krb5 - Debian Package Tracker

general

source: krb5 (main)
version: 1.22.1-2
maintainer: Sam Hartman (DMD)
uploaders: Russ Allbery [DMD] – Benjamin Kaduk [DMD]
arch: all any
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.18.3-6+deb11u5
o-o-sec: 1.18.3-6+deb11u7
o-o-p-u: 1.18.3-6+deb11u5
oldstable: 1.20.1-2+deb12u4
old-sec: 1.20.1-2+deb12u2
stable: 1.21.3-5
testing: 1.22.1-2
unstable: 1.22.1-2

versioned links

1.18.3-6+deb11u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.18.3-6+deb11u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.20.1-2+deb12u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.20.1-2+deb12u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.21.3-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.22.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

krb5-admin-server (5 bugs: 0, 4, 1, 0)
krb5-doc (2 bugs: 0, 1, 1, 0)
krb5-gss-samples
krb5-k5tls
krb5-kdc
krb5-kdc-ldap (1 bugs: 0, 1, 0, 0)
krb5-kpropd
krb5-locales (1 bugs: 0, 1, 0, 0)
krb5-multidev (1 bugs: 0, 0, 1, 0)
krb5-otp
krb5-pkinit
krb5-user (3 bugs: 0, 1, 2, 0)
libgssapi-krb5-2 (3 bugs: 0, 3, 0, 0)
libgssrpc4t64
libk5crypto3 (1 bugs: 0, 1, 0, 0)
libkadm5clnt-mit12
libkadm5srv-mit12
libkdb5-10t64
libkrad-dev
libkrad0
libkrb5-3 (3 bugs: 0, 2, 1, 0)
libkrb5-dbg
libkrb5-dev (2 bugs: 0, 1, 1, 0)
libkrb5support0 (1 bugs: 0, 1, 0, 0)

action needed

Multiarch hinter reports 16 issue(s) high

There are issues with the multiarch metadata for this package.

krb5-k5tls conflicts on /usr/share/doc/krb5-k5tls/changelog.Debian.gz on loong64 <-> amd64, arm64, armhf and 4 more
krb5-multidev conflicts on /usr/share/doc/krb5-multidev/changelog.Debian.gz on loong64 <-> amd64, arm64, armhf and 4 more
krb5-otp conflicts on /usr/share/doc/krb5-otp/changelog.Debian.gz on loong64 <-> amd64, arm64, armhf and 4 more
krb5-pkinit conflicts on /usr/share/doc/krb5-pkinit/changelog.Debian.gz on loong64 <-> amd64, arm64, armhf and 4 more
libgssapi-krb5-2 conflicts on /usr/share/doc/libgssapi-krb5-2/changelog.Debian.gz on loong64 <-> amd64, arm64, armhf and 4 more
libgssrpc4t64 conflicts on /usr/share/doc/libgssrpc4t64/changelog.Debian.gz on loong64 <-> amd64, arm64, armhf and 4 more
libk5crypto3 conflicts on /usr/share/doc/libk5crypto3/changelog.Debian.gz on loong64 <-> amd64, arm64, armhf and 4 more
libkadm5clnt-mit12 conflicts on /usr/share/doc/libkadm5clnt-mit12/changelog.Debian.gz on loong64 <-> amd64, arm64, armhf and 4 more
libkadm5srv-mit12 conflicts on /usr/share/doc/libkadm5srv-mit12/changelog.Debian.gz on loong64 <-> amd64, arm64, armhf and 4 more
libkdb5-10t64 conflicts on /usr/share/doc/libkdb5-10t64/changelog.Debian.gz on loong64 <-> amd64, arm64, armhf and 4 more
libkrad-dev conflicts on /usr/share/doc/libkrad-dev/changelog.Debian.gz on loong64 <-> amd64, arm64, armhf and 4 more
libkrad0 conflicts on /usr/share/doc/libkrad0/changelog.Debian.gz on loong64 <-> amd64, arm64, armhf and 4 more
libkrb5-3 conflicts on /usr/share/doc/libkrb5-3/changelog.Debian.gz on loong64 <-> amd64, arm64, armhf and 4 more
libkrb5-dbg conflicts on /usr/share/doc/libkrb5-dbg/changelog.Debian.gz on loong64 <-> amd64, arm64, armhf and 4 more
libkrb5-dev conflicts on /usr/share/doc/libkrb5-dev/changelog.Debian.gz on loong64 <-> amd64, arm64, armhf and 4 more
libkrb5support0 conflicts on /usr/share/doc/libkrb5support0/changelog.Debian.gz on loong64 <-> amd64, arm64, armhf and 4 more

Created: 2026-04-19 Last update: 2026-04-29 13:31

A new upstream version is available: 1.22.2 high

A new upstream version 1.22.2 is available, you should consider packaging it.

Created: 2026-02-02 Last update: 2026-04-29 10:30

2 security issues in trixie high

There are 2 open security issues in trixie.

2 important issues:

CVE-2026-40355: In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.
CVE-2026-40356: In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.