lp:ubuntu/karmic-security/krb5
- Get this branch:
- bzr branch lp:ubuntu/karmic-security/krb5
Branch merges
Branch information
Recent revisions
- 27. By Kees Cook
-
* SECURITY UPDATE: kadmind denial of service from freeing of uninitialized
pointer.
- src/kadmin/server/ {network, schpw}. c: fix, thanks to upstream.
- CVE-2011-0285
- MITKRB5-SA-2011-004 - 26. By Steve Beattie
-
* SECURITY UPDATE: kdc denial of service due to double-free if PKINIT
capability is used.
- src/kdc/do_as_req. c: clear fields on allocation; applied inline,
thanks to upstream
- CVE-2011-0284
- MITKRB5-SA-2011-003 - 25. By Steve Beattie
-
* SECURITY UPDATE: kpropd denial of service via invalid network input
- src/slave/kpropd.c: don't return on kpropd child exit; applied
inline.
- CVE-2010-4022
- MITKRB5-SA-2011-001
* SECURITY UPDATE: kdc denial of service from unauthenticated remote
attackers
- src/plugins/kdb/ldap/ libkdb_ ldap/kdb_ ldap.h,
src/plugins/ kdb/ldap/ libkdb_ ldap/kdb_ ldap_conn. c,
src/plugins/ kdb/ldap/ libkdb_ ldap/ldap_ misc.c,
src/plugins/ kdb/ldap/ libkdb_ ldap/ldap_ principal2. c:
applied inline
- CVE-2011-0281
- CVE-2011-0282
- MITKRB5-SA-2011-002 - 24. By Marc Deslauriers
-
* SECURITY UPDATE: message forgery and privilege escalation via
unacceptable checksums
- src/lib/crypto/ krb/dk/ derive. c, src/lib/ crypto/ krb/keyed_ checksum_ types.c,
src/lib/gssapi/ krb5/util_ crypt.c, src/lib/ krb5/krb/ mk_safe. c,
src/lib/krb5/ krb/pac. c, src/lib/ krb5/krb/ preauth2. c,
src/plugins/ preauth/ pkinit/ pkinit_ srv.c: patched inline, thanks to
upstream.
- CVE-2010-1323
- CVE-2010-1324
- MITKRB5-SA-2010-007
* SECURITY UPDATE: client impersonation via KrbFastReq forgery issue.
- src/kdc/fast_util. c: patched inline.
- CVE-2010-4021 - 23. By Kees Cook
-
* SECURITY UPDATE: unauthenticated remote attack can crash kdc.
- debian/patches/ MITKRB5- SA-2010- 004: applied upstream fixes inline
- CVE-2010-1320
* SECURITY UPDATE: unauthenticated remote attacker can crash kadmind.
- debian/patches/ MITKRB5- SA-2010- 005: applied upstream fixes inline
- CVE-2010-1321 - 22. By Kees Cook
-
* SECURITY UPDATE: unauthenticated remote service crash.
- src/kdc/{do_as_ req,do_ tgs_req, fast_util} .c: back-ported upstream
fixes from krb5 1.8.
- MITKRB5-SA-2010-001 (CVE-2010-0283)
- src/lib/gssapi/ spnego/ spnego_ mech.c: back-ported upstream fixes
from krb5 1.8.1.
- MITKRB5-SA-2010-002 (CVE-2010-0628) - 21. By Kees Cook
-
* SECURITY UPDATE: unauthenticated remote attacker can crash or
compromise the KDC via flaws in AES and RC4 decryption (CVE-2009-4212).
- debian/patches/ krb5-crypto- integer applied inline.
- http://web.mit. edu/kerberos/ advisories/ 2009-004- patch_1. 7.txt - 20. By Kees Cook
-
* SECURITY UPDATE: unauthenticated remote attacker can crash kdc.
- src/kdc/do_tgs_ req.c, src/lib/ kadm5/logger. c: upstream fixes
inline (CVE-2009-3295).
- http://web.mit. edu/kerberos/ advisories/ 2009-003- patch.txt - 19. By Sam Hartman
-
* New upstream release
* Revert relaxation of Debian symbol versions introduced in
1.7dfsg~beta1-3
* Fix kproplog's manpage (LP: #374819) - 18. By Sam Hartman
-
* Apply upstream patch from ticket 6488 intended to fix
gss_krb5_export_ lucid_sec_ context and thus NFs; hopefully fixes
#528514
* Apply patch from ticket 6489 to fix UCS2 handling in RC4 string to
key and PAC routines
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/krb5