Debian Bug report logs -
#803088
CVE-2015-2697 in libkrb5-3: invalid string processing
Reported by: Benjamin Kaduk <kaduk@MIT.EDU>
Date: Mon, 26 Oct 2015 18:42:01 UTC
Severity: normal
Tags: fixed-upstream, security, upstream
Found in version krb5/1.8.3+dfsg-1
Fixed in versions krb5/1.12.1+dfsg-19+deb8u1, krb5/1.13.2+dfsg-3, krb5/1.10.1+dfsg-5+deb7u5
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.
Forwarded to http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Sam Hartman <hartmans@debian.org>:
Bug#803088; Package libkrb5-3.
(Mon, 26 Oct 2015 18:42:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Benjamin Kaduk <kaduk@MIT.EDU>:
New Bug report received and forwarded. Copy sent to Sam Hartman <hartmans@debian.org>.
(Mon, 26 Oct 2015 18:42:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libkrb5-3
Version: 1.8.3+dgsg-4squeeze7
Tags: security fixed-upstream
The build_principal_va() function uses strdup() on the supplied realm; in
the TGS-REQ processing the KDC does this on an untrusted piece of data
from the network, causing a mismatch between the length accessed and the
length allocated, which could cause the KDC process to crash.
Fixed in
https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789
-Ben
Marked as found in versions krb5/1.8.3+dfsg-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 26 Oct 2015 18:57:13 GMT) (full text, mbox, link).
No longer marked as found in versions 1.8.3+dgsg-4squeeze7.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 26 Oct 2015 18:57:14 GMT) (full text, mbox, link).
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 26 Oct 2015 18:57:15 GMT) (full text, mbox, link).
Marked as fixed in versions krb5/1.13.2+dfsg-3.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 26 Oct 2015 18:57:18 GMT) (full text, mbox, link).
Reply sent
to Benjamin Kaduk <kaduk@mit.edu>:
You have taken responsibility.
(Sun, 08 Nov 2015 16:51:21 GMT) (full text, mbox, link).
Notification sent
to Benjamin Kaduk <kaduk@MIT.EDU>:
Bug acknowledged by developer.
(Sun, 08 Nov 2015 16:51:21 GMT) (full text, mbox, link).
Message #20 received at 803088-close@bugs.debian.org (full text, mbox, reply):
Source: krb5
Source-Version: 1.12.1+dfsg-19+deb8u1
We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 803088@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Benjamin Kaduk <kaduk@mit.edu> (supplier of updated krb5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 04 Nov 2015 22:05:10 -0500
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-otp krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit9 libkadm5clnt-mit9 libk5crypto3 libkdb5-7 libkrb5support0 libkrad0 krb5-gss-samples krb5-locales libkrad-dev
Architecture: all source
Version: 1.12.1+dfsg-19+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Sam Hartman <hartmans@debian.org>
Changed-By: Benjamin Kaduk <kaduk@mit.edu>
Closes: 803083 803084 803088
Description:
krb5-admin-server - MIT Kerberos master server (kadmind)
krb5-doc - Documentation for MIT Kerberos
krb5-gss-samples - MIT Kerberos GSS Sample applications
krb5-kdc - MIT Kerberos key server (KDC)
krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
krb5-locales - Internationalization support for MIT Kerberos
krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
krb5-otp - OTP plugin for MIT Kerberos
krb5-pkinit - PKINIT plugin for MIT Kerberos
krb5-user - Basic programs to authenticate using MIT Kerberos
libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
libkadm5clnt-mit9 - MIT Kerberos runtime libraries - Administration Clients
libkadm5srv-mit9 - MIT Kerberos runtime libraries - KDC and Admin Server
libkdb5-7 - MIT Kerberos runtime libraries - Kerberos database
libkrad-dev - MIT Kerberos RADIUS Library Development
libkrad0 - MIT Kerberos runtime libraries - RADIUS library
libkrb5-3 - MIT Kerberos runtime libraries
libkrb5-dbg - Debugging files for MIT Kerberos
libkrb5-dev - Headers and development libraries for MIT Kerberos
libkrb5support0 - MIT Kerberos runtime libraries - Support library
Changes:
krb5 (1.12.1+dfsg-19+deb8u1) jessie-security; urgency=high
.
* Import upstream patches for four CVEs:
- CVE-2015-2695: SPNEGO context aliasing during establishment,
Closes: #803083
- CVE-2015-2696: IAKERB context aliasing during establishment,
Closes: #803084
- CVE-2015-2697: unsafe string handling in TGS processing,
Closes: #803088
- CVE-2015-2698: regression (memory corruption) in patch for CVE-2015-2696
* In addition to CVE-2015-2698, the upstream patches for CVE-2015-2695
and CVE-2015-2696 introduced regressions preventing the use of
gss_import_sec_context() with contexts established using IAKERB
or SPNEGO; the fixes for those regressions are included here.
Checksums-Sha1:
61673ddbd11c4616de0086869a5f0dd6377461d2 3368 krb5_1.12.1+dfsg-19+deb8u1.dsc
d211e7d605bd992d33b7cbca1da14d68f0770258 11792370 krb5_1.12.1+dfsg.orig.tar.gz
5e694b245486d6c7faaada4fe8758acfbaec6e7e 120776 krb5_1.12.1+dfsg-19+deb8u1.debian.tar.xz
4f00835bb76ac5092b64b718d057db9653aa8871 4684170 krb5-doc_1.12.1+dfsg-19+deb8u1_all.deb
2d06bfb0303a2d74319cf4cf34c780b33e34ee20 2648402 krb5-locales_1.12.1+dfsg-19+deb8u1_all.deb
Checksums-Sha256:
51e6242849ef2a909a56224ad08365db093a08936317dc6d8dfcb3edf67e1a8e 3368 krb5_1.12.1+dfsg-19+deb8u1.dsc
eb29959f1e9f8d71e7401f5809daefae067296eb5b0da1176366280a16bdd784 11792370 krb5_1.12.1+dfsg.orig.tar.gz
0e61a1ba59d3f25a0a40022fd8a316c917e3c4ca9bb7b604646e949fd91d592f 120776 krb5_1.12.1+dfsg-19+deb8u1.debian.tar.xz
0e8d9bf109acb5329a1a9cf1ecb5f3e9413121a8a00d3ed435b4f84486bd7d4e 4684170 krb5-doc_1.12.1+dfsg-19+deb8u1_all.deb
2b43298b682f351421e7e12f259485a3adc4370a72a2d0cbd833915feb5052ee 2648402 krb5-locales_1.12.1+dfsg-19+deb8u1_all.deb
Files:
e3c9d6b37935ac04cf33f08bf4aaea5e 3368 net standard krb5_1.12.1+dfsg-19+deb8u1.dsc
dd0367010b3d2385d9f23db25457a0bf 11792370 net standard krb5_1.12.1+dfsg.orig.tar.gz
d1f9a984af597b08307f41b160a73367 120776 net standard krb5_1.12.1+dfsg-19+deb8u1.debian.tar.xz
895c89bc1fc94f1917aeab6027280618 4684170 doc optional krb5-doc_1.12.1+dfsg-19+deb8u1_all.deb
233a91de57e2e2ea4e68c17968082766 2648402 localization standard krb5-locales_1.12.1+dfsg-19+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWO67XAAoJEAVMuPMTQ89EiNIQAJ9M25jvoua+9vXkhSIc8k5N
ETUlpaJN7d++1UzUDGCAV+2vPwxYU/68ivP69UdZQfF6np6+G0YBl5BKzB1HUnUL
TCUVKHI+u7yOiSVibJIbMcyA9h9fbao7OKeCWfHU4usLP+XQxnNH3uru0frsKoDs
so3YEw08jHJFv0prVDse3R4Vipexwm1c0gys8EtA+hLz7ErGsAQjyjdwIPNWSuj+
ydYhH+uaiGrAaE8vWTnpmB8IB8tm8IyIIyq9+3lgeFxX0BpCjMmaD6Em5uwRo12o
b/yAEUrm4aS4FnDembfuttH1QkUYO4OwVLzTDHl6pPNR0s4BkM2BbLDe9fNwyrjY
rKxzHX9NuiOytRVHVE+tn4XgnLJcqewnQlfk9kVKQh41CeD+i6EIMnv9vFm3qP4+
lfye76Al7QMWw4AreaNmxdTrGn3KND8Y/36m3vqZT+bqF2CSKxBMVQoxwu0N8u7+
ivF5atydU2jypcPnjnblkdMs+nsQdqrMVydLsb9hCiF5lVgq3tP23w/hVmMsDyS6
QP5+dadOWfKO2CCZfAPy9ZD9G3RcLc8l/UAYmMQGp67QDW9JkJ3Hx7YFY2TQPgJb
FG5go0+vNdqcV83og9/IJW0wR1retFRebLjigkgzn792mlt4+QPF6OWcZ70gUIP3
uckbN8OXLNe0XY7Y/ZCk
=P2qI
-----END PGP SIGNATURE-----
Reply sent
to Benjamin Kaduk <kaduk@mit.edu>:
You have taken responsibility.
(Sun, 08 Nov 2015 16:51:24 GMT) (full text, mbox, link).
Notification sent
to Benjamin Kaduk <kaduk@MIT.EDU>:
Bug acknowledged by developer.
(Sun, 08 Nov 2015 16:51:24 GMT) (full text, mbox, link).
Message #25 received at 803088-close@bugs.debian.org (full text, mbox, reply):
Source: krb5
Source-Version: 1.10.1+dfsg-5+deb7u4
We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 803088@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Benjamin Kaduk <kaduk@mit.edu> (supplier of updated krb5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 27 Oct 2015 00:34:53 -0400
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit8 libkadm5clnt-mit8 libk5crypto3 libkdb5-6 libkrb5support0 krb5-gss-samples krb5-locales
Architecture: source all amd64
Version: 1.10.1+dfsg-5+deb7u4
Distribution: wheezy-security
Urgency: high
Maintainer: Sam Hartman <hartmans@debian.org>
Changed-By: Benjamin Kaduk <kaduk@mit.edu>
Description:
krb5-admin-server - MIT Kerberos master server (kadmind)
krb5-doc - Documentation for MIT Kerberos
krb5-gss-samples - MIT Kerberos GSS Sample applications
krb5-kdc - MIT Kerberos key server (KDC)
krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
krb5-locales - Internationalization support for MIT Kerberos
krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
krb5-pkinit - PKINIT plugin for MIT Kerberos
krb5-user - Basic programs to authenticate using MIT Kerberos
libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
libkadm5clnt-mit8 - MIT Kerberos runtime libraries - Administration Clients
libkadm5srv-mit8 - MIT Kerberos runtime libraries - KDC and Admin Server
libkdb5-6 - MIT Kerberos runtime libraries - Kerberos database
libkrb5-3 - MIT Kerberos runtime libraries
libkrb5-dbg - Debugging files for MIT Kerberos
libkrb5-dev - Headers and development libraries for MIT Kerberos
libkrb5support0 - MIT Kerberos runtime libraries - Support library
Closes: 803083 803084 803088
Changes:
krb5 (1.10.1+dfsg-5+deb7u4) wheezy-security; urgency=high
.
* Import upstream patches for four CVEs:
- CVE-2015-2695: SPNEGO context aliasing during establishment,
Closes: #803083
- CVE-2015-2696: IAKERB context aliasing during establishment,
Closes: #803084
- CVE-2015-2697: unsafe string handling in TGS processing,
Closes: #803088
- CVE-2015-2698: regression (memory corruption) in patch for CVE-2015-2696
* In addition to CVE-2015-2698, the upstream patches for CVE-2015-2695
and CVE-2015-2696 introduced regressions preventing the use of
gss_import_sec_context() with contexts established using IAKERB
or SPNEGO; the fixes for those regressions are included here.
Checksums-Sha1:
e35235704c5adcb68497bb7f41cd9b46b3ee8cc2 2938 krb5_1.10.1+dfsg-5+deb7u4.dsc
53c57bf3fbd3f572d2af05f8742784362c45cf44 152640 krb5_1.10.1+dfsg-5+deb7u4.debian.tar.gz
0ba0fdc4ce8222741adc3f0ef2b7585763134894 2668556 krb5-doc_1.10.1+dfsg-5+deb7u4_all.deb
dd500ad7e314c4a179bacc1f666caa16e624a44b 1503656 krb5-locales_1.10.1+dfsg-5+deb7u4_all.deb
d92c84d0690771906c87064be25d1aa2d01f6aa9 153586 krb5-user_1.10.1+dfsg-5+deb7u4_amd64.deb
5cdd51025a4679cac718eebf05f3bac499673cda 226410 krb5-kdc_1.10.1+dfsg-5+deb7u4_amd64.deb
ffc71420c6596f31b234ede425e62796b184b18f 121052 krb5-kdc-ldap_1.10.1+dfsg-5+deb7u4_amd64.deb
94c5e4cf1d20eda70087bc48f494694c0d7b6a6d 123138 krb5-admin-server_1.10.1+dfsg-5+deb7u4_amd64.deb
fd9ee7539ca10a30f3f5d2bdf9644383352574b6 154012 krb5-multidev_1.10.1+dfsg-5+deb7u4_amd64.deb
8bd9c5d88b2b9093076f0d788d3a7b8d0d7a46ea 39976 libkrb5-dev_1.10.1+dfsg-5+deb7u4_amd64.deb
13c24c71cc72a6baefb81dd7286d2c103bd96455 2208114 libkrb5-dbg_1.10.1+dfsg-5+deb7u4_amd64.deb
323f2daf9312efd24ea4c38f03ee6eb1f52ff89a 82770 krb5-pkinit_1.10.1+dfsg-5+deb7u4_amd64.deb
c1e17dba79979375245aed395762b57d4a1646a0 393568 libkrb5-3_1.10.1+dfsg-5+deb7u4_amd64.deb
dfcedf801821ffda0a5e93958c7c3ed9aad8c685 149584 libgssapi-krb5-2_1.10.1+dfsg-5+deb7u4_amd64.deb
f052a5efded759e192da864488339fb089a99c3d 87710 libgssrpc4_1.10.1+dfsg-5+deb7u4_amd64.deb
e6dc894472ed6f58e80e2dce4d1d90ca86e4649b 85226 libkadm5srv-mit8_1.10.1+dfsg-5+deb7u4_amd64.deb
afd8c7bcb6d182ed74fb5a2972be9fc7ee2d193a 68276 libkadm5clnt-mit8_1.10.1+dfsg-5+deb7u4_amd64.deb
475f5c7907132328fd92a0496fe186665340dfff 112908 libk5crypto3_1.10.1+dfsg-5+deb7u4_amd64.deb
2f5b9006669194f84dbb93687cfb33c5d5f8e5aa 67354 libkdb5-6_1.10.1+dfsg-5+deb7u4_amd64.deb
9f3cfd6cfc2c2b1a002e8525216ed131bc438fe7 50082 libkrb5support0_1.10.1+dfsg-5+deb7u4_amd64.deb
26354d03135a43073cf91f1a68260d3767329b9a 52206 krb5-gss-samples_1.10.1+dfsg-5+deb7u4_amd64.deb
Checksums-Sha256:
2a3ded792e6cdb20b5912882b2afd936baab87d8f610e3ebe07a857732266dcd 2938 krb5_1.10.1+dfsg-5+deb7u4.dsc
3534ada7ab8e1418ec94abb1a541fadf8d32ba02d1cea928d87562b9872d23a6 152640 krb5_1.10.1+dfsg-5+deb7u4.debian.tar.gz
55bff00d5ff1dce5a4e57aea68eace809ce763ac20ac5883c3b948f91110d412 2668556 krb5-doc_1.10.1+dfsg-5+deb7u4_all.deb
87a46eff3d15eabaf0da827ff078face6af76746cc5da2078ee5e937eb527b2f 1503656 krb5-locales_1.10.1+dfsg-5+deb7u4_all.deb
aa664d5cb2690c1e428f55fa50ad3b8d1f5a7e8ac216b77cdc4be244caccb829 153586 krb5-user_1.10.1+dfsg-5+deb7u4_amd64.deb
e491df301d722bf9c5cc50c5a3e8eb21d206f6ff3e4e1e2486b4d4ffa43a9ae1 226410 krb5-kdc_1.10.1+dfsg-5+deb7u4_amd64.deb
e67e678d4df1d151af098d7862a83b8bd755cf9aff21624edc596a21402d3a15 121052 krb5-kdc-ldap_1.10.1+dfsg-5+deb7u4_amd64.deb
332bec7f4be79e3f06659befdb689b1e13f38e9d8cd32cce1fc9232db4fb87ce 123138 krb5-admin-server_1.10.1+dfsg-5+deb7u4_amd64.deb
7c15c684bac768986b5b42e97730167d1f4f3a235287161824821540e06bb5a9 154012 krb5-multidev_1.10.1+dfsg-5+deb7u4_amd64.deb
62625bc36dcc14ef22e44d866186e0835b6417a2a52c20d97997365008b7dcf0 39976 libkrb5-dev_1.10.1+dfsg-5+deb7u4_amd64.deb
fdbb9298c4cef5e800bd4ca45c689c3099e3d7bfcc2293bee8ced81ab8bb8d40 2208114 libkrb5-dbg_1.10.1+dfsg-5+deb7u4_amd64.deb
3047cd8b902af5bb73d8c67c632b9a7c52dfa2c5a05ae062ba1316f3c6b7c62c 82770 krb5-pkinit_1.10.1+dfsg-5+deb7u4_amd64.deb
8812bcd3e5ba824209f538c4dc437c3983b56d7818cc517bb52cb81c8049f268 393568 libkrb5-3_1.10.1+dfsg-5+deb7u4_amd64.deb
7d838e248598229cf13b982df63fc7abbf5e6655d4b1539d1de299b408ad61f9 149584 libgssapi-krb5-2_1.10.1+dfsg-5+deb7u4_amd64.deb
add5b4d623f2ec674aa5831138fe7978c0f69ccd3f35399af050e2224f750047 87710 libgssrpc4_1.10.1+dfsg-5+deb7u4_amd64.deb
aac98b5878522f264bfa62ff63e9e085c7bce0e75bec0b549a1e2383bfc16a30 85226 libkadm5srv-mit8_1.10.1+dfsg-5+deb7u4_amd64.deb
1355ffcac51c56574aeeb530c0521f2192956037dbb8860f4a9353976b5eccf0 68276 libkadm5clnt-mit8_1.10.1+dfsg-5+deb7u4_amd64.deb
c1a98d7999ba0cba460cf81a52676faa6fd46b6614ea2b882d9c21091e0e1c3a 112908 libk5crypto3_1.10.1+dfsg-5+deb7u4_amd64.deb
17310bb8acc9165e7284b100854eb43647596b1e834bc32f3567585f64f26786 67354 libkdb5-6_1.10.1+dfsg-5+deb7u4_amd64.deb
a4e144c0ddc2590d780b672a77d7f4e785a54d5f462ba1808cf9749e9fdef316 50082 libkrb5support0_1.10.1+dfsg-5+deb7u4_amd64.deb
26c55cf22ae0080c3c357eabbb4424d43486a6f0656e9c57006bcd382f23807f 52206 krb5-gss-samples_1.10.1+dfsg-5+deb7u4_amd64.deb
Files:
1912e8f44721e806b94250b2105e74c1 2938 net standard krb5_1.10.1+dfsg-5+deb7u4.dsc
29a1040875946fe222180b30bc996f03 152640 net standard krb5_1.10.1+dfsg-5+deb7u4.debian.tar.gz
0020c72baeb6e47af04947206c4bd1cf 2668556 doc optional krb5-doc_1.10.1+dfsg-5+deb7u4_all.deb
ff282d5c951f4cd19a34a3769a99f336 1503656 localization standard krb5-locales_1.10.1+dfsg-5+deb7u4_all.deb
6e66e236bb3746d1dc476af8da23e2b2 153586 net optional krb5-user_1.10.1+dfsg-5+deb7u4_amd64.deb
cfd84f4aaf58227797925a9a9bb21c0a 226410 net optional krb5-kdc_1.10.1+dfsg-5+deb7u4_amd64.deb
1a94206b6cb98b00b03a57063209fef1 121052 net extra krb5-kdc-ldap_1.10.1+dfsg-5+deb7u4_amd64.deb
56c21f37a28e82eefc504f34f91bfcc0 123138 net optional krb5-admin-server_1.10.1+dfsg-5+deb7u4_amd64.deb
c10ba8e2bf5967ba6d65c993cd90922a 154012 libdevel optional krb5-multidev_1.10.1+dfsg-5+deb7u4_amd64.deb
a4d2042f0c2a7d4130bdba6c6ebac7f2 39976 libdevel extra libkrb5-dev_1.10.1+dfsg-5+deb7u4_amd64.deb
7369ab12f3fa3023b8e8afca2d9e3d8c 2208114 debug extra libkrb5-dbg_1.10.1+dfsg-5+deb7u4_amd64.deb
b27a991b39ead7723e75e29773c7e7e3 82770 net extra krb5-pkinit_1.10.1+dfsg-5+deb7u4_amd64.deb
135a2946a30fea023dc001c37a7d688d 393568 libs standard libkrb5-3_1.10.1+dfsg-5+deb7u4_amd64.deb
fcec2d6763adbae58db0c0fb23463376 149584 libs standard libgssapi-krb5-2_1.10.1+dfsg-5+deb7u4_amd64.deb
8274fc6ef7cae7720507e250434c5c81 87710 libs standard libgssrpc4_1.10.1+dfsg-5+deb7u4_amd64.deb
165858f46fc3815e96a99df6ebe5d803 85226 libs standard libkadm5srv-mit8_1.10.1+dfsg-5+deb7u4_amd64.deb
759f10fe884cde2b083b310c93a2a7f1 68276 libs standard libkadm5clnt-mit8_1.10.1+dfsg-5+deb7u4_amd64.deb
c90c1800ac8bba1c2c7776d4ad462d1e 112908 libs standard libk5crypto3_1.10.1+dfsg-5+deb7u4_amd64.deb
e3fc77c4d83d14419a1970f7eee1a006 67354 libs standard libkdb5-6_1.10.1+dfsg-5+deb7u4_amd64.deb
630bd02c5fe87f0ecb9dd71f769b08bc 50082 libs standard libkrb5support0_1.10.1+dfsg-5+deb7u4_amd64.deb
2df8dc459789b926cc015dc35a42cf4c 52206 net extra krb5-gss-samples_1.10.1+dfsg-5+deb7u4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWO7IKAAoJEAVMuPMTQ89EjBMP+wagJN7OrPwirLBlSqlD0D1B
oxgjpFn1VlDxGXXtjcGP2HaVAt9bYOMivocK62bsDBTbdP59qBsmmOg5gjBUfwCd
SeNwqwEMotuDEvs2sgyESwDov2hJnU31hzM6AXdy5SgujJ605JjaqYZRTpFEQ6u8
4xLxqo9Eovwsx0eNmGJSyXuKXGVN1eH+9gQt/TKftFhjiJ1bVCQIczSNQtkjk2Yb
oOVWqDxLTe60RuCyjESHk77+iBt+i8EB/LdiNsri5+P1xRFaqbsA7qjDMKt9PMOJ
y8U2OUZq2g3vxs7gG0DN1iMh64uFLWODEMLyKqzf9/33mDJNne73x8FNDjCvA2E4
WjTjyqA1S7SYdOlWLAJ0GIVFS+rwtwlgDlEue3KotQwrjdgwmPyRg+vMXgE0D3n+
CY0Iyn+a2ikMmsOgfSezSH0HevUbHWOTEIhS9HYjmFLVWStw1E4UpADMoUnLbOID
7uuznL3914PH/2fc2sSaCwUPZAlDwiZBSWdeOlyWlIbgr/D31sBo54jDcf6tNc1t
yBoreFgM2VFwpeVApGLmAN/8jXxFcltnMllYHUSgsx8Sp7EDJUgvfuFQa5kcWzm1
1Xn465HrxBMmVTTSiu9X1Gq2F6dyfo1XlSbMLyL35dNbEJoxYkzGFS9uttHBJhS7
ht/xJvapCEDmd0LuCkRB
=p6Zs
-----END PGP SIGNATURE-----
No longer marked as fixed in versions krb5/1.10.1+dfsg-5+deb7u4.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 11 Nov 2015 21:06:03 GMT) (full text, mbox, link).
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Sun, 15 Nov 2015 22:51:34 GMT) (full text, mbox, link).
Notification sent
to Benjamin Kaduk <kaduk@MIT.EDU>:
Bug acknowledged by developer.
(Sun, 15 Nov 2015 22:51:34 GMT) (full text, mbox, link).
Message #32 received at 803088-close@bugs.debian.org (full text, mbox, reply):
Source: krb5
Source-Version: 1.10.1+dfsg-5+deb7u5
We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 803088@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated krb5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 11 Nov 2015 22:05:19 +0100
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit8 libkadm5clnt-mit8 libk5crypto3 libkdb5-6 libkrb5support0 krb5-gss-samples krb5-locales
Architecture: source all amd64
Version: 1.10.1+dfsg-5+deb7u5
Distribution: wheezy-security
Urgency: high
Maintainer: Sam Hartman <hartmans@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
krb5-admin-server - MIT Kerberos master server (kadmind)
krb5-doc - Documentation for MIT Kerberos
krb5-gss-samples - MIT Kerberos GSS Sample applications
krb5-kdc - MIT Kerberos key server (KDC)
krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
krb5-locales - Internationalization support for MIT Kerberos
krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
krb5-pkinit - PKINIT plugin for MIT Kerberos
krb5-user - Basic programs to authenticate using MIT Kerberos
libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
libkadm5clnt-mit8 - MIT Kerberos runtime libraries - Administration Clients
libkadm5srv-mit8 - MIT Kerberos runtime libraries - KDC and Admin Server
libkdb5-6 - MIT Kerberos runtime libraries - Kerberos database
libkrb5-3 - MIT Kerberos runtime libraries
libkrb5-dbg - Debugging files for MIT Kerberos
libkrb5-dev - Headers and development libraries for MIT Kerberos
libkrb5support0 - MIT Kerberos runtime libraries - Support library
Closes: 803088
Changes:
krb5 (1.10.1+dfsg-5+deb7u5) wheezy-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Add missing 0036-Fix-build_principal-memory-bug-CVE-2015-2697.patch.
CVE-2015-2697: unsafe string handling in TGS processing.
The previous wheezy-security upload mentioned the fix, but did not
include the patch in the upload.
Thanks to Marc Deslauriers (Closes: #803088)
Checksums-Sha1:
b878450602e1cf4f7b2e908a2be73f801097783e 2938 krb5_1.10.1+dfsg-5+deb7u5.dsc
10762a2b5e6142f8c4b07030e13397c1b139fbbe 153757 krb5_1.10.1+dfsg-5+deb7u5.debian.tar.gz
e564f64793ae185ce80a3dc096485656060d55b0 2668694 krb5-doc_1.10.1+dfsg-5+deb7u5_all.deb
c4452cd6d798cb68c8070abef704256e1b1b258c 1503800 krb5-locales_1.10.1+dfsg-5+deb7u5_all.deb
766ceacd24486c01b735783869e6dd727473f891 153734 krb5-user_1.10.1+dfsg-5+deb7u5_amd64.deb
f5b0789fc1ac2bb80fd1ecd4a64edba669c4b3dd 226522 krb5-kdc_1.10.1+dfsg-5+deb7u5_amd64.deb
a8e24979d924ad54ac733b6332ab4f635ec50679 121206 krb5-kdc-ldap_1.10.1+dfsg-5+deb7u5_amd64.deb
d3cd453bfed1e01435959652df4bebbfb43c0df6 123304 krb5-admin-server_1.10.1+dfsg-5+deb7u5_amd64.deb
882c3e4d1fc40357ac6e44ec6aa3e344065b2e75 154132 krb5-multidev_1.10.1+dfsg-5+deb7u5_amd64.deb
ec2132d077aa2e0ee4c646c4f68ce49e4666ebab 40056 libkrb5-dev_1.10.1+dfsg-5+deb7u5_amd64.deb
ca13994bb356fe88b02825e4fb3c817bb4ec53fd 2209782 libkrb5-dbg_1.10.1+dfsg-5+deb7u5_amd64.deb
e36f8acc3953ddfe9a2696243705c8cc4378b407 82892 krb5-pkinit_1.10.1+dfsg-5+deb7u5_amd64.deb
eac164c8f96c9f9ae9526524df9c89f1b4f7192c 393670 libkrb5-3_1.10.1+dfsg-5+deb7u5_amd64.deb
41dd35d456f1571439c7a2325af0f421bbae3317 149742 libgssapi-krb5-2_1.10.1+dfsg-5+deb7u5_amd64.deb
9bf498d6ff4e8254e63d38a6f9be3e0bb5d3580f 87842 libgssrpc4_1.10.1+dfsg-5+deb7u5_amd64.deb
e69dbbcecbb411b1400fb502d0e927b8438396ca 85342 libkadm5srv-mit8_1.10.1+dfsg-5+deb7u5_amd64.deb
ea21dd32d2ed0e5364ee8ecae4b83a9a049f3a60 68404 libkadm5clnt-mit8_1.10.1+dfsg-5+deb7u5_amd64.deb
b29c0c739d619c8b74228a4fb30c6ea8b68b9365 113008 libk5crypto3_1.10.1+dfsg-5+deb7u5_amd64.deb
168ae3536c3abec6e15ea339e9ee2944d86b539d 67480 libkdb5-6_1.10.1+dfsg-5+deb7u5_amd64.deb
f1874659215f21d4b82fd89a15d6ec8486846ae5 50196 libkrb5support0_1.10.1+dfsg-5+deb7u5_amd64.deb
d91905579f87b8817b73d70d0438150f67a8e0e5 52370 krb5-gss-samples_1.10.1+dfsg-5+deb7u5_amd64.deb
Checksums-Sha256:
02108d962c29f85cc8f985e73635333054c553cae70c1358936c6dc7bad9f876 2938 krb5_1.10.1+dfsg-5+deb7u5.dsc
9212ec0c88ccb26f09f8836f5ef2a55ed2258f82ed1be9a5088039da817648e6 153757 krb5_1.10.1+dfsg-5+deb7u5.debian.tar.gz
78e86001d3b5772378682561fe02297f0f09004a3a5544760282006fff2f15db 2668694 krb5-doc_1.10.1+dfsg-5+deb7u5_all.deb
a89d9b30b996bf45fabe23aa5b1654a8b9c7a4a4d37c14fca5bd464f3f983e6d 1503800 krb5-locales_1.10.1+dfsg-5+deb7u5_all.deb
64ac3212accf61b14ab4e0c9c447ea92775d618304b5d2e1877807fc6e5120be 153734 krb5-user_1.10.1+dfsg-5+deb7u5_amd64.deb
5f919dd0491adbcad4ac8c42d6da24f2981888a1ff9482fcf76f3c107ca1d8cc 226522 krb5-kdc_1.10.1+dfsg-5+deb7u5_amd64.deb
0db1b23a6070de75e13d2ee50545ea67a974101a9bef9763ccd512675db039e3 121206 krb5-kdc-ldap_1.10.1+dfsg-5+deb7u5_amd64.deb
fb468c3a715dfa187804bba7bd6fdb82bff45a09c5f1466ebcc54eaa031cd795 123304 krb5-admin-server_1.10.1+dfsg-5+deb7u5_amd64.deb
74587ff11a9105dc3a8c39f38eb582e567d7944b6744364ff64ad54670e9dfd1 154132 krb5-multidev_1.10.1+dfsg-5+deb7u5_amd64.deb
12bc7e2c1b282d8f66bf757e3489e801e3103eaee4af1a81d6c1ff7f02f447ae 40056 libkrb5-dev_1.10.1+dfsg-5+deb7u5_amd64.deb
1d181f75fe1cd56c9a90b99b07a36d021d4985fb8472a00630e2bef89d88ec65 2209782 libkrb5-dbg_1.10.1+dfsg-5+deb7u5_amd64.deb
9561187df1417e3d214bbfb8f71fc5983f25c6eae86d6394cade880abe9faa5b 82892 krb5-pkinit_1.10.1+dfsg-5+deb7u5_amd64.deb
c2d53d227ef2c51870e03c3835c5cc4b8cdbf5e26b3bdae1dc796ea283d81d4f 393670 libkrb5-3_1.10.1+dfsg-5+deb7u5_amd64.deb
d033e39877a331266a32d0806cfcfa2ad153481d17494e0c797653c71d397e08 149742 libgssapi-krb5-2_1.10.1+dfsg-5+deb7u5_amd64.deb
907ddcc0fb897ae55dc7be863b053bf336ca3ca7ba3854d99ef970b58c44f82b 87842 libgssrpc4_1.10.1+dfsg-5+deb7u5_amd64.deb
009bdb5e888ab0f4078473e0103b0cb696c3efbf1468411f15a0f249f5b881cb 85342 libkadm5srv-mit8_1.10.1+dfsg-5+deb7u5_amd64.deb
b639318ece04b8fa7a213086e9f0d2845c7647b57cfca6fe808fd40053bdb0e0 68404 libkadm5clnt-mit8_1.10.1+dfsg-5+deb7u5_amd64.deb
dc73d4b086f12c4350eb0eaa4f319d677aa6fb132d2188e16b8f9edbbef00ec5 113008 libk5crypto3_1.10.1+dfsg-5+deb7u5_amd64.deb
c61db1af9c473b0603b4e0608442fdb1c20719ebd945cc90f0cadf936bb73665 67480 libkdb5-6_1.10.1+dfsg-5+deb7u5_amd64.deb
4b28baa8d596e617cbe3a4594442911d35083a283cea12a62ea24b1e3680da46 50196 libkrb5support0_1.10.1+dfsg-5+deb7u5_amd64.deb
5249cc304bbbb37d808ef52cd0c68037393815f169e717c6d35190acc959a978 52370 krb5-gss-samples_1.10.1+dfsg-5+deb7u5_amd64.deb
Files:
f004908209b0bb90f2eadbb26e5a3135 2938 net standard krb5_1.10.1+dfsg-5+deb7u5.dsc
a523877f812dcdc526aee98f17be5581 153757 net standard krb5_1.10.1+dfsg-5+deb7u5.debian.tar.gz
d8a79c883f6ced29b91a405454b81e96 2668694 doc optional krb5-doc_1.10.1+dfsg-5+deb7u5_all.deb
ed449d12a09c28b45eba6873d2724f57 1503800 localization standard krb5-locales_1.10.1+dfsg-5+deb7u5_all.deb
003eb265c5c95356f282ea008f6ea956 153734 net optional krb5-user_1.10.1+dfsg-5+deb7u5_amd64.deb
3ae50ae982da6f4e10e862174982e195 226522 net optional krb5-kdc_1.10.1+dfsg-5+deb7u5_amd64.deb
f7e934bb6ad319f305a5ea5e5aec41f5 121206 net extra krb5-kdc-ldap_1.10.1+dfsg-5+deb7u5_amd64.deb
d3b88a18dace629e1401a93d3f1c9754 123304 net optional krb5-admin-server_1.10.1+dfsg-5+deb7u5_amd64.deb
43a4050771550cb2e5d7e9c2497a2ef7 154132 libdevel optional krb5-multidev_1.10.1+dfsg-5+deb7u5_amd64.deb
8f4d371ca3911aad8ab817211af03f8d 40056 libdevel extra libkrb5-dev_1.10.1+dfsg-5+deb7u5_amd64.deb
7417502fa7da7b3dc0ec0f607b86f063 2209782 debug extra libkrb5-dbg_1.10.1+dfsg-5+deb7u5_amd64.deb
69f1fbdfb24ebdbfaea9d493ed7dec8a 82892 net extra krb5-pkinit_1.10.1+dfsg-5+deb7u5_amd64.deb
dabfdaa19f72336316d58b5be8e9f0af 393670 libs standard libkrb5-3_1.10.1+dfsg-5+deb7u5_amd64.deb
b4694262e230783569de4d59835d8ef8 149742 libs standard libgssapi-krb5-2_1.10.1+dfsg-5+deb7u5_amd64.deb
4f766ec41e05164141b5b17f9bce382d 87842 libs standard libgssrpc4_1.10.1+dfsg-5+deb7u5_amd64.deb
b4bf04368ad8ba796e368302c19ded66 85342 libs standard libkadm5srv-mit8_1.10.1+dfsg-5+deb7u5_amd64.deb
94b568d8f28dd034199e775b5e2ee987 68404 libs standard libkadm5clnt-mit8_1.10.1+dfsg-5+deb7u5_amd64.deb
7a569b5a22af7fe800f91eefb8e8aa6b 113008 libs standard libk5crypto3_1.10.1+dfsg-5+deb7u5_amd64.deb
6220623c6d8cc0e704eaaf899fae129c 67480 libs standard libkdb5-6_1.10.1+dfsg-5+deb7u5_amd64.deb
797711e4ecc5da53573b7371e7839ab7 50196 libs standard libkrb5support0_1.10.1+dfsg-5+deb7u5_amd64.deb
0537e7e3d989ec5655ab2a7fa0476844 52370 net extra krb5-gss-samples_1.10.1+dfsg-5+deb7u5_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWQ7AXAAoJEAVMuPMTQ89EncoP/3s3Z5EjPXzzrWsvhmuwy29x
qV80twDdchmAwh8jX3hpaIzup6/mHvuwsXJiRpoIXWZK2D0FQ+T24cKeu619KQ0r
0wUmvpcMMHdXM6NACX07qiStzh+8xSW9BqmuH0ydAH6EamFDYGpkuf/JrQg7XSU+
GUWIXooFuuvIRRsjZ3aie40VxD85JksSMN8R5evjDgmy80vcpkRjIOWXwW8NHDbN
On9P1LrOFSJ+/CiFwrzVb5iChk9+p7TptI3RhvbOL2Yx76IEFpcQseEcZX8tgrIi
/twERROdczq5wuOnSDBvQO2UvXSlfUaEF84chuwORG3BiXl8rTRSidtOVWuIFF12
VsbPzSdaYYuru0myqKKZj9LHlZFVQlUmKlJU6klPjiru21fOTb9NXkqPtN4nzpzW
IjGLfGPoX1eSSH6QhE7wIkjimM8fwZZfH2ktD1YJknP26R/GRT/rEfwp5G1j1HUt
V5mVcXTiEdB9kfeyIzmWiWhrHAKAoQ4ckQwEJB9hROEjezd+F1WScNPfYsI9VEzO
qGNixp1yN44z87dMIQEMFjkWTfdkZ7rtsTK36XoJ3gs5nt3iRmZXPr2wK7pnfdLn
49n31izPx+hb7eV522q/wOpAMdNkXBxZF05SqC8Dvnu88YYdpQT8WZ9HBJiqT/hC
bGiDQLLS7oQ/wEhxDDGv
=0Z/u
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 14 Dec 2015 07:49:59 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:16:22 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon