Your message dated Thu, 02 Sep 2021 19:47:17 +0000
with message-id <[email protected]>
and subject line Bug#992607: fixed in krb5 1.18.3-6+deb11u1
has caused the Debian Bug report #992607,
regarding CVE-2021-37750 in krb5: NULL dereference in authenticated FAST TGS
request
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
992607: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992607
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: krb5-kdc
Version: 1.15-1
Tags: security fixed-upstream
quoting from
https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49
CVE-2021-37750:
In MIT krb5 releases 1.14 and later, an authenticated attacker can
cause a null dereference in the KDC by sending a FAST TGS request with
no server field.
--- End Message ---
--- Begin Message ---
Source: krb5
Source-Version: 1.18.3-6+deb11u1
Done: Sam Hartman <[email protected]>
We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hartman <[email protected]> (supplier of updated krb5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 29 Aug 2021 16:38:12 -0600
Source: krb5
Architecture: source
Version: 1.18.3-6+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Sam Hartman <[email protected]>
Changed-By: Sam Hartman <[email protected]>
Closes: 991140 992607
Changes:
krb5 (1.18.3-6+deb11u1) bullseye; urgency=medium
.
* Fix KDC null dereference crash on FAST request with no server field,
CVE-2021-37750, Closes: #992607
* Fix memory leak in krb5_gss_inquire_cred, Closes: #991140
Checksums-Sha1:
54b7ccb58037189a6a8eea8d12b7fd60dc385205 2971 krb5_1.18.3-6+deb11u1.dsc
c980870b0d919138dd43805c1f6b9deadcfb8fd5 106192
krb5_1.18.3-6+deb11u1.debian.tar.xz
1c2c74d9213160d34af73767aff1750307696569 4960
krb5_1.18.3-6+deb11u1_source.buildinfo
Checksums-Sha256:
db16b93a4beae887fe38dfbb19d1c220501c185bb4416924c4ff531312dba91e 2971
krb5_1.18.3-6+deb11u1.dsc
c68ecf8e8f4238f8950a7c409392c9a0661a6ad0d5efd88b6f8b0a39f7e8af21 106192
krb5_1.18.3-6+deb11u1.debian.tar.xz
b0131ba153d0a03516686edb5c9fb36a89eb33d590480af3491abbc9a7439271 4960
krb5_1.18.3-6+deb11u1_source.buildinfo
Files:
bc7a01129ed3e7b39cfdcd696336d7a6 2971 net optional krb5_1.18.3-6+deb11u1.dsc
eec83fcdf4b3baec3a543cee7eeab238 106192 net optional
krb5_1.18.3-6+deb11u1.debian.tar.xz
57fe16de1b752149224eea3faeef71ef 4960 net optional
krb5_1.18.3-6+deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQSj2jRwbAdKzGY/4uAsbEw8qDeGdAUCYSwTggAKCRAsbEw8qDeG
dCziAQCbWEZGTzYISifsWFHcXxp77veFKAQVwqfH17l4lurv4QEArBJ6KHhfpBrE
1RiylnUo6CnU88oEZtYptO/D+lYh5QY=
=qsA4
-----END PGP SIGNATURE-----
--- End Message ---
