-
krb5 (1.16-2ubuntu0.4) bionic-security; urgency=medium
* SECURITY UPDATE: Null pointer dereference issue
- debian/patches/CVE-2021-36222.patch: Fix KDC null deref on bad
encrypted challenge
- debian/patches/CVE-2021-37750.patch: Fix KDC null deref on TGS inner
body null server
- CVE-2021-36222
- CVE-2021-37750
-- Nishit Majithia <email address hidden> Wed, 15 Mar 2023 19:38:38 +0530
-
krb5 (1.16-2ubuntu0.3) bionic-security; urgency=medium
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-42898.patch: add buffer length checks in
krb5_pac_parse() in src/lib/krb5/krb/pac.c and a test case for
invalid buffers in src/lib/krb5/krb/t_pac.c.
- CVE-2022-42898
* SECURITY UPDATE: DoS (crash) the KDC by making an S4U2Self request
- debian/patches/CVE-2018-20217-1.patch: Ignore password attributes for
S4U2Self requests.
- debian/patches/CVE-2018-20217-2.patch: remove incorrect KDC assertion.
- CVE-2018-20217
-- Rodrigo Figueiredo Zaiden <email address hidden> Fri, 20 Jan 2023 07:37:35 -0300
-
krb5 (1.16-2ubuntu0.2) bionic-security; urgency=medium
* SECURITY UPDATE: Unbounded recursion
- debian/patches/CVE-2020-28196.patch: adds recursion limit for ASN.1
indefinite lenghts in src/lib/krb5/asn.1/asn1_encode.c.
- CVE-2020-28196
-- <email address hidden> (Leonidas S. Barbosa) Wed, 11 Nov 2020 11:23:49 -0300
-
krb5 (1.16-2ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Authenticated kadmin with permission to add principals
to an LDAP Kerberos can DoS or bypass DN container check.
- debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
checking
- CVE-2018-5729
- CVE-2018-5730
-- Eduardo Barretto <email address hidden> Fri, 11 Jan 2019 13:48:01 -0200
-
krb5 (1.16-2build1) bionic; urgency=high
* No change rebuild against openssl1.1.
-- Dimitri John Ledkov <email address hidden> Mon, 05 Feb 2018 16:50:17 +0000
-
krb5 (1.16-2) unstable; urgency=medium
* Update location of packaging GIT repository
* krb5-config was incorrectly changed to include the multiarch tripple
in include paths. However, our include files are not architecture
specific; fix krb5-config to not include a multiarch tripple in
include paths, Closes: #887810
-- Sam Hartman <email address hidden> Sat, 20 Jan 2018 11:02:57 -0500
-
krb5 (1.16-1) unstable; urgency=medium
* New Upstream Version, Closes: #884490
- libkdb5 soname is now 9
* Note that we break moonshot-gss-eap less than 1.0.1. In particular
because /etc/gss/mech.d/README is no longer installed,
moonshot-gss-eap will drop a stray file in /usr/etc.
* make krb5-config identical on all architectures and make
krb5-multidev and libkrb5-dev multiarch installable; solution based on
discussion with Hugh McMaster, Closes: #881597
-- Sam Hartman <email address hidden> Thu, 04 Jan 2018 10:29:06 -0500
-
krb5 (1.15.2-2) unstable; urgency=medium
* Apply upstream patch removing a fixed-size buffer in PKINIT client code,
Closes: #871698
-- Benjamin Kaduk <email address hidden> Sat, 28 Oct 2017 18:09:28 -0500
-
krb5 (1.15.1-2) unstable; urgency=high
* Depend on libsasl2-dev for LDAP SASL authentication, Thanks Hideki
Yamane, Closes: #868035
* Remove /etc/gss/mech.d/README on libgssapi-krb5-2 purge, Closes: #868121
* CVE-2017-11368: Remote authenticated attackers can crash the KDC,
Closes: #869260
* Set Restart=on-abnormal in krb5-kdc.service and krb5-admind.service to
minimize the impact of future DOS bugs.
-- Sam Hartman <email address hidden> Sun, 23 Jul 2017 14:16:38 -0400
