Debian Package Tracker

general

source: krb5 (source, net)
version: 1.15.1-2
maintainer: Sam Hartman [DMD]
uploaders: Benjamin Kaduk [DMD] – Russ Allbery [DMD]
arch: all any
std-ver: 3.9.8
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.10.1+dfsg-5+deb7u7
o-o-sec: 1.10.1+dfsg-5+deb7u8
oldstable: 1.12.1+dfsg-19+deb8u2
old-sec: 1.12.1+dfsg-19+deb8u2
stable: 1.15-1
stable-p-u: 1.15-1+deb9u1
testing: 1.15.1-2
unstable: 1.15.1-2

versioned links

1.10.1+dfsg-5+deb7u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.1+dfsg-5+deb7u8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.12.1+dfsg-19+deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.15-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.15-1+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.15.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

krb5-admin-server
krb5-doc
krb5-gss-samples
krb5-k5tls
krb5-kdc
krb5-kdc-ldap
krb5-kpropd
krb5-locales
krb5-multidev
krb5-otp
krb5-pkinit
krb5-user
libgssapi-krb5-2
libgssrpc4
libk5crypto3
libkadm5clnt-mit11
libkadm5srv-mit11
libkdb5-8
libkrad-dev
libkrad0
libkrb5-3
libkrb5-dbg
libkrb5-dev
libkrb5support0

action needed

Standards version of the package is outdated.

high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.0.1 instead of 3.9.8).

Created: 2017-07-10 Last update: 2017-08-15 01:04

Multiarch hinter reports 3 issue(s)

normal

There are issues with the multiarch metadata for this package.

krb5-doc could be marked Multi-Arch: foreign
libkrad-dev could be marked Multi-Arch: same
libkrb5-dev could be marked Multi-Arch: same

Created: 2016-09-14 Last update: 2017-08-18 19:37

2 bugs tagged patch in the BTS

normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2017-08-12 Last update: 2017-08-18 19:10

lintian reports 1 warning

normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2017-07-11 Last update: 2017-07-11 01:14

The URL(s) for this package had some recent persistent issues

low

DUCK reports some issues concerning upstream URLs defined for this package.

Created: 2016-11-16 Last update: 2017-08-18 19:31

7 ignored security issues in wheezy

low

There are 7 open security issues in wheezy.

7 issues skipped by the security teams:

CVE-2016-3119: The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
CVE-2015-2694: The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
CVE-2013-1418: The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.
CVE-2016-3120: The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.
CVE-2014-5353: The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.
CVE-2014-5351: The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.
CVE-2014-5355: MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.

Please fix them.

Created: 2015-07-12 Last update: 2017-08-15 01:22

4 ignored security issues in jessie

low

There are 4 open security issues in jessie.

4 issues skipped by the security teams:

CVE-2016-3119: The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
CVE-2015-2694: The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
CVE-2016-3120: The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.
CVE-2017-11368: In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

Please fix them.

Created: 2015-07-12 Last update: 2017-08-15 01:22

1 ignored security issue in stretch

low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2017-11368: In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

Please fix it.

Created: 2017-07-22 Last update: 2017-08-15 01:22

Build log checks report 1 warning

low

Build log checks report 1 warning

Created: 2014-07-02 Last update: 2014-07-02 18:05

news

[rss feed]

[2017-08-14] Accepted krb5 1.10.1+dfsg-5+deb7u8 (source all amd64) into oldoldstable (Lucas Kanashiro)
[2017-08-12] Accepted krb5 1.15-1+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Sam Hartman)
[2017-07-26] krb5 1.15.1-2 MIGRATED to testing (Debian testing watch)
[2017-07-23] Accepted krb5 1.15.1-2 (source) into unstable (Sam Hartman)
[2017-07-15] krb5 1.15.1-1 MIGRATED to testing (Debian testing watch)
[2017-07-09] Accepted krb5 1.15.1-1 (source) into unstable (Sam Hartman)
[2017-04-21] Accepted krb5 1.15-2 (source amd64 all) into experimental (Sam Hartman)
[2016-12-16] krb5 1.15-1 MIGRATED to testing (Debian testing watch)
[2016-12-04] Accepted krb5 1.15-1 (source amd64 all) into unstable (Benjamin Kaduk)
[2016-11-28] krb5 1.15~beta1-1 MIGRATED to testing (Debian testing watch)
[2016-11-03] Accepted krb5 1.15~beta1-1 (source amd64 all) into unstable, unstable (Sam Hartman)
[2016-09-12] krb5 1.14.3+dfsg-2 MIGRATED to testing (Debian testing watch)
[2016-09-06] Accepted krb5 1.14.3+dfsg-2 (source amd64 all) into unstable (Sam Hartman)
[2016-08-07] krb5 1.14.3+dfsg-1 MIGRATED to testing (Debian testing watch)
[2016-08-06] krb5 1.14.3+dfsg-1 MIGRATED to testing (Debian testing watch)
[2016-07-31] Accepted krb5 1.14.3+dfsg-1 (source) into unstable (Benjamin Kaduk)
[2016-06-05] krb5 1.14.2+dfsg-1 MIGRATED to testing (Debian testing watch)
[2016-05-30] Accepted krb5 1.14.2+dfsg-1 (source amd64 all) into unstable (Sam Hartman)
[2016-02-28] Accepted krb5 1.14+dfsg-1 (source amd64 all) into experimental, experimental (Sam Hartman)
[2016-02-27] krb5 1.13.2+dfsg-5 MIGRATED to testing (Debian testing watch)
[2016-02-23] Accepted krb5 1.13.2+dfsg-5 (source) into unstable (Sam Hartman)
[2016-02-22] Accepted krb5 1.8.3+dfsg-4squeeze11 (source all i386) into squeeze-lts (Thorsten Alteholz)
[2016-02-10] Accepted krb5 1.10.1+dfsg-5+deb7u7 (source all amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Salvatore Bonaccorso)
[2016-02-05] Accepted krb5 1.12.1+dfsg-19+deb8u2 (all source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2015-11-15] Accepted krb5 1.10.1+dfsg-5+deb7u6 (source all amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Salvatore Bonaccorso)
[2015-11-15] Accepted krb5 1.10.1+dfsg-5+deb7u5 (source all amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Salvatore Bonaccorso)
[2015-11-08] Accepted krb5 1.10.1+dfsg-5+deb7u4 (source all amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Benjamin Kaduk) (signed by: Salvatore Bonaccorso)
[2015-11-08] Accepted krb5 1.12.1+dfsg-19+deb8u1 (all source) into proposed-updates->stable-new, proposed-updates (Benjamin Kaduk) (signed by: Salvatore Bonaccorso)
[2015-11-08] krb5 1.13.2+dfsg-4 MIGRATED to testing (Britney)
[2015-11-07] Accepted krb5 1.8.3+dfsg-4squeeze10 (source all amd64) into squeeze-lts (Guido Günther)

bugs [bug history graph]

all: 30 31
RC: 0
I&N: 16
M&W: 13 14
F&P: 1

links

homepage
lintian (0, 1)
buildd: logs, checks, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.15.1-2
27 bugs (2 patches)