[Bug 1009422] Re: (CVE-2012-1013) krb5 : kadmind denial of service
This bug was fixed in the package krb5 - 1.10+dfsg~beta1-2ubuntu0.3 --- krb5 (1.10+dfsg~beta1-2ubuntu0.3) precise-security; urgency=low * SECURITY UPDATE: KDC heap corruption and crash vulnerabilities - debian/patches/MITKRB5-SA-2012-001.patch: initialize pointers both at allocation and assignment time - CVE-2012-1015, CVE-2012-1014 * SECURITY UPDATE: denial of service in kadmind (LP: #1009422) - debian/patches/krb5-CVE-2012-1013.patch: check for null password - CVE-2012-1013 * SECURITY UPDATE: insufficient ACL checking on get_strings/set_string - debian/patches/krb5-CVE-2012-1012.patch: make the access controls for get_strings/set_string mirror those of get_principal/modify_principal - CVE-2012-1012 -- Steve Beattie sbeat...@ubuntu.com Thu, 26 Jul 2012 14:29:35 -0700 ** Changed in: krb5 (Ubuntu) Status: Confirmed = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-1012 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-1014 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-1015 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1009422 Title: (CVE-2012-1013) krb5 : kadmind denial of service To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1009422/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1009422] Re: (CVE-2012-1013) krb5 : kadmind denial of service
** Branch linked: lp:ubuntu/lucid-security/krb5 ** Branch linked: lp:ubuntu/natty-security/krb5 ** Branch linked: lp:ubuntu/oneiric-security/krb5 ** Branch linked: lp:ubuntu/precise-security/krb5 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1009422 Title: (CVE-2012-1013) krb5 : kadmind denial of service To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1009422/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1009422] Re: (CVE-2012-1013) krb5 : kadmind denial of service
** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-1012 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-1014 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-1015 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1009422 Title: (CVE-2012-1013) krb5 : kadmind denial of service To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1009422/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1009422] Re: (CVE-2012-1013) krb5 : kadmind denial of service
This is a low priority issue due to the required privileges needed to exploit it. ** Changed in: krb5 (Ubuntu) Importance: Undecided = Low -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1009422 Title: (CVE-2012-1013) krb5 : kadmind denial of service To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1009422/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1009422] Re: (CVE-2012-1013) krb5 : kadmind denial of service
Confirmed, needs a security release for all supported versions. ** Changed in: krb5 (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1009422 Title: (CVE-2012-1013) krb5 : kadmind denial of service To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1009422/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1009422] Re: (CVE-2012-1013) krb5 : kadmind denial of service
** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1009422 Title: (CVE-2012-1013) krb5 : kadmind denial of service To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1009422/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
