Your message dated Wed, 23 Jul 2014 21:44:25 +0000
with message-id <[email protected]>
and subject line Bug#755521: fixed in krb5 1.12.1+dfsg-5
has caused the Debian Bug report #755521,
regarding CVE-2014-4344 in krb5: NULL dereference in GSSAPI servers
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
755521: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755521
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libgssapi-krb5-2
Version: 1.8.3+dfsg-4squeeze7
Upstream has committed a fix for CVE-2014-4344 to their git repo; we
should take it as well, and probably push it back into the -security repos
for stable and co.
I plan to get this patch in along with the CVE-2014-4343 patch.
From the commit message:
In MIT krb5 1.5 and newer, an unauthenticated or partially
authenticated remote attacker can cause a NULL dereference and
application crash during a SPNEGO negotiation by sending an empty
token as the second or later context token from initiator to acceptor.
The attacker must provide at least one valid context token in the
security context negotiation before sending the empty token. This can
be done by an unauthenticated attacker by forcing SPNEGO to
renegotiate the underlying mechanism, or by using IAKERB to wrap an
unauthenticated AS-REQ as the first token.
CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C
-Ben
--- End Message ---
--- Begin Message ---
Source: krb5
Source-Version: 1.12.1+dfsg-5
We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Benjamin Kaduk <[email protected]> (supplier of updated krb5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 21 Jul 2014 17:27:10 -0400
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev
libkrb5-dev libkrb5-dbg krb5-pkinit krb5-otp krb5-doc libkrb5-3
libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit9 libkadm5clnt-mit9 libk5crypto3
libkdb5-7 libkrb5support0 libkrad0 krb5-gss-samples krb5-locales libkrad-dev
Architecture: source all amd64
Version: 1.12.1+dfsg-5
Distribution: unstable
Urgency: high
Maintainer: Sam Hartman <[email protected]>
Changed-By: Benjamin Kaduk <[email protected]>
Description:
krb5-admin-server - MIT Kerberos master server (kadmind)
krb5-doc - Documentation for MIT Kerberos
krb5-gss-samples - MIT Kerberos GSS Sample applications
krb5-kdc - MIT Kerberos key server (KDC)
krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
krb5-locales - Internationalization support for MIT Kerberos
krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
krb5-otp - OTP plugin for MIT Kerberos
krb5-pkinit - PKINIT plugin for MIT Kerberos
krb5-user - Basic programs to authenticate using MIT Kerberos
libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
libkadm5clnt-mit9 - MIT Kerberos runtime libraries - Administration Clients
libkadm5srv-mit9 - MIT Kerberos runtime libraries - KDC and Admin Server
libkdb5-7 - MIT Kerberos runtime libraries - Kerberos database
libkrad-dev - MIT Kerberos RADIUS Library Development
libkrad0 - MIT Kerberos runtime libraries - RADIUS library
libkrb5-3 - MIT Kerberos runtime libraries
libkrb5-dbg - Debugging files for MIT Kerberos
libkrb5-dev - Headers and development libraries for MIT Kerberos
libkrb5support0 - MIT Kerberos runtime libraries - Support library
Closes: 755520 755521
Changes:
krb5 (1.12.1+dfsg-5) unstable; urgency=high
.
* Apply upstream patches for CVE-2014-4343, CVE-2014-4344, Closes: #755520,
Closes: #755521
Checksums-Sha1:
89f7cfbaf8685961ccc8e5bd2963d8bfdd12abc7 2487 krb5_1.12.1+dfsg-5.dsc
b1f66d54437d64e44bb0b7a18bd4508f37874b47 97832 krb5_1.12.1+dfsg-5.debian.tar.xz
8838b1cdfa90266f7ca043b008b1e24b2edbcabd 4690996 krb5-doc_1.12.1+dfsg-5_all.deb
c3ac0e538b4ae9de2b05b3de313a204be9a849a1 2647766
krb5-locales_1.12.1+dfsg-5_all.deb
cd1bbee6982eab680443c3c6416299850be60361 135066
krb5-user_1.12.1+dfsg-5_amd64.deb
cac96c8876e4f8c0e1b6e3caef81b7a92e919e70 205434
krb5-kdc_1.12.1+dfsg-5_amd64.deb
058c6ee455b77b74a92111711b2d723ef563fa4b 108880
krb5-kdc-ldap_1.12.1+dfsg-5_amd64.deb
5134cd9fd80cc76153a8fb01f4c76a78c0559ac5 113592
krb5-admin-server_1.12.1+dfsg-5_amd64.deb
fd1abd00bb710b86ff429c728908498bf2433090 140486
krb5-multidev_1.12.1+dfsg-5_amd64.deb
8b58990306648d55210b07d7eb72618e8dc25a2d 43876
libkrb5-dev_1.12.1+dfsg-5_amd64.deb
d4b5bf86f5430da915726916ff775c1102750a9d 1406456
libkrb5-dbg_1.12.1+dfsg-5_amd64.deb
9f5edfd91413c20f40b6e32fbf93df19e6fc6c0f 81438
krb5-pkinit_1.12.1+dfsg-5_amd64.deb
346a462580fd1f57438f161e81c821322f5334f7 46392 krb5-otp_1.12.1+dfsg-5_amd64.deb
c4ae7857889d79c9ceb2f875f51602162a59899d 297986
libkrb5-3_1.12.1+dfsg-5_amd64.deb
9e6bc7f852f72b58dd629c10357ba3c3aa02bcbf 146966
libgssapi-krb5-2_1.12.1+dfsg-5_amd64.deb
8b2cd105a01515884f6c6ad1dcf6fb8be34b40aa 84208
libgssrpc4_1.12.1+dfsg-5_amd64.deb
655ab67e1a0c4c900c998c28158e1162289216e9 80608
libkadm5srv-mit9_1.12.1+dfsg-5_amd64.deb
a598e94a5ba0eb666e62929bdd4fb33f44ba9d56 66100
libkadm5clnt-mit9_1.12.1+dfsg-5_amd64.deb
b0341124416fedb9009c71ab8c8e0a848e7774d2 111288
libk5crypto3_1.12.1+dfsg-5_amd64.deb
bdfea2b399395386c312e23024cee5be517b613e 66162
libkdb5-7_1.12.1+dfsg-5_amd64.deb
8defdd2a50ca7e8c6aa850b53475abf4d1fb6225 57038
libkrb5support0_1.12.1+dfsg-5_amd64.deb
90b6373723b1378b64920822384387af0bf046c2 50854 libkrad0_1.12.1+dfsg-5_amd64.deb
33aef4f2b9818dcab54fa1ad5aeaf0be50b291d2 54212
krb5-gss-samples_1.12.1+dfsg-5_amd64.deb
1aa67fd5a346b6d96131c53edc3be1d0edb4f41f 41312
libkrad-dev_1.12.1+dfsg-5_amd64.deb
Checksums-Sha256:
e4b252243f433fe76eef4422dc73b2cda1e0ca2b1a315730b2d435b4bf1a44f9 2487
krb5_1.12.1+dfsg-5.dsc
05b49bfc68aad38f4aae335f12252eccb2eda1dd86b52215636cafd1116f4de5 97832
krb5_1.12.1+dfsg-5.debian.tar.xz
933c3220819d2fd8cd803ba6d7e5492c2ceee74c61f3f41dde83fae3b6f186a0 4690996
krb5-doc_1.12.1+dfsg-5_all.deb
58fc3dd95c963052b152e24f802c319759407a672c37312947bc0bd0a4971440 2647766
krb5-locales_1.12.1+dfsg-5_all.deb
9eee2efceaf76b1f2ef371d74f684e301d15e83abe047309d35c78b45cc29756 135066
krb5-user_1.12.1+dfsg-5_amd64.deb
1c55b929808a4cb7f2d7cdf8c9e52f77a8165ee240786aea95cc60fafedba289 205434
krb5-kdc_1.12.1+dfsg-5_amd64.deb
b629eff3670490a90be3e3e048874dafe745c948d5d2abbcd09531f48551f378 108880
krb5-kdc-ldap_1.12.1+dfsg-5_amd64.deb
fe4b47e7f24ddb3e40198eba50ee83e5587544b723d0ed84da95db7608aab49f 113592
krb5-admin-server_1.12.1+dfsg-5_amd64.deb
5f609eeea7b74f127d16285c7b84038aeee6a6115404727fafb3ce8340235c99 140486
krb5-multidev_1.12.1+dfsg-5_amd64.deb
e360f052dcbdbdb46057e5960a970057b01798fdbd63b3603de7c695d227d6d8 43876
libkrb5-dev_1.12.1+dfsg-5_amd64.deb
e94aeb9e9245b6459fae727cb45078c4b1de2b64a71d10752cb60b92060bf15e 1406456
libkrb5-dbg_1.12.1+dfsg-5_amd64.deb
a8342ac3513aba750012b9ae9cbb1dd8f9ee5fa1318a5a6445701024b5039e67 81438
krb5-pkinit_1.12.1+dfsg-5_amd64.deb
c522d11d573a4a63ce1d20bee08e99e710144a4fd9d871b0ee484dc6d66da58e 46392
krb5-otp_1.12.1+dfsg-5_amd64.deb
3bdbc39bce8e96b394c39230be5068235704a55b2bc8d65db2006c8bfc1b61a6 297986
libkrb5-3_1.12.1+dfsg-5_amd64.deb
455f8f420bb23bb1e6a04b7941e893b1b84576542ffd20e0ca8b58c374505e86 146966
libgssapi-krb5-2_1.12.1+dfsg-5_amd64.deb
07592fd9a501af3f607b8a5d8ef6fdaa9f0ae3b44bbfa6eb11b720ea91ddf760 84208
libgssrpc4_1.12.1+dfsg-5_amd64.deb
8f09c09277026b16682020a89e83cab0c0c5436f5dc45005766658d07141f7a4 80608
libkadm5srv-mit9_1.12.1+dfsg-5_amd64.deb
a8faedd13161f5b8861b430d3ef463de878f6174dd146ed0e653f4a216dba7cd 66100
libkadm5clnt-mit9_1.12.1+dfsg-5_amd64.deb
5bbc624fc070e11ec16c2538a823bea27aef6ba78a9d44aa288656450d44f624 111288
libk5crypto3_1.12.1+dfsg-5_amd64.deb
ba494439caaff3df85eaea0bf92cace5ef1bc0fd127d79077ff6861c451ceef2 66162
libkdb5-7_1.12.1+dfsg-5_amd64.deb
16419bc9fbe176ba1d14ecb5ab6271b6ba4a5834e176446932b7e2e423d48857 57038
libkrb5support0_1.12.1+dfsg-5_amd64.deb
8df9b618552225a6944bb87c50add2a9e7ccf45d3472b8300e9be55dcac68ced 50854
libkrad0_1.12.1+dfsg-5_amd64.deb
434bba659b965879d7bb47aabc320480d76ad70288eb6da51d3e1bdc6d82b5d1 54212
krb5-gss-samples_1.12.1+dfsg-5_amd64.deb
a3e3242501eb4e03cd5f6829ccf02e159fd246ac19c24658f2a1fe9800c2e51c 41312
libkrad-dev_1.12.1+dfsg-5_amd64.deb
Files:
2febda4e016dfba6d42a5d593d07f01a 2487 net standard krb5_1.12.1+dfsg-5.dsc
9bd87a3ae1553ffa40578abff535cc56 97832 net standard
krb5_1.12.1+dfsg-5.debian.tar.xz
f6e0ce2a9ca805f049cec6a97ab47357 4690996 doc optional
krb5-doc_1.12.1+dfsg-5_all.deb
61520c33453c0097db793526b10d809b 2647766 localization standard
krb5-locales_1.12.1+dfsg-5_all.deb
bc76b645bd80c096c1eecc67530e0541 135066 net optional
krb5-user_1.12.1+dfsg-5_amd64.deb
c21a132931aa599b7ae4bfe43c415b5a 205434 net optional
krb5-kdc_1.12.1+dfsg-5_amd64.deb
2d4f9627b47647c7177c64b9fe851b13 108880 net extra
krb5-kdc-ldap_1.12.1+dfsg-5_amd64.deb
3cd77b6bde9c6ac0e7f061d645a7473c 113592 net optional
krb5-admin-server_1.12.1+dfsg-5_amd64.deb
5dd726eaa60e0c8ee2c423800fd061a1 140486 libdevel optional
krb5-multidev_1.12.1+dfsg-5_amd64.deb
7db558ad5e519772f7ae5e13ce1dfa41 43876 libdevel extra
libkrb5-dev_1.12.1+dfsg-5_amd64.deb
34e756b45f85af5c3ca05610546342c0 1406456 debug extra
libkrb5-dbg_1.12.1+dfsg-5_amd64.deb
7eda40a95a09208e5c36c4246867c122 81438 net extra
krb5-pkinit_1.12.1+dfsg-5_amd64.deb
4ea603a838db5c25145a8e7c26f7230c 46392 net extra
krb5-otp_1.12.1+dfsg-5_amd64.deb
1a4a0fedb73a7495b6a972d9fa69aeae 297986 libs standard
libkrb5-3_1.12.1+dfsg-5_amd64.deb
dbbc04dec8c7db279951c69e79d5d2e7 146966 libs standard
libgssapi-krb5-2_1.12.1+dfsg-5_amd64.deb
d3c247c6599de309d2c20fcdd60baf0e 84208 libs standard
libgssrpc4_1.12.1+dfsg-5_amd64.deb
11476e54fcdeef700e976494d4362719 80608 libs standard
libkadm5srv-mit9_1.12.1+dfsg-5_amd64.deb
c21064ec32820215408da2db622f60d4 66100 libs standard
libkadm5clnt-mit9_1.12.1+dfsg-5_amd64.deb
de019aeffebc7927ef7dc1788c94de8b 111288 libs standard
libk5crypto3_1.12.1+dfsg-5_amd64.deb
99ca223d91e3d58c024d0fcc79b40d5a 66162 libs standard
libkdb5-7_1.12.1+dfsg-5_amd64.deb
42a691df1d43c1afbbf696fba68ee35a 57038 libs standard
libkrb5support0_1.12.1+dfsg-5_amd64.deb
70bfa3a1bfc6a638f102ecd69af00e76 50854 libs standard
libkrad0_1.12.1+dfsg-5_amd64.deb
7b9996a30fdff0847dfbf2329820556b 54212 net extra
krb5-gss-samples_1.12.1+dfsg-5_amd64.deb
45d2a29baf8a6f2c1b99da34ea2902d1 41312 libdevel extra
libkrad-dev_1.12.1+dfsg-5_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlPQCdwACgkQ/I12czyGJg+rgACfQB2lUq1VSYMR3yqXfTMbTYEx
/bEAn15BUgKjQS3zJT3/7C3gQMfqExCK
=D3A8
-----END PGP SIGNATURE-----
--- End Message ---
