[ubuntu/trusty-security] krb5 1.12+dfsg-2ubuntu5.4 (Accepted)

Eduardo dos Santos Barretto eduardo.barretto at canonical.com
Thu Jan 10 19:17:31 UTC 2019

krb5 (1.12+dfsg-2ubuntu5.4) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS (out-of-bounds read) via a crafted string
    - debian/patches/CVE-2015-8629.patch: Verify decode kadmin C strings
    - CVE-2015-8629
  * SECURITY UPDATE: DoS (NULL pointer dereference) by specifying KADM5_POLICY
    with a NULL policy name
    - debian/patches/CVE-2015-8630.patch: Check for null kadm5 policy name
    - CVE-2015-8630
  * SECURITY UPDATE: DoS (memory consumption) via a request specifying a NULL
    principal name
    - debian/patches/CVE-2015-8631.patch: Fix leaks in kadmin server stubs
    - CVE-2015-8631
  * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to
    modify a principal
    - debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on
      empty arg
    - CVE-2016-3119
  * SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request
    - debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon
      is restricted
    - CVE-2016-3120
  * SECURITY UPDATE: KDC assertion failure
    - debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status
      assertion failures
    - debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment
    - CVE-2017-11368
  * SECURITY UPDATE: Double free vulnerability
    - debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept
    - CVE-2017-11462
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
    - CVE-2018-5729
    - CVE-2018-5730

krb5 (1.12+dfsg-2ubuntu5.3) trusty; urgency=medium

  * d/p/upstream/0001-Add-SPNEGO-special-case-for-NTLMSSP-MechListMIC.patch:
    Cherry-pick from upstream to add SPNEGO special case for
    NTLMSSP+MechListMIC.  LP: #1643708.

Date: 2019-01-10 18:06:12.384461+00:00
Changed-By: Eduardo dos Santos Barretto <eduardo.barretto at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list