-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : krb5 Version : 1.10.1+dfsg-5+deb7u9 CVE ID : CVE-2013-1418 CVE-2014-5351 CVE-2014-5353 CVE-2014-5355 CVE-2016-3119 CVE-2016-3120 Debian Bug : 728845 762479 773226 778647 819468 832572
Kerberos, a system for authenticating users and services on a network, was affected by several vulnerabilities. The Common Vulnerabilities and Exposures project identifies the following issues. CVE-2013-1418 Kerberos allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request when multiple realms are configured. CVE-2014-5351 Kerberos sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access. CVE-2014-5353 When the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy. CVE-2014-5355 Kerberos expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, CVE-2016-3119 Kerberos allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. CVE-2016-3120 Kerberos allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request. For Debian 7 "Wheezy", these problems have been fixed in version 1.10.1+dfsg-5+deb7u9. We recommend that you upgrade your krb5 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlpx95pfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRd+g/7B1Fgvyn2LEQB5QlDyxDQG46KLTwihMnrDc0Km8sZ0zAQsoRCzjnL/96G pxsxnAMuTYkwAS98SKtODgQ3SRfD9gMrUXsIJHAMfqTEVrjWRXOZeJ00LIgj3g6d 690aKQv7TLYtmzizGo3w4KDkmUiVWzpgaGEEO7UCQCClpSODFmvNXYDOe4VRLwVS MsB8VJ7D9UyjzEhfD2MJZSngBEG5Y+RxB5TZoVCGiHjaC6HiFp3CxEIn2cIuihWU I3RQGVSPH/dlWkYTi9PIbZBhy+uf/f1V6K8LbPjD3kyMtyNLalc0mv+b61X5LfqQ 8M0hliMldGkhSLFEzpoQbabEYqm6jrnvlXIRY4mJzh0r9NRLdHYXyArw8FKdIq5J MH0+6Fsmg2CXOguLc6U0GHkPLgrVaSQG2FSDhbb2G2Q866m+n5x9CQLQ68VluQDG 4DsCwIufklh96ZaYsISbOpH7taTLExAusf0xbhdaqqNqd7vcN5A2ciCburUERtLU Wc8nAJIk5Uf9PU/RipNMNow5yXHZ8mdOUqjDXkJBvNOvgrzMUp3bWJ5aQwWkHbCI +sw8C5W4KHNpbAAW7ega6tDxV9piEVlwYXFGH6B6ko+tT/L4mcUnB2h4139Dcap4 wnnWbe6i4YA7QspOQbT8iyK6c040gLaV3PmDWY/IcU+IIk4p1ZI= =4hT1 -----END PGP SIGNATURE-----