Public bug reported: Please sync krb5 1.13.2+dfsg-5 (main) from Debian unstable (main)
This includes a number of security updates (along with no other changes) it would be good to pick up. Changelog entries since current xenial version 1.13.2+dfsg-4: krb5 (1.13.2+dfsg-5) unstable; urgency=high * Security Update * Verify decoded kadmin C strings [CVE-2015-8629] CVE-2015-8629: An authenticated attacker can cause kadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database. (Closes: #813296) * Check for null kadm5 policy name [CVE-2015-8630] CVE-2015-8630: An authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying a null policy value but including KADM5_POLICY in the mask. (Closes: #813127) * Fix leaks in kadmin server stubs [CVE-2015-8631] CVE-2015-8631: An authenticated attacker can cause kadmind to leak memory by supplying a null principal name in a request which uses one. Repeating these requests will eventually cause kadmind to exhaust all available memory. (Closes: #813126) -- Sam Hartman <hartm...@debian.org> Tue, 23 Feb 2016 08:54:09 -0500 ** Affects: krb5 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1550470 Title: Sync krb5 1.13.2+dfsg-5 (main) from Debian unstable (main) Status in krb5 package in Ubuntu: New Bug description: Please sync krb5 1.13.2+dfsg-5 (main) from Debian unstable (main) This includes a number of security updates (along with no other changes) it would be good to pick up. Changelog entries since current xenial version 1.13.2+dfsg-4: krb5 (1.13.2+dfsg-5) unstable; urgency=high * Security Update * Verify decoded kadmin C strings [CVE-2015-8629] CVE-2015-8629: An authenticated attacker can cause kadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database. (Closes: #813296) * Check for null kadm5 policy name [CVE-2015-8630] CVE-2015-8630: An authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying a null policy value but including KADM5_POLICY in the mask. (Closes: #813127) * Fix leaks in kadmin server stubs [CVE-2015-8631] CVE-2015-8631: An authenticated attacker can cause kadmind to leak memory by supplying a null principal name in a request which uses one. Repeating these requests will eventually cause kadmind to exhaust all available memory. (Closes: #813126) -- Sam Hartman <hartm...@debian.org> Tue, 23 Feb 2016 08:54:09 -0500 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1550470/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp