Related Vulnerabilities: CVE-2015-2695 CVE-2015-2696 CVE-2015-2697 CVE-2015-2698

Source

Debian Bug report logs - #803083
CVE-2015-2695 in libgssapi-krb5-2, SPNEGO context aliasing

Package: libgssapi-krb5-2; Maintainer for libgssapi-krb5-2 is Sam Hartman <hartmans@debian.org>; Source for libgssapi-krb5-2 is src:krb5 (PTS, buildd, popcon).

Reported by: Benjamin Kaduk <kaduk@MIT.EDU>

Date: Mon, 26 Oct 2015 18:30:02 UTC

Severity: normal

Tags: fixed-upstream, security, upstream

Found in versions krb5/1.8.3+dfsg-4squeeze7, krb5/1.8.3+dfsg-1

Fixed in versions krb5/1.13.2+dfsg-3, krb5/1.12.1+dfsg-19+deb8u1, krb5/1.10.1+dfsg-5+deb7u4

Done: Benjamin Kaduk <kaduk@mit.edu>

Bug is archived. No further changes may be made.

Forwarded to http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Sam Hartman <hartmans@debian.org>:
Bug#803083; Package libgssapi-krb5-2. (Mon, 26 Oct 2015 18:30:05 GMT) (full text, mbox, link).

Acknowledgement sent to Benjamin Kaduk <kaduk@MIT.EDU>:
New Bug report received and forwarded. Copy sent to Sam Hartman <hartmans@debian.org>. (Mon, 26 Oct 2015 18:30:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: libgssapi-krb5-2
Version: 1.8.3+dfsg-4squeeze7
Tags: security fixed-upstream

A partially constructed GSS security context can access a pointer as the
wrong type, generally causing a program crash.  Fixed upstream at
https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d

-Ben

Marked as found in versions krb5/1.8.3+dfsg-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Mon, 26 Oct 2015 18:51:18 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Sam Hartman <hartmans@debian.org>:
Bug#803083; Package libgssapi-krb5-2. (Mon, 26 Oct 2015 18:54:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Sam Hartman <hartmans@debian.org>. (Mon, 26 Oct 2015 18:54:04 GMT) (full text, mbox, link).

Message #12 received at 803083@bugs.debian.org (full text, mbox, reply):

On Mon, 26 Oct 2015 14:26:44 -0400 (EDT) Benjamin Kaduk <kaduk@MIT.EDU> wrote:
> Package: libgssapi-krb5-2
> Version: 1.8.3+dfsg-4squeeze7
> Tags: security fixed-upstream
> 
> A partially constructed GSS security context can access a pointer as the
> wrong type, generally causing a program crash.  Fixed upstream at
> https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d
> 
> -Ben
> 
>

Marked as fixed in versions krb5/1.13.2+dfsg-3. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Mon, 26 Oct 2015 18:57:20 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Sam Hartman <hartmans@debian.org>:
Bug#803083; Package libgssapi-krb5-2. (Mon, 26 Oct 2015 19:00:03 GMT) (full text, mbox, link).

Acknowledgement sent to Benjamin Kaduk <kaduk@MIT.EDU>:
Extra info received and forwarded to list. Copy sent to Sam Hartman <hartmans@debian.org>. (Mon, 26 Oct 2015 19:00:03 GMT) (full text, mbox, link).

Message #19 received at 803083@bugs.debian.org (full text, mbox, reply):

On Mon, 26 Oct 2015, Salvatore Bonaccorso wrote:

> On Mon, 26 Oct 2015 14:26:44 -0400 (EDT) Benjamin Kaduk <kaduk@MIT.EDU> wrote:
> > Package: libgssapi-krb5-2
> > Version: 1.8.3+dfsg-4squeeze7
> > Tags: security fixed-upstream
> >
> > A partially constructed GSS security context can access a pointer as the
> > wrong type, generally causing a program crash.  Fixed upstream at
> > https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d

Hi Salvatore,

As I am only a DM, not a DD, should I send you just source debdiffs for
jessie and wheezy?

Thanks,

Ben

Added tag(s) upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Mon, 26 Oct 2015 19:03:10 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#803083; Package libgssapi-krb5-2. (Mon, 26 Oct 2015 20:06:03 GMT) (full text, mbox, link).

Acknowledgement sent to Sam Hartman <hartmans@debian.org>:
Extra info received and forwarded to list. (Mon, 26 Oct 2015 20:06:03 GMT) (full text, mbox, link).

Message #26 received at 803083@bugs.debian.org (full text, mbox, reply):

Do I need to do anything here?
I have availability this evening and Wednesday evening.

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#803083; Package libgssapi-krb5-2. (Mon, 26 Oct 2015 20:06:06 GMT) (full text, mbox, link).

Acknowledgement sent to Sam Hartman <hartmans@debian.org>:
Extra info received and forwarded to list. (Mon, 26 Oct 2015 20:06:06 GMT) (full text, mbox, link).

Message #31 received at 803083@bugs.debian.org (full text, mbox, reply):

Also, do you want to fix the not a DD problem?

Information forwarded to debian-bugs-dist@lists.debian.org, Sam Hartman <hartmans@debian.org>:
Bug#803083; Package libgssapi-krb5-2. (Mon, 26 Oct 2015 20:09:04 GMT) (full text, mbox, link).

Message #36 received at 803083@bugs.debian.org (full text, mbox, reply):

On Mon, 26 Oct 2015, Sam Hartman wrote:

> Do I need to do anything here?

Maybe, maybe not.

I am working on debdiffs for jessie and wheezy.  If I remember correctly,
those need to get reviewed by the security team and then uploaded to the
security queue.  It may make more sense for you to do the uploads than
Salvatore, depending on how the timing works out.

-Ben

Information forwarded to debian-bugs-dist@lists.debian.org, Sam Hartman <hartmans@debian.org>:
Bug#803083; Package libgssapi-krb5-2. (Mon, 26 Oct 2015 20:12:04 GMT) (full text, mbox, link).

Message #41 received at 803083@bugs.debian.org (full text, mbox, reply):

Hi Sam, hi Ben,

On Mon, Oct 26, 2015 at 04:04:24PM -0400, Sam Hartman wrote:
> Do I need to do anything here?
> I have availability this evening and Wednesday evening.

I just only added the issues to the security-tracker but have not yet
looked at any of the issues closer. Can you, once you have updates
ready for wheezy- and jessie-security send debdiffs for a review to
the security team mail alias? (team@security.debian.org).

Thanks in advance already!

Regards,
Salvatore

Set Bug forwarded-to-address to 'http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Mon, 26 Oct 2015 21:09:05 GMT) (full text, mbox, link).

Reply sent to Benjamin Kaduk <kaduk@mit.edu>:
You have taken responsibility. (Sun, 08 Nov 2015 16:51:07 GMT) (full text, mbox, link).

Notification sent to Benjamin Kaduk <kaduk@MIT.EDU>:
Bug acknowledged by developer. (Sun, 08 Nov 2015 16:51:07 GMT) (full text, mbox, link).

Message #48 received at 803083-close@bugs.debian.org (full text, mbox, reply):

Source: krb5
Source-Version: 1.12.1+dfsg-19+deb8u1

We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 803083@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Benjamin Kaduk <kaduk@mit.edu> (supplier of updated krb5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 04 Nov 2015 22:05:10 -0500
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-otp krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit9 libkadm5clnt-mit9 libk5crypto3 libkdb5-7 libkrb5support0 libkrad0 krb5-gss-samples krb5-locales libkrad-dev
Architecture: all source
Version: 1.12.1+dfsg-19+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Sam Hartman <hartmans@debian.org>
Changed-By: Benjamin Kaduk <kaduk@mit.edu>
Closes: 803083 803084 803088
Description: 
 krb5-admin-server - MIT Kerberos master server (kadmind)
 krb5-doc   - Documentation for MIT Kerberos
 krb5-gss-samples - MIT Kerberos GSS Sample applications
 krb5-kdc   - MIT Kerberos key server (KDC)
 krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
 krb5-locales - Internationalization support for MIT Kerberos
 krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
 krb5-otp   - OTP plugin for MIT Kerberos
 krb5-pkinit - PKINIT plugin for MIT Kerberos
 krb5-user  - Basic programs to authenticate using MIT Kerberos
 libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
 libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
 libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
 libkadm5clnt-mit9 - MIT Kerberos runtime libraries - Administration Clients
 libkadm5srv-mit9 - MIT Kerberos runtime libraries - KDC and Admin Server
 libkdb5-7  - MIT Kerberos runtime libraries - Kerberos database
 libkrad-dev - MIT Kerberos RADIUS Library Development
 libkrad0   - MIT Kerberos runtime libraries - RADIUS library
 libkrb5-3  - MIT Kerberos runtime libraries
 libkrb5-dbg - Debugging files for MIT Kerberos
 libkrb5-dev - Headers and development libraries for MIT Kerberos
 libkrb5support0 - MIT Kerberos runtime libraries - Support library
Changes:
 krb5 (1.12.1+dfsg-19+deb8u1) jessie-security; urgency=high
 .
   * Import upstream patches for four CVEs:
     - CVE-2015-2695: SPNEGO context aliasing during establishment,
       Closes: #803083
     - CVE-2015-2696: IAKERB context aliasing during establishment,
       Closes: #803084
     - CVE-2015-2697: unsafe string handling in TGS processing,
       Closes: #803088
     - CVE-2015-2698: regression (memory corruption) in patch for CVE-2015-2696
   * In addition to CVE-2015-2698, the upstream patches for CVE-2015-2695
     and CVE-2015-2696 introduced regressions preventing the use of
     gss_import_sec_context() with contexts established using IAKERB
     or SPNEGO; the fixes for those regressions are included here.
Checksums-Sha1: 
 61673ddbd11c4616de0086869a5f0dd6377461d2 3368 krb5_1.12.1+dfsg-19+deb8u1.dsc
 d211e7d605bd992d33b7cbca1da14d68f0770258 11792370 krb5_1.12.1+dfsg.orig.tar.gz
 5e694b245486d6c7faaada4fe8758acfbaec6e7e 120776 krb5_1.12.1+dfsg-19+deb8u1.debian.tar.xz
 4f00835bb76ac5092b64b718d057db9653aa8871 4684170 krb5-doc_1.12.1+dfsg-19+deb8u1_all.deb
 2d06bfb0303a2d74319cf4cf34c780b33e34ee20 2648402 krb5-locales_1.12.1+dfsg-19+deb8u1_all.deb
Checksums-Sha256: 
 51e6242849ef2a909a56224ad08365db093a08936317dc6d8dfcb3edf67e1a8e 3368 krb5_1.12.1+dfsg-19+deb8u1.dsc
 eb29959f1e9f8d71e7401f5809daefae067296eb5b0da1176366280a16bdd784 11792370 krb5_1.12.1+dfsg.orig.tar.gz
 0e61a1ba59d3f25a0a40022fd8a316c917e3c4ca9bb7b604646e949fd91d592f 120776 krb5_1.12.1+dfsg-19+deb8u1.debian.tar.xz
 0e8d9bf109acb5329a1a9cf1ecb5f3e9413121a8a00d3ed435b4f84486bd7d4e 4684170 krb5-doc_1.12.1+dfsg-19+deb8u1_all.deb
 2b43298b682f351421e7e12f259485a3adc4370a72a2d0cbd833915feb5052ee 2648402 krb5-locales_1.12.1+dfsg-19+deb8u1_all.deb
Files: 
 e3c9d6b37935ac04cf33f08bf4aaea5e 3368 net standard krb5_1.12.1+dfsg-19+deb8u1.dsc
 dd0367010b3d2385d9f23db25457a0bf 11792370 net standard krb5_1.12.1+dfsg.orig.tar.gz
 d1f9a984af597b08307f41b160a73367 120776 net standard krb5_1.12.1+dfsg-19+deb8u1.debian.tar.xz
 895c89bc1fc94f1917aeab6027280618 4684170 doc optional krb5-doc_1.12.1+dfsg-19+deb8u1_all.deb
 233a91de57e2e2ea4e68c17968082766 2648402 localization standard krb5-locales_1.12.1+dfsg-19+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWO67XAAoJEAVMuPMTQ89EiNIQAJ9M25jvoua+9vXkhSIc8k5N
ETUlpaJN7d++1UzUDGCAV+2vPwxYU/68ivP69UdZQfF6np6+G0YBl5BKzB1HUnUL
TCUVKHI+u7yOiSVibJIbMcyA9h9fbao7OKeCWfHU4usLP+XQxnNH3uru0frsKoDs
so3YEw08jHJFv0prVDse3R4Vipexwm1c0gys8EtA+hLz7ErGsAQjyjdwIPNWSuj+
ydYhH+uaiGrAaE8vWTnpmB8IB8tm8IyIIyq9+3lgeFxX0BpCjMmaD6Em5uwRo12o
b/yAEUrm4aS4FnDembfuttH1QkUYO4OwVLzTDHl6pPNR0s4BkM2BbLDe9fNwyrjY
rKxzHX9NuiOytRVHVE+tn4XgnLJcqewnQlfk9kVKQh41CeD+i6EIMnv9vFm3qP4+
lfye76Al7QMWw4AreaNmxdTrGn3KND8Y/36m3vqZT+bqF2CSKxBMVQoxwu0N8u7+
ivF5atydU2jypcPnjnblkdMs+nsQdqrMVydLsb9hCiF5lVgq3tP23w/hVmMsDyS6
QP5+dadOWfKO2CCZfAPy9ZD9G3RcLc8l/UAYmMQGp67QDW9JkJ3Hx7YFY2TQPgJb
FG5go0+vNdqcV83og9/IJW0wR1retFRebLjigkgzn792mlt4+QPF6OWcZ70gUIP3
uckbN8OXLNe0XY7Y/ZCk
=P2qI
-----END PGP SIGNATURE-----

Reply sent to Benjamin Kaduk <kaduk@mit.edu>:
You have taken responsibility. (Sun, 08 Nov 2015 16:51:11 GMT) (full text, mbox, link).

Notification sent to Benjamin Kaduk <kaduk@MIT.EDU>:
Bug acknowledged by developer. (Sun, 08 Nov 2015 16:51:11 GMT) (full text, mbox, link).

Message #53 received at 803083-close@bugs.debian.org (full text, mbox, reply):

Source: krb5
Source-Version: 1.10.1+dfsg-5+deb7u4

We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 803083@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Benjamin Kaduk <kaduk@mit.edu> (supplier of updated krb5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 27 Oct 2015 00:34:53 -0400
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit8 libkadm5clnt-mit8 libk5crypto3 libkdb5-6 libkrb5support0 krb5-gss-samples krb5-locales
Architecture: source all amd64
Version: 1.10.1+dfsg-5+deb7u4
Distribution: wheezy-security
Urgency: high
Maintainer: Sam Hartman <hartmans@debian.org>
Changed-By: Benjamin Kaduk <kaduk@mit.edu>
Description: 
 krb5-admin-server - MIT Kerberos master server (kadmind)
 krb5-doc   - Documentation for MIT Kerberos
 krb5-gss-samples - MIT Kerberos GSS Sample applications
 krb5-kdc   - MIT Kerberos key server (KDC)
 krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
 krb5-locales - Internationalization support for MIT Kerberos
 krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
 krb5-pkinit - PKINIT plugin for MIT Kerberos
 krb5-user  - Basic programs to authenticate using MIT Kerberos
 libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
 libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
 libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
 libkadm5clnt-mit8 - MIT Kerberos runtime libraries - Administration Clients
 libkadm5srv-mit8 - MIT Kerberos runtime libraries - KDC and Admin Server
 libkdb5-6  - MIT Kerberos runtime libraries - Kerberos database
 libkrb5-3  - MIT Kerberos runtime libraries
 libkrb5-dbg - Debugging files for MIT Kerberos
 libkrb5-dev - Headers and development libraries for MIT Kerberos
 libkrb5support0 - MIT Kerberos runtime libraries - Support library
Closes: 803083 803084 803088
Changes: 
 krb5 (1.10.1+dfsg-5+deb7u4) wheezy-security; urgency=high
 .
   * Import upstream patches for four CVEs:
     - CVE-2015-2695: SPNEGO context aliasing during establishment,
       Closes: #803083
     - CVE-2015-2696: IAKERB context aliasing during establishment,
       Closes: #803084
     - CVE-2015-2697: unsafe string handling in TGS processing,
       Closes: #803088
     - CVE-2015-2698: regression (memory corruption) in patch for CVE-2015-2696
   * In addition to CVE-2015-2698, the upstream patches for CVE-2015-2695
     and CVE-2015-2696 introduced regressions preventing the use of
     gss_import_sec_context() with contexts established using IAKERB
     or SPNEGO; the fixes for those regressions are included here.
Checksums-Sha1: 
 e35235704c5adcb68497bb7f41cd9b46b3ee8cc2 2938 krb5_1.10.1+dfsg-5+deb7u4.dsc
 53c57bf3fbd3f572d2af05f8742784362c45cf44 152640 krb5_1.10.1+dfsg-5+deb7u4.debian.tar.gz
 0ba0fdc4ce8222741adc3f0ef2b7585763134894 2668556 krb5-doc_1.10.1+dfsg-5+deb7u4_all.deb
 dd500ad7e314c4a179bacc1f666caa16e624a44b 1503656 krb5-locales_1.10.1+dfsg-5+deb7u4_all.deb
 d92c84d0690771906c87064be25d1aa2d01f6aa9 153586 krb5-user_1.10.1+dfsg-5+deb7u4_amd64.deb
 5cdd51025a4679cac718eebf05f3bac499673cda 226410 krb5-kdc_1.10.1+dfsg-5+deb7u4_amd64.deb
 ffc71420c6596f31b234ede425e62796b184b18f 121052 krb5-kdc-ldap_1.10.1+dfsg-5+deb7u4_amd64.deb
 94c5e4cf1d20eda70087bc48f494694c0d7b6a6d 123138 krb5-admin-server_1.10.1+dfsg-5+deb7u4_amd64.deb
 fd9ee7539ca10a30f3f5d2bdf9644383352574b6 154012 krb5-multidev_1.10.1+dfsg-5+deb7u4_amd64.deb
 8bd9c5d88b2b9093076f0d788d3a7b8d0d7a46ea 39976 libkrb5-dev_1.10.1+dfsg-5+deb7u4_amd64.deb
 13c24c71cc72a6baefb81dd7286d2c103bd96455 2208114 libkrb5-dbg_1.10.1+dfsg-5+deb7u4_amd64.deb
 323f2daf9312efd24ea4c38f03ee6eb1f52ff89a 82770 krb5-pkinit_1.10.1+dfsg-5+deb7u4_amd64.deb
 c1e17dba79979375245aed395762b57d4a1646a0 393568 libkrb5-3_1.10.1+dfsg-5+deb7u4_amd64.deb
 dfcedf801821ffda0a5e93958c7c3ed9aad8c685 149584 libgssapi-krb5-2_1.10.1+dfsg-5+deb7u4_amd64.deb
 f052a5efded759e192da864488339fb089a99c3d 87710 libgssrpc4_1.10.1+dfsg-5+deb7u4_amd64.deb
 e6dc894472ed6f58e80e2dce4d1d90ca86e4649b 85226 libkadm5srv-mit8_1.10.1+dfsg-5+deb7u4_amd64.deb
 afd8c7bcb6d182ed74fb5a2972be9fc7ee2d193a 68276 libkadm5clnt-mit8_1.10.1+dfsg-5+deb7u4_amd64.deb
 475f5c7907132328fd92a0496fe186665340dfff 112908 libk5crypto3_1.10.1+dfsg-5+deb7u4_amd64.deb
 2f5b9006669194f84dbb93687cfb33c5d5f8e5aa 67354 libkdb5-6_1.10.1+dfsg-5+deb7u4_amd64.deb
 9f3cfd6cfc2c2b1a002e8525216ed131bc438fe7 50082 libkrb5support0_1.10.1+dfsg-5+deb7u4_amd64.deb
 26354d03135a43073cf91f1a68260d3767329b9a 52206 krb5-gss-samples_1.10.1+dfsg-5+deb7u4_amd64.deb
Checksums-Sha256: 
 2a3ded792e6cdb20b5912882b2afd936baab87d8f610e3ebe07a857732266dcd 2938 krb5_1.10.1+dfsg-5+deb7u4.dsc
 3534ada7ab8e1418ec94abb1a541fadf8d32ba02d1cea928d87562b9872d23a6 152640 krb5_1.10.1+dfsg-5+deb7u4.debian.tar.gz
 55bff00d5ff1dce5a4e57aea68eace809ce763ac20ac5883c3b948f91110d412 2668556 krb5-doc_1.10.1+dfsg-5+deb7u4_all.deb
 87a46eff3d15eabaf0da827ff078face6af76746cc5da2078ee5e937eb527b2f 1503656 krb5-locales_1.10.1+dfsg-5+deb7u4_all.deb
 aa664d5cb2690c1e428f55fa50ad3b8d1f5a7e8ac216b77cdc4be244caccb829 153586 krb5-user_1.10.1+dfsg-5+deb7u4_amd64.deb
 e491df301d722bf9c5cc50c5a3e8eb21d206f6ff3e4e1e2486b4d4ffa43a9ae1 226410 krb5-kdc_1.10.1+dfsg-5+deb7u4_amd64.deb
 e67e678d4df1d151af098d7862a83b8bd755cf9aff21624edc596a21402d3a15 121052 krb5-kdc-ldap_1.10.1+dfsg-5+deb7u4_amd64.deb
 332bec7f4be79e3f06659befdb689b1e13f38e9d8cd32cce1fc9232db4fb87ce 123138 krb5-admin-server_1.10.1+dfsg-5+deb7u4_amd64.deb
 7c15c684bac768986b5b42e97730167d1f4f3a235287161824821540e06bb5a9 154012 krb5-multidev_1.10.1+dfsg-5+deb7u4_amd64.deb
 62625bc36dcc14ef22e44d866186e0835b6417a2a52c20d97997365008b7dcf0 39976 libkrb5-dev_1.10.1+dfsg-5+deb7u4_amd64.deb
 fdbb9298c4cef5e800bd4ca45c689c3099e3d7bfcc2293bee8ced81ab8bb8d40 2208114 libkrb5-dbg_1.10.1+dfsg-5+deb7u4_amd64.deb
 3047cd8b902af5bb73d8c67c632b9a7c52dfa2c5a05ae062ba1316f3c6b7c62c 82770 krb5-pkinit_1.10.1+dfsg-5+deb7u4_amd64.deb
 8812bcd3e5ba824209f538c4dc437c3983b56d7818cc517bb52cb81c8049f268 393568 libkrb5-3_1.10.1+dfsg-5+deb7u4_amd64.deb
 7d838e248598229cf13b982df63fc7abbf5e6655d4b1539d1de299b408ad61f9 149584 libgssapi-krb5-2_1.10.1+dfsg-5+deb7u4_amd64.deb
 add5b4d623f2ec674aa5831138fe7978c0f69ccd3f35399af050e2224f750047 87710 libgssrpc4_1.10.1+dfsg-5+deb7u4_amd64.deb
 aac98b5878522f264bfa62ff63e9e085c7bce0e75bec0b549a1e2383bfc16a30 85226 libkadm5srv-mit8_1.10.1+dfsg-5+deb7u4_amd64.deb
 1355ffcac51c56574aeeb530c0521f2192956037dbb8860f4a9353976b5eccf0 68276 libkadm5clnt-mit8_1.10.1+dfsg-5+deb7u4_amd64.deb
 c1a98d7999ba0cba460cf81a52676faa6fd46b6614ea2b882d9c21091e0e1c3a 112908 libk5crypto3_1.10.1+dfsg-5+deb7u4_amd64.deb
 17310bb8acc9165e7284b100854eb43647596b1e834bc32f3567585f64f26786 67354 libkdb5-6_1.10.1+dfsg-5+deb7u4_amd64.deb
 a4e144c0ddc2590d780b672a77d7f4e785a54d5f462ba1808cf9749e9fdef316 50082 libkrb5support0_1.10.1+dfsg-5+deb7u4_amd64.deb
 26c55cf22ae0080c3c357eabbb4424d43486a6f0656e9c57006bcd382f23807f 52206 krb5-gss-samples_1.10.1+dfsg-5+deb7u4_amd64.deb
Files: 
 1912e8f44721e806b94250b2105e74c1 2938 net standard krb5_1.10.1+dfsg-5+deb7u4.dsc
 29a1040875946fe222180b30bc996f03 152640 net standard krb5_1.10.1+dfsg-5+deb7u4.debian.tar.gz
 0020c72baeb6e47af04947206c4bd1cf 2668556 doc optional krb5-doc_1.10.1+dfsg-5+deb7u4_all.deb
 ff282d5c951f4cd19a34a3769a99f336 1503656 localization standard krb5-locales_1.10.1+dfsg-5+deb7u4_all.deb
 6e66e236bb3746d1dc476af8da23e2b2 153586 net optional krb5-user_1.10.1+dfsg-5+deb7u4_amd64.deb
 cfd84f4aaf58227797925a9a9bb21c0a 226410 net optional krb5-kdc_1.10.1+dfsg-5+deb7u4_amd64.deb
 1a94206b6cb98b00b03a57063209fef1 121052 net extra krb5-kdc-ldap_1.10.1+dfsg-5+deb7u4_amd64.deb
 56c21f37a28e82eefc504f34f91bfcc0 123138 net optional krb5-admin-server_1.10.1+dfsg-5+deb7u4_amd64.deb
 c10ba8e2bf5967ba6d65c993cd90922a 154012 libdevel optional krb5-multidev_1.10.1+dfsg-5+deb7u4_amd64.deb
 a4d2042f0c2a7d4130bdba6c6ebac7f2 39976 libdevel extra libkrb5-dev_1.10.1+dfsg-5+deb7u4_amd64.deb
 7369ab12f3fa3023b8e8afca2d9e3d8c 2208114 debug extra libkrb5-dbg_1.10.1+dfsg-5+deb7u4_amd64.deb
 b27a991b39ead7723e75e29773c7e7e3 82770 net extra krb5-pkinit_1.10.1+dfsg-5+deb7u4_amd64.deb
 135a2946a30fea023dc001c37a7d688d 393568 libs standard libkrb5-3_1.10.1+dfsg-5+deb7u4_amd64.deb
 fcec2d6763adbae58db0c0fb23463376 149584 libs standard libgssapi-krb5-2_1.10.1+dfsg-5+deb7u4_amd64.deb
 8274fc6ef7cae7720507e250434c5c81 87710 libs standard libgssrpc4_1.10.1+dfsg-5+deb7u4_amd64.deb
 165858f46fc3815e96a99df6ebe5d803 85226 libs standard libkadm5srv-mit8_1.10.1+dfsg-5+deb7u4_amd64.deb
 759f10fe884cde2b083b310c93a2a7f1 68276 libs standard libkadm5clnt-mit8_1.10.1+dfsg-5+deb7u4_amd64.deb
 c90c1800ac8bba1c2c7776d4ad462d1e 112908 libs standard libk5crypto3_1.10.1+dfsg-5+deb7u4_amd64.deb
 e3fc77c4d83d14419a1970f7eee1a006 67354 libs standard libkdb5-6_1.10.1+dfsg-5+deb7u4_amd64.deb
 630bd02c5fe87f0ecb9dd71f769b08bc 50082 libs standard libkrb5support0_1.10.1+dfsg-5+deb7u4_amd64.deb
 2df8dc459789b926cc015dc35a42cf4c 52206 net extra krb5-gss-samples_1.10.1+dfsg-5+deb7u4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWO7IKAAoJEAVMuPMTQ89EjBMP+wagJN7OrPwirLBlSqlD0D1B
oxgjpFn1VlDxGXXtjcGP2HaVAt9bYOMivocK62bsDBTbdP59qBsmmOg5gjBUfwCd
SeNwqwEMotuDEvs2sgyESwDov2hJnU31hzM6AXdy5SgujJ605JjaqYZRTpFEQ6u8
4xLxqo9Eovwsx0eNmGJSyXuKXGVN1eH+9gQt/TKftFhjiJ1bVCQIczSNQtkjk2Yb
oOVWqDxLTe60RuCyjESHk77+iBt+i8EB/LdiNsri5+P1xRFaqbsA7qjDMKt9PMOJ
y8U2OUZq2g3vxs7gG0DN1iMh64uFLWODEMLyKqzf9/33mDJNne73x8FNDjCvA2E4
WjTjyqA1S7SYdOlWLAJ0GIVFS+rwtwlgDlEue3KotQwrjdgwmPyRg+vMXgE0D3n+
CY0Iyn+a2ikMmsOgfSezSH0HevUbHWOTEIhS9HYjmFLVWStw1E4UpADMoUnLbOID
7uuznL3914PH/2fc2sSaCwUPZAlDwiZBSWdeOlyWlIbgr/D31sBo54jDcf6tNc1t
yBoreFgM2VFwpeVApGLmAN/8jXxFcltnMllYHUSgsx8Sp7EDJUgvfuFQa5kcWzm1
1Xn465HrxBMmVTTSiu9X1Gq2F6dyfo1XlSbMLyL35dNbEJoxYkzGFS9uttHBJhS7
ht/xJvapCEDmd0LuCkRB
=p6Zs
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 07 Dec 2015 07:33:48 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:22:09 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

CVE-2015-2695 in libgssapi-krb5-2, SPNEGO context aliasing

Debian Bug report logs - #803083
CVE-2015-2695 in libgssapi-krb5-2, SPNEGO context aliasing

Vulmon Search

About

Products

Connect

CVE-2015-2695 in libgssapi-krb5-2, SPNEGO context aliasing

Debian Bug report logs - #803083 CVE-2015-2695 in libgssapi-krb5-2, SPNEGO context aliasing

Vulmon Search

About

Products

Connect

Debian Bug report logs - #803083
CVE-2015-2695 in libgssapi-krb5-2, SPNEGO context aliasing