krb5 1.8.1+dfsg-2ubuntu0.14 source package in Ubuntu

Changelog

krb5 (1.8.1+dfsg-2ubuntu0.14) lucid-security; urgency=medium

  * SECURITY UPDATE: ticket forging via old keys
    - src/lib/kadm5/srv/svr_principal.c: return only new keys
    - af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca
    - CVE-2014-5321
  * SECURITY UPDATE: use-after-free and double-free memory access
    violations
    - properly handle context deletion in
      src/lib/gssapi/krb5/context_time.c,
      src/lib/gssapi/krb5/export_sec_context.c,
      src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c,
      src/lib/gssapi/krb5/inq_context.c,
      src/lib/gssapi/krb5/k5seal.c,
      src/lib/gssapi/krb5/k5sealiov.c,
      src/lib/gssapi/krb5/k5unseal.c,
      src/lib/gssapi/krb5/k5unsealiov.c,
      src/lib/gssapi/krb5/lucid_context.c,
      src/lib/gssapi/krb5/prf.c,
      src/lib/gssapi/krb5/process_context_token.c,
      src/lib/gssapi/krb5/wrap_size_limit.c.
    - 82dc33da50338ac84c7b4102dc6513d897d0506a
    - CVE-2014-5352
  * SECURITY UPDATE: denial of service via LDAP query with no results
    - src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c: properly handle
      policy name.
    - d1f707024f1d0af6e54a18885322d70fa15ec4d3
    - CVE-2014-5353
  * SECURITY UPDATE: denial of service via database entry for a keyless
    principal
    - src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c: support keyless
      principals.
    - 877ad027ca2103f3ac2f581451fdd347a76b8981
    - CVE-2014-5354
  * SECURITY UPDATE: denial of service or code execution in kadmind XDR
    data processing
    - fix double free in src/lib/kadm5/kadm_rpc_xdr.c,
      src/lib/rpc/auth_gssapi_misc.c.
    - a197e92349a4aa2141b5dff12e9dd44c2a2166e3
    - CVE-2014-9421
  * SECURITY UPDATE: impersonation attack via two-component server
    principals
    - src/kadmin/server/kadm_rpc_svc.c: fix kadmind server validation.
    - 6609658db0799053fbef0d7d0aa2f1fd68ef32d8
    - CVE-2014-9422
  * SECURITY UPDATE: gssrpc data leakage
    - src/lib/rpc/svc_auth_gss.c: fix leakage.
    - 5bb8a6b9c9eb8dd22bc9526751610aaa255ead9c
    - CVE-2014-9423
 -- Marc Deslauriers <email address hidden>   Fri, 06 Feb 2015 15:51:07 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Lucid
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
krb5_1.8.1+dfsg.orig.tar.gz 11.1 MiB 122cd1358367937ed38bb3a7a8d26601b637b8906cfdf0eacad78f61b4412d8d
krb5_1.8.1+dfsg-2ubuntu0.14.diff.gz 139.4 KiB 79df87b4ae85c64e06ff938e8d6484f9ef57783d12d031e34e7bce7c6d1e9a5f
krb5_1.8.1+dfsg-2ubuntu0.14.dsc 2.3 KiB 88f7f04ae16ae3e9c32c16f3039287eff12b2a536172573dd58c304fa183b5fa

View changes file

Binary packages built by this source

krb5-admin-server: No summary available for krb5-admin-server in ubuntu lucid.

No description available for krb5-admin-server in ubuntu lucid.

krb5-doc: No summary available for krb5-doc in ubuntu lucid.

No description available for krb5-doc in ubuntu lucid.

krb5-kdc: No summary available for krb5-kdc in ubuntu lucid.

No description available for krb5-kdc in ubuntu lucid.

krb5-kdc-ldap: No summary available for krb5-kdc-ldap in ubuntu lucid.

No description available for krb5-kdc-ldap in ubuntu lucid.

krb5-multidev: No summary available for krb5-multidev in ubuntu lucid.

No description available for krb5-multidev in ubuntu lucid.

krb5-pkinit: No summary available for krb5-pkinit in ubuntu lucid.

No description available for krb5-pkinit in ubuntu lucid.

krb5-user: No summary available for krb5-user in ubuntu lucid.

No description available for krb5-user in ubuntu lucid.

libgssapi-krb5-2: No summary available for libgssapi-krb5-2 in ubuntu lucid.

No description available for libgssapi-krb5-2 in ubuntu lucid.

libgssrpc4: No summary available for libgssrpc4 in ubuntu lucid.

No description available for libgssrpc4 in ubuntu lucid.

libk5crypto3: No summary available for libk5crypto3 in ubuntu lucid.

No description available for libk5crypto3 in ubuntu lucid.

libkadm5clnt-mit7: No summary available for libkadm5clnt-mit7 in ubuntu lucid.

No description available for libkadm5clnt-mit7 in ubuntu lucid.

libkadm5srv-mit7: No summary available for libkadm5srv-mit7 in ubuntu lucid.

No description available for libkadm5srv-mit7 in ubuntu lucid.

libkdb5-4: No summary available for libkdb5-4 in ubuntu lucid.

No description available for libkdb5-4 in ubuntu lucid.

libkrb5-3: No summary available for libkrb5-3 in ubuntu lucid.

No description available for libkrb5-3 in ubuntu lucid.

libkrb5-dbg: No summary available for libkrb5-dbg in ubuntu lucid.

No description available for libkrb5-dbg in ubuntu lucid.

libkrb5-dev: No summary available for libkrb5-dev in ubuntu lucid.

No description available for libkrb5-dev in ubuntu lucid.

libkrb5support0: No summary available for libkrb5support0 in ubuntu lucid.

No description available for libkrb5support0 in ubuntu lucid.