krb5 1.12+dfsg-2ubuntu5.2 source package in Ubuntu

Changelog

krb5 (1.12+dfsg-2ubuntu5.2) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via incorrect null bytes
    - d/p/0030-Fix-krb5_read_message-handling-CVE-2014-5355.patch:
      properly handle null bytes in src/appl/user_user/server.c,
      src/lib/krb5/krb/recvauth.c.
    - CVE-2015-5355
  * SECURITY UPDATE: preauthentication requirement bypass in kdcpreauth
    - d/p/0031-Prevent-requires_preauth-bypass-CVE-2015-2694.patch:
      improve logic in src/plugins/preauth/otp/main.c,
      src/plugins/preauth/pkinit/pkinit_srv.c.
    - CVE-2015-2694
  * SECURITY UPDATE: SPNEGO context aliasing bugs
    - d/p/0031-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
      improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
      src/lib/gssapi/spnego/spnego_mech.c.
    - d/p/0036-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
      in src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2015-2695
  * SECURITY UPDATE: IAKERB context aliasing bugs
    - d/p/0032-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
      improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - d/p/0034-Fix-two-IAKERB-comments.patch: fix comments in
      src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2696
  * SECURITY UPDATE: KDC crash via invalid string processing
    - d/p/0033-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
      use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
    - CVE-2015-2697
  * SECURITY UPDATE: memory corruption in IAKERB context export/import
    - d/p/0035-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
      dereferencing the context_handle pointer before casting it in
      and implement implement an IAKERB gss_import_sec_context() function
      in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2698

 -- Marc Deslauriers <email address hidden>  Wed, 11 Nov 2015 09:08:08 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Trusty
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
krb5_1.12+dfsg.orig.tar.gz 11.2 MiB 8ff375113692946790aea5b246b14609c1d21e9017c920ab129452415dc69dfa
krb5_1.12+dfsg-2ubuntu5.2.debian.tar.gz 135.3 KiB 90180cfcf570400345f7b3a6e1e07fc772ee02fc6338febe78c9363da55a22eb
krb5_1.12+dfsg-2ubuntu5.2.dsc 3.2 KiB b4d6a90bb6be7aec5575a2514bcaa1571e507dda3c1bcb902d5abd2331cb5c39

View changes file

Binary packages built by this source

krb5-admin-server: MIT Kerberos master server (kadmind)

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the Kerberos master server (kadmind), which handles
 account creations and deletions, password changes, and other
 administrative commands via the Kerberos admin protocol. It also
 contains the command used by the master KDC to propagate its database to
 slave KDCs. This package is generally only used on the master KDC for a
 Kerberos realm.

krb5-admin-server-dbgsym: debug symbols for package krb5-admin-server

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the Kerberos master server (kadmind), which handles
 account creations and deletions, password changes, and other
 administrative commands via the Kerberos admin protocol. It also
 contains the command used by the master KDC to propagate its database to
 slave KDCs. This package is generally only used on the master KDC for a
 Kerberos realm.

krb5-doc: Documentation for MIT Kerberos

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the installation, administrator, and user reference
 manuals for MIT Kerberos and the man pages for the MIT Kerberos
 configuration files.

krb5-gss-samples: MIT Kerberos GSS Sample applications

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains bgss-sample and gss-server, programs used to
 test GSS-API mechanisms. These programs are most commonly used in
 testing newly developed GSS-API mechanisms or in testing events
 between Kerberos or GSS implementations.

krb5-gss-samples-dbgsym: debug symbols for package krb5-gss-samples

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains bgss-sample and gss-server, programs used to
 test GSS-API mechanisms. These programs are most commonly used in
 testing newly developed GSS-API mechanisms or in testing events
 between Kerberos or GSS implementations.

krb5-kdc: MIT Kerberos key server (KDC)

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the Kerberos key server (KDC). The KDC manages all
 authentication credentials for a Kerberos realm, holds the master keys
 for the realm, and responds to authentication requests. This package
 should be installed on both master and slave KDCs.

krb5-kdc-dbgsym: debug symbols for package krb5-kdc

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the Kerberos key server (KDC). The KDC manages all
 authentication credentials for a Kerberos realm, holds the master keys
 for the realm, and responds to authentication requests. This package
 should be installed on both master and slave KDCs.

krb5-kdc-ldap: MIT Kerberos key server (KDC) LDAP plugin

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the LDAP plugin for the Kerberos key server (KDC)
 and supporting utilities. This plugin allows the KDC data to be stored
 in an LDAP server rather than the default local database. It should be
 installed on both master and slave KDCs that use LDAP as a storage
 backend.

krb5-kdc-ldap-dbgsym: debug symbols for package krb5-kdc-ldap

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the LDAP plugin for the Kerberos key server (KDC)
 and supporting utilities. This plugin allows the KDC data to be stored
 in an LDAP server rather than the default local database. It should be
 installed on both master and slave KDCs that use LDAP as a storage
 backend.

krb5-locales: Internationalization support for MIT Kerberos

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains internationalized messages for MIT Kerberos.

krb5-multidev: Development files for MIT Kerberos without Heimdal conflict

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 Most users wishing to build applications against MIT Kerberos should
 install libkrb5-dev. However, that package conflicts with heimdal-dev.
 This package installs libraries and headers in /usr/include/mit-krb5 and
 /usr/lib/mit-krb5 and can be installed along side heimdal-multidev, which
 provides the same facilities for Heimdal.

krb5-otp: OTP plugin for MIT Kerberos

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains a plugin for the OTP preauthentication method
 (RFC 6560), which allows Kerberos tickets to be obtained using
 One-Time Password authentication. This plugin is for use on the KDC; the
 client support is built in to libkrb5.

krb5-otp-dbgsym: debug symbols for package krb5-otp

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains a plugin for the OTP preauthentication method
 (RFC 6560), which allows Kerberos tickets to be obtained using
 One-Time Password authentication. This plugin is for use on the KDC; the
 client support is built in to libkrb5.

krb5-pkinit: PKINIT plugin for MIT Kerberos

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains a plugin for the PKINIT protocol, which allows
 Kerberos tickets to be obtained using public-key credentials such as
 X.509 certificates or a smart card. This plugin can be used by the
 client libraries and the KDC.

krb5-pkinit-dbgsym: debug symbols for package krb5-pkinit

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains a plugin for the PKINIT protocol, which allows
 Kerberos tickets to be obtained using public-key credentials such as
 X.509 certificates or a smart card. This plugin can be used by the
 client libraries and the KDC.

krb5-user: Basic programs to authenticate using MIT Kerberos

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the basic programs to authenticate to MIT Kerberos,
 change passwords, and talk to the admin server (to create and delete
 principals, list principals, etc.).

krb5-user-dbgsym: debug symbols for package krb5-user

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the basic programs to authenticate to MIT Kerberos,
 change passwords, and talk to the admin server (to create and delete
 principals, list principals, etc.).

libgssapi-krb5-2: MIT Kerberos runtime libraries - krb5 GSS-API Mechanism

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime library for the MIT Kerberos
 implementation of GSS-API used by applications and Kerberos clients.

libgssapi-krb5-2-dbgsym: debug symbols for package libgssapi-krb5-2

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime library for the MIT Kerberos
 implementation of GSS-API used by applications and Kerberos clients.

libgssrpc4: MIT Kerberos runtime libraries - GSS enabled ONCRPC

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains an RPC library used by the Kerberos administrative
 programs and potentially other applications.

libgssrpc4-dbgsym: debug symbols for package libgssrpc4

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains an RPC library used by the Kerberos administrative
 programs and potentially other applications.

libk5crypto3: MIT Kerberos runtime libraries - Crypto Library

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime cryptography libraries used by
 applications and Kerberos clients.

libk5crypto3-dbgsym: debug symbols for package libk5crypto3

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime cryptography libraries used by
 applications and Kerberos clients.

libkadm5clnt-mit9: MIT Kerberos runtime libraries - Administration Clients

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime library used by clients of the Kerberos
 administration protocol.

libkadm5clnt-mit9-dbgsym: debug symbols for package libkadm5clnt-mit9

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime library used by clients of the Kerberos
 administration protocol.

libkadm5srv-mit8: transitional dummy package for libkadm5srv-mit9

 This transitional dummy package is safe to remove.

libkadm5srv-mit9: MIT Kerberos runtime libraries - KDC and Admin Server

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime library used by Kerberos administrative
 servers.

libkadm5srv-mit9-dbgsym: debug symbols for package libkadm5srv-mit9

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime library used by Kerberos administrative
 servers.

libkdb5-7: MIT Kerberos runtime libraries - Kerberos database

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the internal Kerberos database libraries.

libkdb5-7-dbgsym: debug symbols for package libkdb5-7

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the internal Kerberos database libraries.

libkrad-dev: MIT Kerberos RADIUS Library Development

 This package includes development headers for libkrad0, the MIT
 Kerberos RADIUS library. You should not use this RADIUS library in
 packages unrelated to MIT Kerberos.

libkrad0: MIT Kerberos runtime libraries - RADIUS library

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the internal support library for RADIUS functionality.

libkrad0-dbgsym: debug symbols for package libkrad0

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the internal support library for RADIUS functionality.

libkrb5-3: MIT Kerberos runtime libraries

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime library for the main Kerberos v5 API
 used by applications and Kerberos clients.

libkrb5-3-dbgsym: debug symbols for package libkrb5-3

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime library for the main Kerberos v5 API
 used by applications and Kerberos clients.

libkrb5-dbg: Debugging files for MIT Kerberos

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the debugging information for the MIT Kerberos
 libraries. Install this package if you need to trace problems inside the
 MIT Kerberos libraries with a debugger.

libkrb5-dev: Headers and development libraries for MIT Kerberos

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the symlinks, headers, and development libraries
 needed to compile and link programs that use the Kerberos libraries.

libkrb5support0: MIT Kerberos runtime libraries - Support library

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains an internal runtime support library used by other
 Kerberos libraries.

libkrb5support0-dbgsym: debug symbols for package libkrb5support0

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains an internal runtime support library used by other
 Kerberos libraries.