, src/lib/ krb5/krb/ preauth2. c,
src/plugins/ preauth/ pkinit/ pkinit_ srv.c: patched inline, thanks to
upstream.
- CVE-2010-1323
- MITKRB5-SA-2010-007 - 27. By Kees Cook
-
* SECURITY UPDATE: unauthenticated remote attacker can crash kadmind.
- debian/patches/ MITKRB5- SA-2010- 005: applied upstream fixes inline
- CVE-2010-1321 - 26. By Kees Cook
-
* SECURITY UPDATE: unauthenticated remote KDC service crash.
- debian/patches/ MITKRB5- SA-2010- 003 applied inline.
* SECURITY UPDATE: potential service crashes.
- applied inline, from upstream svn:
- debian/patches/ CVE-2007- 5901
- debian/patches/ CVE-2007- 5902
- debian/patches/ CVE-2007- 5971
- debian/patches/ CVE-2007- 5972 - 25. By Kees Cook
-
* SECURITY UPDATE: unauthenticated remote attacker can crash or
compromise the KDC via flaws in AES and RC4 decryption (CVE-2009-4212).
- debian/patches/ MITKRB5- SA-2009- 004 applied inline.
- http://web.mit. edu/kerberos/ advisories/ 2009-004- patch_1. 6.3.txt - 24. By Kees Cook
-
* SECURITY UPDATE: denial of service via buffer overflows.
- src/lib/gssapi/ spnego/ spnego_ mech.c, src/lib/ krb5/asn. 1/asn1buf. c:
GSS-API could be crashed remotely (MITKRB5-SA-2009- 001: CVE-2009-0844,
CVE-2009-0845, CVE-2009-0847).
- src/lib/krb5/asn. 1/asn1_ decode. c: ASN.1 decoder freed uninitialized
pointers (MITKRB5-SA-2009- 002: CVE-2009-0846). - 23. By Kees Cook
-
* SECURITY UPDATE: arbitrary code execution via freed pointer and memory
overflows.
* src/kdc/{kerberos_ v4,dispatch, network} .c: upstream fixes patched inline
(MITKRB5-SA-2008- 001: CVE-2008-0062, CVE-2008-0063).
* src/lib/rpc/{svc, svc_tcp} .c: upstream fixed patched inline
(MITKRB5-SA-2008- 002: CVE-2008-0947) - 22. By Sam Hartman
-
* Move pkinit into a new package krb5-pkinit. We don't want pkinit to
always be installed because this pulls in an openssl dependency and
most people don't need it. However we want the plugin available when
needed, Closes: #444938
* I had hoped to wait for the upstream release, but that is being a bit slow. - 20. By Sam Hartman
-
* mit-sa-2007-6:
- CVE 2007-3999 rpc library buffer overflow
- CVE 2007-uninitialized kadmin pointer
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/krb5