-
krb5 (1.12.1+dfsg-18ubuntu0.1) vivid-security; urgency=medium
* SECURITY UPDATE: preauthentication requirement bypass in kdcpreauth
- d/p/u/0031-Prevent-requires_preauth-bypass-CVE-2015-2694.patch:
improve logic in src/plugins/preauth/otp/main.c,
src/plugins/preauth/pkinit/pkinit_srv.c.
- CVE-2015-2694
* SECURITY UPDATE: SPNEGO context aliasing bugs
- d/p/u/0031-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
src/lib/gssapi/spnego/spnego_mech.c.
- d/p/u/0036-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
in src/lib/gssapi/spnego/spnego_mech.c.
- CVE-2015-2695
* SECURITY UPDATE: IAKERB context aliasing bugs
- d/p/u/0032-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
- d/p/u/0034-Fix-two-IAKERB-comments.patch: fix comments in
src/lib/gssapi/krb5/iakerb.c.
- CVE-2015-2696
* SECURITY UPDATE: KDC crash via invalid string processing
- d/p/u/0033-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
- CVE-2015-2697
* SECURITY UPDATE: memory corruption in IAKERB context export/import
- d/p/u/0035-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
dereferencing the context_handle pointer before casting it in
and implement implement an IAKERB gss_import_sec_context() function
in src/lib/gssapi/krb5/gssapiP_krb5.h,
src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
- CVE-2015-2698
-- Marc Deslauriers <email address hidden> Wed, 11 Nov 2015 08:52:46 -0500
-
krb5 (1.12.1+dfsg-18) unstable; urgency=high
* Import upstream patch for CVE-2014-5355, Closes: #778647
-- Benjamin Kaduk <email address hidden> Wed, 18 Feb 2015 12:52:14 -0500
-
krb5 (1.12.1+dfsg-17) unstable; urgency=high
* MITKRB5-SA-2015-001
- CVE-2014-5352: gss_process_context_token() incorrectly frees context
- CVE-2014-9421: kadmind doubly frees partial deserialization results
- CVE-2014-9422: kadmind incorrectly validates server principal name
- CVE-2014-9423: libgssrpc server applications leak uninitialized bytes
-- Sam Hartman <email address hidden> Tue, 03 Feb 2015 10:29:35 -0500
-
krb5 (1.12.1+dfsg-16) unstable; urgency=medium
* Import upstream patches for CVE-2014-5353 and CVE-2014-5354,
Closes: #773226, Closes: #773228
-- Benjamin Kaduk <email address hidden> Mon, 15 Dec 2014 16:18:26 -0500
-
krb5 (1.12.1+dfsg-15) unstable; urgency=medium
* Also apply slapd-before-kdc.conf to krb5-admin-server.service.d,
Closes: #769710
-- Benjamin Kaduk <email address hidden> Fri, 21 Nov 2014 12:36:08 -0500
-
krb5 (1.12.1+dfsg-14) unstable; urgency=medium
* The upstream patch in 1.12.1+dfsg-13 was incomplete; pull in
another upstream patch upon which it depended, to fix the
kfreebsd build, Closes: #768379
-- Benjamin Kaduk <email address hidden> Fri, 07 Nov 2014 13:17:36 -0500
-
krb5 (1.12.1+dfsg-13) unstable; urgency=medium
* Remove the ExecReload line added in 1.12.1+dfsg-12; it is not
a regression from the SysV init script and therefore not suitable
for jessie post-freeze
* Apply upstream patch to fix build on FreeBSD 10.1, Closes: #768379
-- Benjamin Kaduk <email address hidden> Thu, 06 Nov 2014 18:08:26 -0500
-
krb5 (1.12.1+dfsg-11) unstable; urgency=medium
* Provide systemd service units for krb5-kdc, Partially affects: #734161
* Provide systemd overrides to start slapd first when krb5-kdc-ldap is
installed, Thanks Michael Biebl, Closes: #758992
* Provide kadmind service unit, Closes: #734161
* Drop support for RUN_KADMIND in favor of update-rc.d disable
* In krb5_newrealm, use service rather than calling init scripts directly
-- Sam Hartman <email address hidden> Mon, 20 Oct 2014 16:51:09 -0400
-
krb5 (1.12.1+dfsg-10) unstable; urgency=medium
* Import upstream's patch for CVE-2014-5351, Closes: #762479
-- Benjamin Kaduk <email address hidden> Mon, 22 Sep 2014 14:53:33 -0400
