krb5 (1.19.2-2ubuntu0.7) jammy-security; urgency=medium
* SECURITY UPDATE: Use of weak cryptographic hash.
- debian/patches/CVE-2025-3576.patch: Add allow_des3 and allow_rc4 options.
Disallow usage of des3 and rc4 unless allowed in the config. Replace
warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add
allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage
of deprecated enctypes in ./src/kdc/kdc_util.c.
- debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with
ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.
- CVE-2025-3576
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Thu, 15 May 2025 12:06:20 +0200
krb5 (1.19.2-2ubuntu0.6) jammy-security; urgency=medium
* SECURITY UPDATE: denial of service via two memory leaks
- debian/patches/CVE-2024-26458.patch: fix two unlikely memory leaks in
src/lib/gssapi/krb5/k5sealv3.c, src/lib/rpc/pmap_rmt.c.
- CVE-2024-26458
- CVE-2024-26461
* SECURITY UPDATE: kadmind DoS via iprop log file
- debian/patches/CVE-2025-24528.patch: prevent overflow when
calculating ulog block size in src/lib/kdb/kdb_log.c.
- CVE-2025-24528
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 25 Feb 2025 12:26:06 -0500
krb5 (1.19.2-2ubuntu0.5) jammy-security; urgency=medium
* SECURITY UPDATE: Use of MD5-based message authentication over plaintext
communications could lead to forgery attacks.
- debian/patches/CVE-2024-3596.patch: Secure Response Authenticator
by adding support for the Message-Authenticator attribute in non-EAP
authentication methods.
- CVE-2024-3596
* Update libk5crypto3 symbols: add k5_hmac_md5 symbol.
-- Nicolas Campuzano Jimenez <nicolas.campuzano@canonical.com> Mon, 27 Jan 2025 19:37:24 -0500
krb5 (1.19.2-2ubuntu0.4) jammy-security; urgency=medium
* SECURITY UPDATE: Invalid token requests
- debian/patches/CVE-2024-37370.patch: Fix vulnerabilities in GSS
message token handling
- CVE-2024-37370
- CVE-2024-37371
-- Bruce Cable <bruce.cable@canonical.com> Mon, 15 Jul 2024 13:46:10 +1000
krb5 (1.19.2-2ubuntu0.3) jammy-security; urgency=medium
* SECURITY UPDATE: freeing of uninitialized memory
- debian/patches/CVE-2023-36054.patch: ensure array count consistency in
kadm5 RPC.
- CVE-2023-36054
-- Camila Camargo de Matos <camila.camargodematos@canonical.com> Tue, 24 Oct 2023 13:59:06 -0300
krb5 (1.19.2-2ubuntu0.2) jammy; urgency=medium
* d/kdc.conf: Do not specify master key type to avoid weak crypto for
new realms. Existing realms will not be changed. (LP: #1981697)
-- Andreas Hasenack <andreas@canonical.com> Thu, 06 Apr 2023 19:21:06 -0300
krb5 (1.19.2-2ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-42898.patch: add buffer length checks in
krb5_pac_parse() in src/lib/krb5/krb/pac.c and a test case for
invalid buffers in src/lib/krb5/krb/t_pac.c.
- CVE-2022-42898
-- Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com> Fri, 20 Jan 2023 08:34:37 -0300
krb5 (1.19.2-2) unstable; urgency=medium
* Standards version 4.6.0; no change
* kpropd: run after network.target, Closes: #948820
* krb5-kdc: Remove /var from PidFile, Closes: #982009
-- Sam Hartman <hartmans@debian.org> Mon, 21 Feb 2022 13:05:20 -0700
krb5 (1.19.2-1) experimental; urgency=medium
* New Upstream version
* Include patch to work with OpenSSL 3.0, Closes: #995152
* Depend on tex-gyre, Closes: #997407
-- Sam Hartman <hartmans@debian.org> Wed, 27 Oct 2021 14:04:42 -0600
krb5 (1.18.3-7) unstable; urgency=medium
* Fix KDC null dereference crash on FAST request with no server field,
CVE-2021-37750, Closes: #992607
* Fix memory leak in krb5_gss_inquire_cred, Closes: #991140
* Add javascript libraries for docs, thanks Andreas Beckmann, Closes: #988743
* Drop build-dependency on libncurses5-dev which hasn't been needed
since krb5-appl was removed, Closes: #981161
-- Sam Hartman <hartmans@debian.org> Fri, 27 Aug 2021 08:13:47 -0600
# For older changelog entries, run 'apt-get changelog krb5-locales'
Generated by dwww version 1.14 on Wed Aug 27 10:04:36 CEST 2025.