[ubuntu/lucid-updates] krb5 1.8.1+dfsg-2ubuntu0.14 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Feb 10 20:28:18 UTC 2015
krb5 (1.8.1+dfsg-2ubuntu0.14) lucid-security; urgency=medium
* SECURITY UPDATE: ticket forging via old keys
- src/lib/kadm5/srv/svr_principal.c: return only new keys
- af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca
- CVE-2014-5321
* SECURITY UPDATE: use-after-free and double-free memory access
violations
- properly handle context deletion in
src/lib/gssapi/krb5/context_time.c,
src/lib/gssapi/krb5/export_sec_context.c,
src/lib/gssapi/krb5/gssapiP_krb5.h,
src/lib/gssapi/krb5/gssapi_krb5.c,
src/lib/gssapi/krb5/inq_context.c,
src/lib/gssapi/krb5/k5seal.c,
src/lib/gssapi/krb5/k5sealiov.c,
src/lib/gssapi/krb5/k5unseal.c,
src/lib/gssapi/krb5/k5unsealiov.c,
src/lib/gssapi/krb5/lucid_context.c,
src/lib/gssapi/krb5/prf.c,
src/lib/gssapi/krb5/process_context_token.c,
src/lib/gssapi/krb5/wrap_size_limit.c.
- 82dc33da50338ac84c7b4102dc6513d897d0506a
- CVE-2014-5352
* SECURITY UPDATE: denial of service via LDAP query with no results
- src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c: properly handle
policy name.
- d1f707024f1d0af6e54a18885322d70fa15ec4d3
- CVE-2014-5353
* SECURITY UPDATE: denial of service via database entry for a keyless
principal
- src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c: support keyless
principals.
- 877ad027ca2103f3ac2f581451fdd347a76b8981
- CVE-2014-5354
* SECURITY UPDATE: denial of service or code execution in kadmind XDR
data processing
- fix double free in src/lib/kadm5/kadm_rpc_xdr.c,
src/lib/rpc/auth_gssapi_misc.c.
- a197e92349a4aa2141b5dff12e9dd44c2a2166e3
- CVE-2014-9421
* SECURITY UPDATE: impersonation attack via two-component server
principals
- src/kadmin/server/kadm_rpc_svc.c: fix kadmind server validation.
- 6609658db0799053fbef0d7d0aa2f1fd68ef32d8
- CVE-2014-9422
* SECURITY UPDATE: gssrpc data leakage
- src/lib/rpc/svc_auth_gss.c: fix leakage.
- 5bb8a6b9c9eb8dd22bc9526751610aaa255ead9c
- CVE-2014-9423
Date: 2015-02-06 21:07:20.277381+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/krb5/1.8.1+dfsg-2ubuntu0.14
-------------- next part --------------
Sorry, changesfile not available.
More information about the Lucid-changes
mailing list