This bug was fixed in the package krb5 - 1.13.2+dfsg-5
Sponsored for Sam Hartman (hartmans)
---------------
krb5 (1.13.2+dfsg-5) unstable; urgency=high
* Security Update
* Verify decoded kadmin C strings [CVE-2015-8629]
CVE-2015-8629: An authenticated attacker can cause kadmind to read
beyond the end of allocated memory by sending a string without a
terminating zero byte. Information leakage may be possible for an
attacker with permission to modify the database. (Closes: #813296)
* Check for null kadm5 policy name [CVE-2015-8630]
CVE-2015-8630: An authenticated attacker with permission to modify a
principal entry can cause kadmind to dereference a null pointer by
supplying a null policy value but including KADM5_POLICY in the mask.
(Closes: #813127)
* Fix leaks in kadmin server stubs [CVE-2015-8631]
CVE-2015-8631: An authenticated attacker can cause kadmind to leak
memory by supplying a null principal name in a request which uses one.
Repeating these requests will eventually cause kadmind to exhaust all
available memory. (Closes: #813126)
-- Sam Hartman <hartm...@debian.org> Tue, 23 Feb 2016 08:54:09 -0500
** Changed in: krb5 (Ubuntu)
Status: New => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8629
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8630
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8631
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1550470
Title:
Sync krb5 1.13.2+dfsg-5 (main) from Debian unstable (main)
Status in krb5 package in Ubuntu:
Fix Released
Bug description:
Please sync krb5 1.13.2+dfsg-5 (main) from Debian unstable (main)
This includes a number of security updates (along with no other
changes) it would be good to pick up.
Changelog entries since current xenial version 1.13.2+dfsg-4:
krb5 (1.13.2+dfsg-5) unstable; urgency=high
* Security Update
* Verify decoded kadmin C strings [CVE-2015-8629]
CVE-2015-8629: An authenticated attacker can cause kadmind to read
beyond the end of allocated memory by sending a string without a
terminating zero byte. Information leakage may be possible for an
attacker with permission to modify the database. (Closes: #813296)
* Check for null kadm5 policy name [CVE-2015-8630]
CVE-2015-8630: An authenticated attacker with permission to modify a
principal entry can cause kadmind to dereference a null pointer by
supplying a null policy value but including KADM5_POLICY in the mask.
(Closes: #813127)
* Fix leaks in kadmin server stubs [CVE-2015-8631]
CVE-2015-8631: An authenticated attacker can cause kadmind to leak
memory by supplying a null principal name in a request which uses one.
Repeating these requests will eventually cause kadmind to exhaust all
available memory. (Closes: #813126)
-- Sam Hartman <hartm...@debian.org> Tue, 23 Feb 2016 08:54:09 -0500
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1550470/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
