Package "krb5-otp"
Name: |
krb5-otp
|
Description: |
OTP plugin for MIT Kerberos
|
Latest version: |
1.13.2+dfsg-5ubuntu2.2 |
Release: |
xenial (16.04) |
Level: |
updates |
Repository: |
universe |
Head package: |
krb5 |
Homepage: |
http://web.mit.edu/kerberos/ |
Links
Download "krb5-otp"
Other versions of "krb5-otp" in Xenial
Changelog
krb5 (1.13.2+dfsg-5ubuntu2.2) xenial-security; urgency=medium
* SECURITY UPDATE: Unbounded recursion
- debian/patches/CVE-2020-28196.patch: adds recursion limit for ASN.1
indefinite lenghts in src/lib/krb5/asn.1/asn1_encode.c.
- CVE-2020-28196
-- <email address hidden> (Leonidas S. Barbosa) Wed, 11 Nov 2020 11:24:12 -0300
|
Source diff to previous version |
CVE-2020-28196 |
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb |
|
krb5 (1.13.2+dfsg-5ubuntu2.1) xenial-security; urgency=medium
* SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to
modify a principal
- debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on
empty arg
- CVE-2016-3119
* SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request
- debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon
is restricted
- CVE-2016-3120
* SECURITY UPDATE: KDC assertion failure
- debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status
assertion failures
- debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment
- CVE-2017-11368
* SECURITY UPDATE: Double free vulnerability
- debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept
failure
- CVE-2017-11462
* SECURITY UPDATE: Authenticated kadmin with permission to add principals
to an LDAP Kerberos can DoS or bypass DN container check.
- debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
checking
- CVE-2018-5729
- CVE-2018-5730
-- Eduardo Barretto <email address hidden> Fri, 11 Jan 2019 13:46:00 -0200
|
Source diff to previous version |
CVE-2016-3119 |
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through |
CVE-2016-3120 |
The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14. |
CVE-2017-11368 |
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requ |
CVE-2017-11462 |
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of securi |
CVE-2018-5729 |
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NUL |
CVE-2018-5730 |
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership |
|
krb5 (1.13.2+dfsg-5ubuntu2) xenial; urgency=medium
* Fix segfault in context_handle (LP: #1648901).
- d/p/check_internal_context_on_init_context_errors.patch:
Cherry picked patch from upstream VCS.
-- Eric Desrochers <email address hidden> Mon, 16 Jan 2017 15:06:57 +0100
|
Source diff to previous version |
1648901 |
SPNEGO crash on mechanism failure |
|
krb5 (1.13.2+dfsg-5ubuntu1) xenial; urgency=medium
* d/p/upstream/0001-Add-SPNEGO-special-case-for-NTLMSSP-MechListMIC.patch:
Cherry-pick from upstream to add SPNEGO special case for
NTLMSSP+MechListMIC. LP: #1643708.
-- Steve Langasek <email address hidden> Mon, 21 Nov 2016 17:28:15 -0800
|
1643708 |
Add SPNEGO special case for NTLMSSP+MechListMIC |
|
About
-
Send Feedback to @ubuntu_updates