Debian Package Tracker

general

source: krb5 (source, net)
version: 1.15-1
maintainer: Sam Hartman [DMD]
uploaders: Benjamin Kaduk [DMD] – Russ Allbery [DMD]
arch: all any
std-ver: 3.9.8
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.10.1+dfsg-5+deb7u7
o-o-sec: 1.10.1+dfsg-5+deb7u7
oldstable: 1.12.1+dfsg-19+deb8u2
old-sec: 1.12.1+dfsg-19+deb8u2
stable: 1.15-1
testing: 1.15-1
unstable: 1.15-1
exp: 1.15-2

versioned links

1.10.1+dfsg-5+deb7u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.12.1+dfsg-19+deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.15-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.15-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

krb5-admin-server
krb5-doc
krb5-gss-samples
krb5-k5tls
krb5-kdc
krb5-kdc-ldap
krb5-kpropd
krb5-locales
krb5-multidev
krb5-otp
krb5-pkinit
krb5-user
libgssapi-krb5-2
libgssrpc4
libk5crypto3
libkadm5clnt-mit11
libkadm5srv-mit11
libkdb5-8
libkrad-dev
libkrad0
libkrb5-3
libkrb5-dbg
libkrb5-dev
libkrb5support0

action needed

A new upstream version is available: 1.15.1

high

A new upstream version 1.15.1 is available, you should consider packaging it.

Created: 2017-03-24 Last update: 2017-06-24 19:22

Multiarch hinter reports 3 issue(s)

normal

There are issues with the multiarch metadata for this package.

krb5-doc could be marked Multi-Arch: foreign
libkrad-dev could be marked Multi-Arch: same
libkrb5-dev could be marked Multi-Arch: same

Created: 2016-09-14 Last update: 2017-06-24 19:35

5 bugs tagged patch in the BTS

normal

The BTS contains patches fixing 5 bugs, consider including or untagging them.

Created: 2017-01-17 Last update: 2017-06-24 19:08

The URL(s) for this package had some recent persistent issues

low

DUCK reports some issues concerning upstream URLs defined for this package.

Created: 2016-11-16 Last update: 2017-06-24 19:27

7 ignored security issues in wheezy

low

There are 7 open security issues in wheezy.

7 issues skipped by the security teams:

CVE-2016-3119: The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
CVE-2015-2694: The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
CVE-2013-1418: The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.
CVE-2016-3120: The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.
CVE-2014-5353: The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.
CVE-2014-5351: The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.
CVE-2014-5355: MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.

Please fix them.

Created: 2015-07-12 Last update: 2017-06-18 08:29

3 ignored security issues in jessie

low

There are 3 open security issues in jessie.

3 issues skipped by the security teams:

CVE-2016-3119: The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
CVE-2015-2694: The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
CVE-2016-3120: The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.

Please fix them.

Created: 2015-07-12 Last update: 2017-06-18 08:29

Build log checks report 1 warning

low

Build log checks report 1 warning

Created: 2014-07-02 Last update: 2014-07-02 18:05

news

[rss feed]

[2017-04-21] Accepted krb5 1.15-2 (source amd64 all) into experimental (Sam Hartman)
[2016-12-16] krb5 1.15-1 MIGRATED to testing (Debian testing watch)
[2016-12-04] Accepted krb5 1.15-1 (source amd64 all) into unstable (Benjamin Kaduk)
[2016-11-28] krb5 1.15~beta1-1 MIGRATED to testing (Debian testing watch)
[2016-11-03] Accepted krb5 1.15~beta1-1 (source amd64 all) into unstable, unstable (Sam Hartman)
[2016-09-12] krb5 1.14.3+dfsg-2 MIGRATED to testing (Debian testing watch)
[2016-09-06] Accepted krb5 1.14.3+dfsg-2 (source amd64 all) into unstable (Sam Hartman)
[2016-08-07] krb5 1.14.3+dfsg-1 MIGRATED to testing (Debian testing watch)
[2016-08-06] krb5 1.14.3+dfsg-1 MIGRATED to testing (Debian testing watch)
[2016-07-31] Accepted krb5 1.14.3+dfsg-1 (source) into unstable (Benjamin Kaduk)
[2016-06-05] krb5 1.14.2+dfsg-1 MIGRATED to testing (Debian testing watch)
[2016-05-30] Accepted krb5 1.14.2+dfsg-1 (source amd64 all) into unstable (Sam Hartman)
[2016-02-28] Accepted krb5 1.14+dfsg-1 (source amd64 all) into experimental, experimental (Sam Hartman)
[2016-02-27] krb5 1.13.2+dfsg-5 MIGRATED to testing (Debian testing watch)
[2016-02-23] Accepted krb5 1.13.2+dfsg-5 (source) into unstable (Sam Hartman)
[2016-02-22] Accepted krb5 1.8.3+dfsg-4squeeze11 (source all i386) into squeeze-lts (Thorsten Alteholz)
[2016-02-10] Accepted krb5 1.10.1+dfsg-5+deb7u7 (source all amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Salvatore Bonaccorso)
[2016-02-05] Accepted krb5 1.12.1+dfsg-19+deb8u2 (all source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2015-11-15] Accepted krb5 1.10.1+dfsg-5+deb7u6 (source all amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Salvatore Bonaccorso)
[2015-11-15] Accepted krb5 1.10.1+dfsg-5+deb7u5 (source all amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Salvatore Bonaccorso)
[2015-11-08] Accepted krb5 1.10.1+dfsg-5+deb7u4 (source all amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Benjamin Kaduk) (signed by: Salvatore Bonaccorso)
[2015-11-08] Accepted krb5 1.12.1+dfsg-19+deb8u1 (all source) into proposed-updates->stable-new, proposed-updates (Benjamin Kaduk) (signed by: Salvatore Bonaccorso)
[2015-11-08] krb5 1.13.2+dfsg-4 MIGRATED to testing (Britney)
[2015-11-07] Accepted krb5 1.8.3+dfsg-4squeeze10 (source all amd64) into squeeze-lts (Guido Günther)
[2015-11-05] Accepted krb5 1.13.2+dfsg-4 (source amd64 all) into unstable (Benjamin Kaduk)
[2015-10-29] krb5 1.13.2+dfsg-3 MIGRATED to testing (Britney)
[2015-10-26] Accepted krb5 1.13.2+dfsg-3 (source amd64 all) into unstable (Benjamin Kaduk)
[2015-08-11] krb5 1.13.2+dfsg-2 MIGRATED to testing (Britney)
[2015-06-25] Accepted krb5 1.13.2+dfsg-2 (source amd64 all) into unstable (Benjamin Kaduk)
[2015-05-16] krb5 1.12.1+dfsg-20 MIGRATED to testing (Britney)

bugs [bug history graph]

all: 37 38
RC: 0
I&N: 19
M&W: 18 19
F&P: 0

links

homepage
lintian
buildd: logs, checks, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.15-2
30 bugs (2 patches)