-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 23 Feb 2016 08:54:09 -0500 Source: krb5 Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-otp krb5-k5tls krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit9 libkadm5clnt-mit9 libk5crypto3 libkdb5-8 libkrb5support0 libkrad0 krb5-gss-samples krb5-locales libkrad-dev Architecture: source Version: 1.13.2+dfsg-5 Distribution: unstable Urgency: high Maintainer: Sam Hartman <hartmans@debian.org> Changed-By: Sam Hartman <hartmans@debian.org> Description: krb5-admin-server - MIT Kerberos master server (kadmind) krb5-doc - Documentation for MIT Kerberos krb5-gss-samples - MIT Kerberos GSS Sample applications krb5-k5tls - TLS plugin for MIT Kerberos krb5-kdc - MIT Kerberos key server (KDC) krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin krb5-locales - Internationalization support for MIT Kerberos krb5-multidev - Development files for MIT Kerberos without Heimdal conflict krb5-otp - OTP plugin for MIT Kerberos krb5-pkinit - PKINIT plugin for MIT Kerberos krb5-user - Basic programs to authenticate using MIT Kerberos libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library libkadm5clnt-mit9 - MIT Kerberos runtime libraries - Administration Clients libkadm5srv-mit9 - MIT Kerberos runtime libraries - KDC and Admin Server libkdb5-8 - MIT Kerberos runtime libraries - Kerberos database libkrad-dev - MIT Kerberos RADIUS Library Development libkrad0 - MIT Kerberos runtime libraries - RADIUS library libkrb5-3 - MIT Kerberos runtime libraries libkrb5-dbg - Debugging files for MIT Kerberos libkrb5-dev - Headers and development libraries for MIT Kerberos libkrb5support0 - MIT Kerberos runtime libraries - Support library Closes: 813126 813127 813296 Changes: krb5 (1.13.2+dfsg-5) unstable; urgency=high . * Security Update * Verify decoded kadmin C strings [CVE-2015-8629] CVE-2015-8629: An authenticated attacker can cause kadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database. (Closes: #813296) * Check for null kadm5 policy name [CVE-2015-8630] CVE-2015-8630: An authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying a null policy value but including KADM5_POLICY in the mask. (Closes: #813127) * Fix leaks in kadmin server stubs [CVE-2015-8631] CVE-2015-8631: An authenticated attacker can cause kadmind to leak memory by supplying a null principal name in a request which uses one. Repeating these requests will eventually cause kadmind to exhaust all available memory. (Closes: #813126) Checksums-Sha1: 1ba079eedfbc4e0aa7f5a6209ca18b807f255306 3192 krb5_1.13.2+dfsg-5.dsc ba403e658d93aa9fa1d0f06af8e1ff3578d1644d 101968 krb5_1.13.2+dfsg-5.debian.tar.xz Checksums-Sha256: b52caa3fd7211250987f2f0319579992a7f2bc24c47c766fdfc0403945dbfbdb 3192 krb5_1.13.2+dfsg-5.dsc 8f8c951a524af50b300f524cd14bd946ea802e81eddbc719f9b71719158b9c1d 101968 krb5_1.13.2+dfsg-5.debian.tar.xz Files: 26291c211f242483c683f33fbec4318c 3192 net standard krb5_1.13.2+dfsg-5.dsc e43b4ba1ea32fa6a1f00b301d643fa63 101968 net standard krb5_1.13.2+dfsg-5.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGIBAEBCAAGBQJWzGVyAAoJEHyaUfYmslafxxULXiZCYFyE1zSoSj6jF/unDV0u FAkLQvQmVKa84VZ9nLETGGSBBSXGuEuu/donK2RttGjZGobNaBIJeNkRDLchnqco NKTT8OhX0kyseaLX/upp84oMq+ouoM5PkxzfqlF/QcLzDRDEttzXmI9jTFnjyM0Y 6CB9WgrW0XP03IjJ0iKWU4c+tD5j9nNYvTbBuUowlorFLbFCw0cIlBZ/ldYH1/M+ XJyXr9EX7eq8p5jtaK6OXvkkyJRx0BwTSZ+oJTSzBu/kOpMd5xIBPn+alMmeE86k ralA/q600tnU41oBMw3DCQk2XxA3b3JMoxs1Jzc8y3rzdaunJm8MpJnB1BPE8u9+ rIqiIfUZwhURQs9pBxrfJ9TGVDnEj0hBHuPIH+2PlSBVcBlG78IWKYeWQFzjztYH V6L0Wpo7d1JkLEoZlIe4td7gh6F7nXevFTXnM/whooa/ecTsW70EtgsFwIJBaJin GfKwq47dsx3ulhY= =fCK3 -----END PGP SIGNATURE-----