lp:ubuntu/karmic-security/krb5

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

27. By Kees Cook on 2011-04-18

* SECURITY UPDATE: kadmind denial of service from freeing of uninitialized
  pointer.
  - src/kadmin/server/{network,schpw}.c: fix, thanks to upstream.
  - CVE-2011-0285
  - MITKRB5-SA-2011-004

26. By Steve Beattie on 2011-03-14

* SECURITY UPDATE: kdc denial of service due to double-free if PKINIT
  capability is used.
  - src/kdc/do_as_req.c: clear fields on allocation; applied inline,
    thanks to upstream
  - CVE-2011-0284
  - MITKRB5-SA-2011-003

25. By Steve Beattie on 2011-02-09

* SECURITY UPDATE: kpropd denial of service via invalid network input
  - src/slave/kpropd.c: don't return on kpropd child exit; applied
    inline.
  - CVE-2010-4022
  - MITKRB5-SA-2011-001
* SECURITY UPDATE: kdc denial of service from unauthenticated remote
  attackers
  - src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h,
    src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c,
    src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c,
    src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:
    applied inline
  - CVE-2011-0281
  - CVE-2011-0282
  - MITKRB5-SA-2011-002

24. By Marc Deslauriers on 2010-12-08

* SECURITY UPDATE: message forgery and privilege escalation via
  unacceptable checksums
  - src/lib/crypto/krb/dk/derive.c, src/lib/crypto/krb/keyed_checksum_types.c,
    src/lib/gssapi/krb5/util_crypt.c, src/lib/krb5/krb/mk_safe.c,
    src/lib/krb5/krb/pac.c, src/lib/krb5/krb/preauth2.c,
    src/plugins/preauth/pkinit/pkinit_srv.c: patched inline, thanks to
    upstream.
  - CVE-2010-1323
  - CVE-2010-1324
  - MITKRB5-SA-2010-007
* SECURITY UPDATE: client impersonation via KrbFastReq forgery issue.
  - src/kdc/fast_util.c: patched inline.
  - CVE-2010-4021

23. By Kees Cook on 2010-05-18

* SECURITY UPDATE: unauthenticated remote attack can crash kdc.
  - debian/patches/MITKRB5-SA-2010-004: applied upstream fixes inline
  - CVE-2010-1320
* SECURITY UPDATE: unauthenticated remote attacker can crash kadmind.
  - debian/patches/MITKRB5-SA-2010-005: applied upstream fixes inline
  - CVE-2010-1321

22. By Kees Cook on 2010-03-23

* SECURITY UPDATE: unauthenticated remote service crash.
  - src/kdc/{do_as_req,do_tgs_req,fast_util}.c: back-ported upstream
    fixes from krb5 1.8.
  - MITKRB5-SA-2010-001 (CVE-2010-0283)
  - src/lib/gssapi/spnego/spnego_mech.c: back-ported upstream fixes
    from krb5 1.8.1.
  - MITKRB5-SA-2010-002 (CVE-2010-0628)

21. By Kees Cook on 2010-01-11

* SECURITY UPDATE: unauthenticated remote attacker can crash or
  compromise the KDC via flaws in AES and RC4 decryption (CVE-2009-4212).
  - debian/patches/krb5-crypto-integer applied inline.
  - http://web.mit.edu/kerberos/advisories/2009-004-patch_1.7.txt

20. By Kees Cook on 2010-01-05

* SECURITY UPDATE: unauthenticated remote attacker can crash kdc.
  - src/kdc/do_tgs_req.c, src/lib/kadm5/logger.c: upstream fixes
    inline (CVE-2009-3295).
  - http://web.mit.edu/kerberos/advisories/2009-003-patch.txt

19. By Sam Hartman on 2009-05-27

* New upstream release
* Revert relaxation of Debian symbol versions introduced in
  1.7dfsg~beta1-3
* Fix kproplog's manpage (LP: #374819)

18. By Sam Hartman on 2009-05-14

* Apply upstream patch from ticket 6488 intended to fix
  gss_krb5_export_lucid_sec_context and thus NFs; hopefully fixes
  #528514
* Apply patch from ticket 6489 to fix UCS2 handling in RC4 string to
  key and PAC routines