Your message dated Fri, 19 Jun 2026 15:05:04 +0000
with message-id <[email protected]>
and subject line Bug#1139821: fixed in krb5 1.22.1-3
has caused the Debian Bug report #1139821,
regarding krb5: CVE-2026-11850
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1139821: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139821
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: krb5
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for krb5.
CVE-2026-11850[0]:
| An integer underflow vulnerability was found in MIT krb5 in the
| berval2tl_data() function in
| plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The function
| performs an unsigned subtraction (bv_len - 2) without a prior bounds
| check. When bv_len is 0 or 1, the subtraction wraps to a large value
| which is then truncated to uint16_t, yielding 0xFFFE (65534) or
| 0xFFFF (65535). The subsequent malloc succeeds and memcpy reads up
| to 65534 bytes from a 0-1 byte buffer, resulting in a heap out-of-
| bounds read. The attack vector involves a malicious or compromised
| LDAP KDB backend returning a krbExtraData attribute with bv_len < 2,
| triggering the underflow when the KDC or kadmind reads principal
| data.
https://krbdev.mit.edu/rt/Ticket/Display.html?id=9206
https://github.com/krb5/krb5/commit/2a5fd83d4436583f2ddc0e193269a4d800ee45c4
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-11850
https://www.cve.org/CVERecord?id=CVE-2026-11850
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: krb5
Source-Version: 1.22.1-3
Done: Sam Hartman <[email protected]>
We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hartman <[email protected]> (supplier of updated krb5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 19 Jun 2026 08:30:16 -0600
Source: krb5
Architecture: source
Version: 1.22.1-3
Distribution: unstable
Urgency: medium
Maintainer: Sam Hartman <[email protected]>
Changed-By: Sam Hartman <[email protected]>
Closes: 1128877 1138466 1139821
Changes:
krb5 (1.22.1-3) unstable; urgency=medium
.
[ Emmanuel Arias ]
* CVE-2026-11850: Prevent read overrun in libkdb_ldap (Closes: #1139821).
.
[ Sam Hartman ]
* Fix C23 use of strchr, Closes: #1128877
* Remove lintian tag that ldap plugin is linked against libc6; no longer
needed
* Upstream patch for OpenSSL 4.0 compatibility, Closes: #1138466
* Upstream commit f5bbfa4 to use openssl facilities to verify certificates;
needed to avoid discarding const qualifier from Openssl 4.0 patch
Checksums-Sha1:
845bb8aaa01fff2fc5fb696c6d662d3f0ffbb32e 3397 krb5_1.22.1-3.dsc
1d8d7d0ebabe58a4c8fd73e994b9185fddeb70d6 111476 krb5_1.22.1-3.debian.tar.xz
a0b70184d6328b4ef43b7cd07566dcc6f67bc8a0 5430 krb5_1.22.1-3_source.buildinfo
Checksums-Sha256:
b619af9a52f00c4888e1f53f38d5e147e8c518d1c5b0cda120873fa4ebd4ea77 3397
krb5_1.22.1-3.dsc
519ad7537260ebc450a678b38f00c8deaf0e05d848d0e5cfeef1ddb154663ba8 111476
krb5_1.22.1-3.debian.tar.xz
7920ad149020edb369818ac43505bcf704974c5dadb99e9ccbfe454863d9686f 5430
krb5_1.22.1-3_source.buildinfo
Files:
3730d9a46e9231b4d200afaab70ff91b 3397 net optional krb5_1.22.1-3.dsc
43ba1f462c405922f93d52df62f9d3dd 111476 net optional
krb5_1.22.1-3.debian.tar.xz
17f3f77631ce2425aa43ae8752a25f1d 5430 net optional
krb5_1.22.1-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQSj2jRwbAdKzGY/4uAsbEw8qDeGdAUCajVT1wAKCRAsbEw8qDeG
dHx3AQDDJPFs5+Ydjhj6Vo7s4YSNZb1Z2sR42GzteXd4/qYEtgD+PGJW+prLvCa1
JVoMZ0eUAsdEMNEagaUDh0kMJQBp7wQ=
=eZWN
-----END PGP SIGNATURE-----
pgpfHRNE2z8eC.pgp
Description: PGP signature
--- End Message ---
