krb5 (1.13.2+dfsg-5) unstable; urgency=high * Security Update * Verify decoded kadmin C strings [CVE-2015-8629] CVE-2015-8629: An authenticated attacker can cause kadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database. (Closes: #813296) * Check for null kadm5 policy name [CVE-2015-8630] CVE-2015-8630: An authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying a null policy value but including KADM5_POLICY in the mask. (Closes: #813127) * Fix leaks in kadmin server stubs [CVE-2015-8631] CVE-2015-8631: An authenticated attacker can cause kadmind to leak memory by supplying a null principal name in a request which uses one. Repeating these requests will eventually cause kadmind to exhaust all available memory. (Closes: #813126) -- Sam Hartman Tue, 23 Feb 2016 08:54:09 -0500 krb5 (1.13.2+dfsg-4) unstable; urgency=high * Import upstream patches fixing regressions in the previous upload: - CVE-2015-2698: the patch for CVE-2015-2696 caused memory corruption for applications calling gss_export_sec_context() on contexts established using the IAKERB mechanism. - Supply gss_import_sec_context implementations for SPNEGO and IAKERB, which were not implemented due to the erroneous belief that the exported context tokens would be tagged with the underlying context's mechanism. -- Benjamin Kaduk Wed, 04 Nov 2015 22:47:22 -0500 krb5 (1.13.2+dfsg-3) unstable; urgency=high * Import upstream patches for three CVEs: - CVE-2015-2695: SPNEGO context aliasing during establishment - CVE-2015-2696: IAKERB context aliasing during establishment - CVE-2015-2697: unsafe string handling in TGS processing -- Benjamin Kaduk Mon, 26 Oct 2015 14:03:52 -0400 krb5 (1.13.2+dfsg-2) unstable; urgency=medium * No-change rebuild to target unstable -- Benjamin Kaduk Thu, 25 Jun 2015 17:10:03 -0400 krb5 (1.13.2+dfsg-1) experimental; urgency=medium * New upstream release: - Fix importing GSS composite export names - Fix kadm5.acl wildcard matching when early lines have partial matches - Disable principal renames for LDAP; they do not work properly and are hard to fix - Fix LDAP ticket policies on big-endian LP64 systems - Fix memory leak in DB2 iteration - Prevent requires_preauth bypass (CVE-2015-2694), Closes: #783557 * Add python to build-depends-indep, since we call it manually during the documentation build, Closes: #746395 -- Benjamin Kaduk Thu, 14 May 2015 13:38:58 -0400 krb5 (1.13.1+dfsg-1) experimental; urgency=low * New upstream release: - Make the KDC default to listening on TCP (as well as UDP) - Bump DAL major version for krb5_db_iterate() API change; KDB modules will need to be rebuilt - Let ksu use any keytab entry to verify the obtained TGT - Improve kadm5_randkey_principal interop with Solaris KDCs - Export symbols for some public gss interfaces - Allow the logger to work with redirected stderr - Remove length limit on PKINIT PKCS#12 prompts -- Benjamin Kaduk Mon, 16 Mar 2015 14:23:06 -0400 krb5 (1.12.1+dfsg-20) unstable; urgency=high * Import upstream patch for CVE-2015-2694, Closes: #783557 * Bump Standards-Version to 3.9.6 (no changes needed) -- Benjamin Kaduk Wed, 13 May 2015 14:40:36 -0400 krb5 (1.12.1+dfsg-19) unstable; urgency=medium * mark systemd unit directories as optional, Closes: #780831 -- Sam Hartman Fri, 20 Mar 2015 16:22:33 -0400 krb5 (1.12.1+dfsg-18) unstable; urgency=high * Import upstream patch for CVE-2014-5355, Closes: #778647 -- Benjamin Kaduk Wed, 18 Feb 2015 12:52:14 -0500 krb5 (1.12.1+dfsg-17) unstable; urgency=high * MITKRB5-SA-2015-001 - CVE-2014-5352: gss_process_context_token() incorrectly frees context - CVE-2014-9421: kadmind doubly frees partial deserialization results - CVE-2014-9422: kadmind incorrectly validates server principal name - CVE-2014-9423: libgssrpc server applications leak uninitialized bytes -- Sam Hartman Tue, 03 Feb 2015 10:29:35 -0500 # For older changelog entries, run 'apt-get changelog krb5-locales'