krb5 (1.19.2-2ubuntu0.7) jammy-security; urgency=medium * SECURITY UPDATE: Use of weak cryptographic hash. - debian/patches/CVE-2025-3576.patch: Add allow_des3 and allow_rc4 options. Disallow usage of des3 and rc4 unless allowed in the config. Replace warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage of deprecated enctypes in ./src/kdc/kdc_util.c. - debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c. - CVE-2025-3576 -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Thu, 15 May 2025 12:06:20 +0200 krb5 (1.19.2-2ubuntu0.6) jammy-security; urgency=medium * SECURITY UPDATE: denial of service via two memory leaks - debian/patches/CVE-2024-26458.patch: fix two unlikely memory leaks in src/lib/gssapi/krb5/k5sealv3.c, src/lib/rpc/pmap_rmt.c. - CVE-2024-26458 - CVE-2024-26461 * SECURITY UPDATE: kadmind DoS via iprop log file - debian/patches/CVE-2025-24528.patch: prevent overflow when calculating ulog block size in src/lib/kdb/kdb_log.c. - CVE-2025-24528 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 25 Feb 2025 12:26:06 -0500 krb5 (1.19.2-2ubuntu0.5) jammy-security; urgency=medium * SECURITY UPDATE: Use of MD5-based message authentication over plaintext communications could lead to forgery attacks. - debian/patches/CVE-2024-3596.patch: Secure Response Authenticator by adding support for the Message-Authenticator attribute in non-EAP authentication methods. - CVE-2024-3596 * Update libk5crypto3 symbols: add k5_hmac_md5 symbol. -- Nicolas Campuzano Jimenez <nicolas.campuzano@canonical.com> Mon, 27 Jan 2025 19:37:24 -0500 krb5 (1.19.2-2ubuntu0.4) jammy-security; urgency=medium * SECURITY UPDATE: Invalid token requests - debian/patches/CVE-2024-37370.patch: Fix vulnerabilities in GSS message token handling - CVE-2024-37370 - CVE-2024-37371 -- Bruce Cable <bruce.cable@canonical.com> Mon, 15 Jul 2024 13:46:10 +1000 krb5 (1.19.2-2ubuntu0.3) jammy-security; urgency=medium * SECURITY UPDATE: freeing of uninitialized memory - debian/patches/CVE-2023-36054.patch: ensure array count consistency in kadm5 RPC. - CVE-2023-36054 -- Camila Camargo de Matos <camila.camargodematos@canonical.com> Tue, 24 Oct 2023 13:59:06 -0300 krb5 (1.19.2-2ubuntu0.2) jammy; urgency=medium * d/kdc.conf: Do not specify master key type to avoid weak crypto for new realms. Existing realms will not be changed. (LP: #1981697) -- Andreas Hasenack <andreas@canonical.com> Thu, 06 Apr 2023 19:21:06 -0300 krb5 (1.19.2-2ubuntu0.1) jammy-security; urgency=medium * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-42898.patch: add buffer length checks in krb5_pac_parse() in src/lib/krb5/krb/pac.c and a test case for invalid buffers in src/lib/krb5/krb/t_pac.c. - CVE-2022-42898 -- Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com> Fri, 20 Jan 2023 08:34:37 -0300 krb5 (1.19.2-2) unstable; urgency=medium * Standards version 4.6.0; no change * kpropd: run after network.target, Closes: #948820 * krb5-kdc: Remove /var from PidFile, Closes: #982009 -- Sam Hartman <hartmans@debian.org> Mon, 21 Feb 2022 13:05:20 -0700 krb5 (1.19.2-1) experimental; urgency=medium * New Upstream version * Include patch to work with OpenSSL 3.0, Closes: #995152 * Depend on tex-gyre, Closes: #997407 -- Sam Hartman <hartmans@debian.org> Wed, 27 Oct 2021 14:04:42 -0600 krb5 (1.18.3-7) unstable; urgency=medium * Fix KDC null dereference crash on FAST request with no server field, CVE-2021-37750, Closes: #992607 * Fix memory leak in krb5_gss_inquire_cred, Closes: #991140 * Add javascript libraries for docs, thanks Andreas Beckmann, Closes: #988743 * Drop build-dependency on libncurses5-dev which hasn't been needed since krb5-appl was removed, Closes: #981161 -- Sam Hartman <hartmans@debian.org> Fri, 27 Aug 2021 08:13:47 -0600 # For older changelog entries, run 'apt-get changelog libkrb5support0'
Generated by dwww version 1.14 on Sat Jun 28 00:42:14 CEST 2025.