-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 31 Jan 2016 11:48:01 +0100 Source: krb5 Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-otp krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit9 libkadm5clnt-mit9 libk5crypto3 libkdb5-7 libkrb5support0 libkrad0 krb5-gss-samples krb5-locales libkrad-dev Architecture: all source Version: 1.12.1+dfsg-19+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Sam Hartman <hartmans@debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 813126 813127 813296 Description: krb5-admin-server - MIT Kerberos master server (kadmind) krb5-doc - Documentation for MIT Kerberos krb5-gss-samples - MIT Kerberos GSS Sample applications krb5-kdc - MIT Kerberos key server (KDC) krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin krb5-locales - Internationalization support for MIT Kerberos krb5-multidev - Development files for MIT Kerberos without Heimdal conflict krb5-otp - OTP plugin for MIT Kerberos krb5-pkinit - PKINIT plugin for MIT Kerberos krb5-user - Basic programs to authenticate using MIT Kerberos libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library libkadm5clnt-mit9 - MIT Kerberos runtime libraries - Administration Clients libkadm5srv-mit9 - MIT Kerberos runtime libraries - KDC and Admin Server libkdb5-7 - MIT Kerberos runtime libraries - Kerberos database libkrad-dev - MIT Kerberos RADIUS Library Development libkrad0 - MIT Kerberos runtime libraries - RADIUS library libkrb5-3 - MIT Kerberos runtime libraries libkrb5-dbg - Debugging files for MIT Kerberos libkrb5-dev - Headers and development libraries for MIT Kerberos libkrb5support0 - MIT Kerberos runtime libraries - Support library Changes: krb5 (1.12.1+dfsg-19+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Verify decoded kadmin C strings [CVE-2015-8629] CVE-2015-8629: An authenticated attacker can cause kadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database. (Closes: #813296) * Check for null kadm5 policy name [CVE-2015-8630] CVE-2015-8630: An authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying a null policy value but including KADM5_POLICY in the mask. (Closes: #813127) * Fix leaks in kadmin server stubs [CVE-2015-8631] CVE-2015-8631: An authenticated attacker can cause kadmind to leak memory by supplying a null principal name in a request which uses one. Repeating these requests will eventually cause kadmind to exhaust all available memory. (Closes: #813126) Checksums-Sha1: fbb19d924d555673d5f55e0179577b45ef39e072 3368 krb5_1.12.1+dfsg-19+deb8u2.dsc a0af407148a8b666551a3f40ffc6d4d64e8b8149 123456 krb5_1.12.1+dfsg-19+deb8u2.debian.tar.xz 764d9084e0eedc68eacba4884d349a99282a1cbe 4684568 krb5-doc_1.12.1+dfsg-19+deb8u2_all.deb b6bc604719705db2d517a4d8eac72828dfebd41c 2648758 krb5-locales_1.12.1+dfsg-19+deb8u2_all.deb Checksums-Sha256: 2b10ecb8b8c3015a12a764e4e6eb99fcca45cc1946d211a18db64b46dfa2cb81 3368 krb5_1.12.1+dfsg-19+deb8u2.dsc 242155b4ac6add762c1bac60e6eaa73b25abd985fb41bcdd13d4eae022f592ec 123456 krb5_1.12.1+dfsg-19+deb8u2.debian.tar.xz bb535ed54dc9118a2fec9a198e3559c9a9fa78cb810fd2f09d551b4607b17ec2 4684568 krb5-doc_1.12.1+dfsg-19+deb8u2_all.deb de705f49598a62e9952b277912e8f3e2c47f273e7c94bae7d4e993069b326660 2648758 krb5-locales_1.12.1+dfsg-19+deb8u2_all.deb Files: 0653bb44c0d36a36b7017036e5f155b1 3368 net standard krb5_1.12.1+dfsg-19+deb8u2.dsc 26368c901365db516baca11046049d9e 123456 net standard krb5_1.12.1+dfsg-19+deb8u2.debian.tar.xz ec5b9502ba068a0361c9cf59c6c57cfb 4684568 doc optional krb5-doc_1.12.1+dfsg-19+deb8u2_all.deb ce703c0bb37c118c809a675bb31c6fb9 2648758 localization standard krb5-locales_1.12.1+dfsg-19+deb8u2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWsbCgAAoJEAVMuPMTQ89EutwQAKEiRpLOnKlHVZT8tvGty4LY 6nSs9ElgbiRZsjrRkJ7oJT2KRIRuNY2gWO6cLOR1bKZaNYNZOB/Poh9C6ZeqM+vp q97SDFVD1x2MuDFd8QN2evfQ7o4zhRpGb7F5JRt1WaEQuNrm5H0heYJAZnm1bN8c VjuY3ybQxZHRPc5cQA3qfmc4BVd0dgAQlRu9Lx+/TokVyG47mLjofrg9Ipsjmugc sRrasBedK6JY2bk73El6EjJuP9kq2hh43UkhjIk68E2/pn3o//F9oLhRbgpDyo3R akQq+peplNg58pcf1mO3O9AE3P4kgkOc3eVBWkvYanyWVMNXFBS4+REBmuKkEeev qV/uEHKHbhajyXH4fdxbndeqllIb9o8fxUwBxYWZgfBrqSBLA68OHoIUbB1bYtAj KDN+8MjI96ptefV1ANOkdtXN4cCE/df8GIsZHLETPlyaPqXxETZJtqd1DStvCSFD 65tlrBk6d9Ol9aw4DtzJRQWZXsN5Td0Ds6bjRk8Zz859xtYNLZgdgGhmKEOTu8TQ Vgj6H4W+vADsd4UmYGgEcyfi0qzmJoBZEXzinIgAdkKXTqPtwADDf+EwjwY1mAmP t5kyu7OeFgsXi9erSMQJdIh/XXh9Ehs3XjkXUEGeEsGhO0SCEJQEYWbI80Q4n9uN i6FLfLkIOBwRK8tf4RDU =/1Tt -----END PGP SIGNATURE-----