so, i'll be uploading to oldstable-security shortly.
i have tested those patches.
i have a package ready to build at the wheezy branch of the debian krb5
git (debcheckout krb5)
I have not built that. I apparently don't have a wheezy environment and
am not going to have chance to set up chroot
I'll try to get it done by tomorrow morning east coast time.
If it doesn't happen by then it will be a while and it would be great if
someone else would step forward.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
* Tom Yu:
Some limited testing indicates that when the packet storm is confined
to a single host, legitimate kpasswd and kadm5 requests can still get
through, and the CPU usage pegs at about 70%. I haven't tested with
multiple hosts involved.
Out of curiosity, how many spoofed packets have
Florian Weimer f...@deneb.enyo.de writes:
* Tom Yu:
Some limited testing indicates that when the packet storm is confined
to a single host, legitimate kpasswd and kadm5 requests can still get
through, and the CPU usage pegs at about 70%. I haven't tested with
multiple hosts involved.
Out
* Tom Yu:
Florian Weimer f...@deneb.enyo.de writes:
* Tom Yu:
Some limited testing indicates that when the packet storm is confined
to a single host, legitimate kpasswd and kadm5 requests can still get
through, and the CPU usage pegs at about 70%. I haven't tested with
multiple hosts
* Sam Hartman:
I assume this goes back to squeeze as well.
Shouldn't the severity be higher? This seems probably worth a DSA
because such ping-pong attacks can really be bad for a network/server.
Or am I missing mittigations?
Yes, packet loops can be annoying. I think we should issue a DSA
Florian == Florian Weimer f...@deneb.enyo.de writes:
Florian Yes, packet loops can be annoying. I think we should issue
Florian a DSA for this.
OK, do you want me to prepare patches and builds for squeeze and wheezy?
--
To UNSUBSCRIBE, email to
* Sam Hartman:
Florian == Florian Weimer f...@deneb.enyo.de writes:
Florian Yes, packet loops can be annoying. I think we should issue
Florian a DSA for this.
OK, do you want me to prepare patches and builds for squeeze and wheezy?
Yes, that would be ideal.
--
To UNSUBSCRIBE,
Package: krb5-admin-server
Version: 1.10.1+dfsg-5
Owner: ka...@mit.edu
Upstream has fixed CVE-2002-2443 in their git master, with the following
commit message:
Fix kpasswd UDP ping-pong [CVE-2002-2443]
The kpasswd service provided by kadmind was vulnerable to a UDP
ping-pong
I assume this goes back to squeeze as well.
Shouldn't the severity be higher? This seems probably worth a DSA
because such ping-pong attacks can really be bad for a network/server.
Or am I missing mittigations?
I'd be happy to work on packages.
--
To UNSUBSCRIBE, email to
Sam Hartman hartm...@debian.org writes:
I assume this goes back to squeeze as well.
The bug is as old as the file it's in.
Shouldn't the severity be higher? This seems probably worth a DSA
because such ping-pong attacks can really be bad for a network/server.
Or am I missing mittigations?
severity 708267 serious
tags 708267 security
found 708267 krb5-admin-server/1.8.3+dfsg-4
thanks
Yeah, sounds like an advisory to me.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
I have a patch staged in my local checkout of the packaging, but need to
settle out some (apparent) multiarch issues on my jessie machine before I
can install the resulting binaries for testing.
-Ben
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of
Benjamin == Benjamin Kaduk ka...@mit.edu writes:
Benjamin I have a patch staged in my local checkout of the
Benjamin packaging, but need to settle out some (apparent)
Benjamin multiarch issues on my jessie machine before I can install
Benjamin the resulting binaries for testing.
On Tue, 14 May 2013, Sam Hartman wrote:
Sorry, I missed this. and had already done an upload.
No worries, it is a trivial patch to apply.
Please push the packaging to alioth at your convenience.
-Ben
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of
15 matches
Mail list logo
