Bug#869260: marked as done (CVE-2017-11368)
Your message dated Mon, 28 Aug 2017 16:57:41 -0400 with message-id and subject line Fixed in krb5 1.12.1+dfsg-19+deb8u3 has caused the Debian Bug report #869260, regarding CVE-2017-11368 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 869260: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869260 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: krb5 Severity: grave Tags: security Hi, please see: https://github.com/krb5/krb5/pull/678/commits/a860385dd8fbd239fdb31b347e07f4e6b2fbdcc2 Cheers, Moritz --- End Message --- --- Begin Message --- source: krb5 source-version: 1.12.1+dfsg-19+deb8ku3 Hi. The following issues were fixed in 1.12.1+dfsg-19+deb8u3 for jessie. I ended up needing to build a +deb8u4 because of a build/upload issue, and so the bugs were not automattically closed. Here's the relevant changelog info: krb5 (1.12.1+dfsg-19+deb8u4) jessie; urgency=medium * New version number; same code as deb8u3 but rebuilt to build arch all packages and because dgit doesn't deal well with reusing a version number when a package is rejected -- Sam Hartman Mon, 28 Aug 2017 11:55:49 -0400 krb5 (1.12.1+dfsg-19+deb8u3) jessie; urgency=high * CVE-2017-11368: Remote authenticated attackers can crash the KDC, Closes: #869260 * fix for CVE-2016-3120 (kdc crash on restrict_anon_to_tgt), Closes: #832572 * fix for CVE-2016-3119: remote DOS with ldap for authenticated attackers, Closes: #819468 * Prevent requires_preauth bypass (CVE-2015-2694), Closes: #783557 -- Sam Hartman Sun, 13 Aug 2017 18:02:34 -0400 signature.asc Description: PGP signature --- End Message ---
Bug#869260: marked as done (CVE-2017-11368)
Your message dated Sat, 12 Aug 2017 16:17:09 + with message-id and subject line Bug#869260: fixed in krb5 1.15-1+deb9u1 has caused the Debian Bug report #869260, regarding CVE-2017-11368 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 869260: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869260 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: krb5 Severity: grave Tags: security Hi, please see: https://github.com/krb5/krb5/pull/678/commits/a860385dd8fbd239fdb31b347e07f4e6b2fbdcc2 Cheers, Moritz --- End Message --- --- Begin Message --- Source: krb5 Source-Version: 1.15-1+deb9u1 We believe that the bug you reported is fixed in the latest version of krb5, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 869...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sam Hartman (supplier of updated krb5 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 09 Aug 2017 12:19:50 -0400 Source: krb5 Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-kpropd krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-otp krb5-k5tls krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit11 libkadm5clnt-mit11 libk5crypto3 libkdb5-8 libkrb5support0 libkrad0 krb5-gss-samples krb5-locales libkrad-dev Architecture: source Version: 1.15-1+deb9u1 Distribution: stretch Urgency: high Maintainer: Sam Hartman Changed-By: Sam Hartman Description: krb5-admin-server - MIT Kerberos master server (kadmind) krb5-doc - documentation for MIT Kerberos krb5-gss-samples - MIT Kerberos GSS Sample applications krb5-k5tls - TLS plugin for MIT Kerberos krb5-kdc - MIT Kerberos key server (KDC) krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin krb5-kpropd - MIT Kerberos key server (KDC) krb5-locales - internationalization support for MIT Kerberos krb5-multidev - development files for MIT Kerberos without Heimdal conflict krb5-otp - OTP plugin for MIT Kerberos krb5-pkinit - PKINIT plugin for MIT Kerberos krb5-user - basic programs to authenticate using MIT Kerberos libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library libkadm5clnt-mit11 - MIT Kerberos runtime libraries - Administration Clients libkadm5srv-mit11 - MIT Kerberos runtime libraries - KDC and Admin Server libkdb5-8 - MIT Kerberos runtime libraries - Kerberos database libkrad-dev - MIT Kerberos RADIUS Library Development libkrad0 - MIT Kerberos runtime libraries - RADIUS library libkrb5-3 - MIT Kerberos runtime libraries libkrb5-dbg - debugging files for MIT Kerberos libkrb5-dev - headers and development libraries for MIT Kerberos libkrb5support0 - MIT Kerberos runtime libraries - Support library Closes: 856307 860767 869260 Changes: krb5 (1.15-1+deb9u1) stretch; urgency=high . * CVE-2017-11368: Remote authenticated attackers can crash the KDC, Closes: #869260 * Upstream patches to fix startup if getaddrinfo() returns a wildcard v6 address, and to fix handling of explicitly specified v4 wildcard address; regression over previous versions, Closes: #860767 * Fix SRV lookups to respect udp_preference_limit, regression over previous versions with OTP, Closes: #856307 Checksums-Sha1: 3865bd0c4b019aef44e8fbb08cd0a875f4ab2e50 3373 krb5_1.15-1+deb9u1.dsc 35368ab78bb847d0b23cc957bfb931e6fb45dd61 144944 krb5_1.15-1+deb9u1.debian.tar.xz Checksums-Sha256: cb69444c826f380c9d3ea7c5e6bf04105ca2fceb26ecc14b293f458f337f34c2 3373 krb5_1.15-1+deb9u1.dsc f04183b2ecfd0fe488975338eb4f900d5f605c81a9ae279451ceda948d99a21c 144944 krb5_1.15-1+deb9u1.debian.tar.xz Files: 03dd0ab3bfb4c70bd8bea0437db65194 3373 net standard krb5_1.15-1+deb9u1.dsc 981da9e09bcd891263f0a05d4789e7fe 144944 net standard krb5_1.15-1+deb9u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQGfBAEBCAAdFiEEz1cSziAwmFRQyTi4fJpR9iayVp8FAlmOZ/IACgkQfJpR9iay Vp+xggtdHdvSRs7m6ZmvcvY2exjBKZjNuu4fE1yOoG0NxrtolEJ1Wmr10jKbDOV/ GAmjCKYCn/OLH7owt4Lk+G8TBMdfqXx4Vszbp4p3/mrlH
Bug#869260: marked as done (CVE-2017-11368)
Your message dated Sun, 23 Jul 2017 19:20:34 + with message-id and subject line Bug#869260: fixed in krb5 1.15.1-2 has caused the Debian Bug report #869260, regarding CVE-2017-11368 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 869260: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869260 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: krb5 Severity: grave Tags: security Hi, please see: https://github.com/krb5/krb5/pull/678/commits/a860385dd8fbd239fdb31b347e07f4e6b2fbdcc2 Cheers, Moritz --- End Message --- --- Begin Message --- Source: krb5 Source-Version: 1.15.1-2 We believe that the bug you reported is fixed in the latest version of krb5, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 869...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sam Hartman (supplier of updated krb5 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 23 Jul 2017 14:16:38 -0400 Source: krb5 Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-kpropd krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-otp krb5-k5tls krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit11 libkadm5clnt-mit11 libk5crypto3 libkdb5-8 libkrb5support0 libkrad0 krb5-gss-samples krb5-locales libkrad-dev Architecture: source Version: 1.15.1-2 Distribution: unstable Urgency: high Maintainer: Sam Hartman Changed-By: Sam Hartman Description: krb5-admin-server - MIT Kerberos master server (kadmind) krb5-doc - documentation for MIT Kerberos krb5-gss-samples - MIT Kerberos GSS Sample applications krb5-k5tls - TLS plugin for MIT Kerberos krb5-kdc - MIT Kerberos key server (KDC) krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin krb5-kpropd - MIT Kerberos key server (KDC) krb5-locales - internationalization support for MIT Kerberos krb5-multidev - development files for MIT Kerberos without Heimdal conflict krb5-otp - OTP plugin for MIT Kerberos krb5-pkinit - PKINIT plugin for MIT Kerberos krb5-user - basic programs to authenticate using MIT Kerberos libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library libkadm5clnt-mit11 - MIT Kerberos runtime libraries - Administration Clients libkadm5srv-mit11 - MIT Kerberos runtime libraries - KDC and Admin Server libkdb5-8 - MIT Kerberos runtime libraries - Kerberos database libkrad-dev - MIT Kerberos RADIUS Library Development libkrad0 - MIT Kerberos runtime libraries - RADIUS library libkrb5-3 - MIT Kerberos runtime libraries libkrb5-dbg - debugging files for MIT Kerberos libkrb5-dev - headers and development libraries for MIT Kerberos libkrb5support0 - MIT Kerberos runtime libraries - Support library Closes: 868035 868121 869260 Changes: krb5 (1.15.1-2) unstable; urgency=high . * Depend on libsasl2-dev for LDAP SASL authentication, Thanks Hideki Yamane, Closes: #868035 * Remove /etc/gss/mech.d/README on libgssapi-krb5-2 purge, Closes: #868121 * CVE-2017-11368: Remote authenticated attackers can crash the KDC, Closes: #869260 * Set Restart=on-abnormal in krb5-kdc.service and krb5-admind.service to minimize the impact of future DOS bugs. Checksums-Sha1: 6c58015344fb8bee5e94c8b2efd654f0b487218f 3294 krb5_1.15.1-2.dsc ba9535120446603872db101faaf54011d6f96b90 143404 krb5_1.15.1-2.debian.tar.xz Checksums-Sha256: 717416ea51edbfd268631e700c15cce1244f730a97d317288ab0be20d43a 3294 krb5_1.15.1-2.dsc e44c17efbf26e5d2a3de7577a039085683efe21afb0da3eacc12c17dc01e9d1a 143404 krb5_1.15.1-2.debian.tar.xz Files: 8a93bd2565a27473ba5e864e930a8c37 3294 net standard krb5_1.15.1-2.dsc 9860ed2fa3a92f7bb6eddca0ff9a4c55 143404 net standard krb5_1.15.1-2.debian.tar.xz -BEGIN PGP SIGNATURE- iQGfBAEBCAAdFiEEz1cSziAwmFRQyTi4fJpR9iayVp8FAll07/MACgkQfJpR9iay Vp+80QtguNCcZC+JsbFennH25OFDJpNgpuA1k/kYixvaEny1cC5SKFCJQltNUKDG YTElbzHu00t/wICzwCe9BX64b4027k2MdisZLPR6F/iLQOxn3fz+UvjSo2em+rEI WpbOHLLSrZ7ODtgojj2snd0ZrsHhKT8vZ0ePNSPu9FBe9MbNazzxTWLa2P3