Your message dated Fri, 27 Aug 2021 15:08:18 +0000
with message-id <[email protected]>
and subject line Bug#992607: fixed in krb5 1.18.3-7
has caused the Debian Bug report #992607,
regarding CVE-2021-37750 in krb5: NULL dereference in authenticated FAST TGS
request
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
992607: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992607
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: krb5-kdc
Version: 1.15-1
Tags: security fixed-upstream
quoting from
https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49
CVE-2021-37750:
In MIT krb5 releases 1.14 and later, an authenticated attacker can
cause a null dereference in the KDC by sending a FAST TGS request with
no server field.
--- End Message ---
--- Begin Message ---
Source: krb5
Source-Version: 1.18.3-7
Done: Sam Hartman <[email protected]>
We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hartman <[email protected]> (supplier of updated krb5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 27 Aug 2021 08:13:47 -0600
Source: krb5
Architecture: source
Version: 1.18.3-7
Distribution: unstable
Urgency: medium
Maintainer: Sam Hartman <[email protected]>
Changed-By: Sam Hartman <[email protected]>
Closes: 981161 988743 991140 992607
Changes:
krb5 (1.18.3-7) unstable; urgency=medium
.
* Fix KDC null dereference crash on FAST request with no server field,
CVE-2021-37750, Closes: #992607
* Fix memory leak in krb5_gss_inquire_cred, Closes: #991140
* Add javascript libraries for docs, thanks Andreas Beckmann, Closes: #988743
* Drop build-dependency on libncurses5-dev which hasn't been needed
since krb5-appl was removed, Closes: #981161
Checksums-Sha1:
ee3c43c53371b6d5dcad396c90b00effe42f2b85 3160 krb5_1.18.3-7.dsc
946ea4fce9bb493fefb3b734d92b2aac10263705 106316 krb5_1.18.3-7.debian.tar.xz
3c780c85d61b356a9fca00f127798747baca0223 4928 krb5_1.18.3-7_source.buildinfo
Checksums-Sha256:
a5c8382335fb37e99f15266f2bf295700a1b2fda7d7db87899dd79a7f35514e9 3160
krb5_1.18.3-7.dsc
6a40d855d2154b353f958f383741d09b5e0c252b263dccefa23ddc1ae77f77c2 106316
krb5_1.18.3-7.debian.tar.xz
9316606f17fc87159ab37ab38256602d1d4a507d259754295315096cf1342464 4928
krb5_1.18.3-7_source.buildinfo
Files:
f1128c8b169850b68b84081b75d79c87 3160 net optional krb5_1.18.3-7.dsc
6210db7ba0439c7a501d3ed42743922c 106316 net optional
krb5_1.18.3-7.debian.tar.xz
21246e6c8cb8fcfcdd2e2d2d6d8b5d27 4928 net optional
krb5_1.18.3-7_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQSj2jRwbAdKzGY/4uAsbEw8qDeGdAUCYSj4YwAKCRAsbEw8qDeG
dMT1AQDWpFfQToQZW4GljbDciF5Hm5I70CGkm4eGgxMoTBj7RwEArXWhNqIFNNGj
o/DKtJLLKwCIKSfF8Vr4Y639x59fvgY=
=6D78
-----END PGP SIGNATURE-----
--- End Message ---
