krb5 1.10+dfsg~beta1-2ubuntu0.7 source package in Ubuntu

Changelog

krb5 (1.10+dfsg~beta1-2ubuntu0.7) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via udp ping-pong
    - debian/patches/CVE-2002-2443.patch: don't respond to improper packets
      in src/kadmin/server/schpw.c.
    - CVE-2002-2443
  * SECURITY UPDATE: denial of service via incorrect null bytes
    - d/p/0030-Fix-krb5_read_message-handling-CVE-2014-5355.patch:
      properly handle null bytes in src/appl/user_user/server.c,
      src/lib/krb5/krb/recvauth.c.
    - CVE-2015-5355
  * SECURITY UPDATE: SPNEGO context aliasing bugs
    - d/p/0031-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
      improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
      src/lib/gssapi/spnego/spnego_mech.c.
    - d/p/0035-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
      in src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2015-2695
  * SECURITY UPDATE: IAKERB context aliasing bugs
    - d/p/0032-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
      improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - d/p/0033-Fix-two-IAKERB-comments.patch: fix comments in
      src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2696
  * SECURITY UPDATE: KDC crash via invalid string processing
    - d/p/0033-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
      use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
    - CVE-2015-2697
  * SECURITY UPDATE: memory corruption in IAKERB context export/import
    - d/p/0034-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
      dereferencing the context_handle pointer before casting it in
      and implement implement an IAKERB gss_import_sec_context() function
      in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2698

 -- Marc Deslauriers <email address hidden>  Wed, 11 Nov 2015 09:16:52 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Precise
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Precise updates main net
Precise security main net

Downloads

File Size SHA-256 Checksum
krb5_1.10+dfsg~beta1.orig.tar.gz 10.1 MiB a2d5367618d5a4c8ae89f7a2f7eb908494fd39ae55cd4e30e753c9a092541b3a
krb5_1.10+dfsg~beta1-2ubuntu0.7.debian.tar.gz 143.3 KiB a3cf747aa685e3aaeabe200b267aa419ecef2e84efeda0b8a38131f4854ade33
krb5_1.10+dfsg~beta1-2ubuntu0.7.dsc 3.0 KiB fc0b049cc0614baffa77030507e7dcd97e1ccb1c36614f8421303b392bc6b9e1

View changes file

Binary packages built by this source

krb5-admin-server: MIT Kerberos master server (kadmind)

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the Kerberos master server (kadmind), which handles
 account creations and deletions, password changes, and other
 administrative commands via the Kerberos admin protocol. It also
 contains the command used by the master KDC to propagate its database to
 slave KDCs. This package is generally only used on the master KDC for a
 Kerberos realm.

krb5-admin-server-dbgsym: debug symbols for package krb5-admin-server

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the Kerberos master server (kadmind), which handles
 account creations and deletions, password changes, and other
 administrative commands via the Kerberos admin protocol. It also
 contains the command used by the master KDC to propagate its database to
 slave KDCs. This package is generally only used on the master KDC for a
 Kerberos realm.

krb5-doc: Documentation for MIT Kerberos

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the installation, administrator, and user reference
 manuals for MIT Kerberos and the man pages for the MIT Kerberos
 configuration files.

krb5-gss-samples: MIT Kerberos GSS Sample applications

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains bgss-sample and gss-server, programs used to
 test GSS-API mechanisms. These programs are most commonly used in
 testing newly developed GSS-API mechanisms or in testing events
 between Kerberos or GSS implementations.

krb5-gss-samples-dbgsym: debug symbols for package krb5-gss-samples

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains bgss-sample and gss-server, programs used to
 test GSS-API mechanisms. These programs are most commonly used in
 testing newly developed GSS-API mechanisms or in testing events
 between Kerberos or GSS implementations.

krb5-kdc: MIT Kerberos key server (KDC)

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the Kerberos key server (KDC). The KDC manages all
 authentication credentials for a Kerberos realm, holds the master keys
 for the realm, and responds to authentication requests. This package
 should be installed on both master and slave KDCs.

krb5-kdc-dbgsym: debug symbols for package krb5-kdc

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the Kerberos key server (KDC). The KDC manages all
 authentication credentials for a Kerberos realm, holds the master keys
 for the realm, and responds to authentication requests. This package
 should be installed on both master and slave KDCs.

krb5-kdc-ldap: MIT Kerberos key server (KDC) LDAP plugin

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the LDAP plugin for the Kerberos key server (KDC)
 and supporting utilities. This plugin allows the KDC data to be stored
 in an LDAP server rather than the default local database. It should be
 installed on both master and slave KDCs that use LDAP as a storage
 backend.

krb5-kdc-ldap-dbgsym: debug symbols for package krb5-kdc-ldap

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the LDAP plugin for the Kerberos key server (KDC)
 and supporting utilities. This plugin allows the KDC data to be stored
 in an LDAP server rather than the default local database. It should be
 installed on both master and slave KDCs that use LDAP as a storage
 backend.

krb5-locales: Internationalization support for MIT Kerberos

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains internationalized messages for MIT Kerberos.

krb5-multidev: Development files for MIT Kerberos without Heimdal conflict

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 Most users wishing to build applications against MIT Kerberos should
 install libkrb5-dev. However, that package conflicts with heimdal-dev.
 This package installs libraries and headers in /usr/include/mit-krb5 and
 /usr/lib/mit-krb5 and can be installed along side heimdal-multidev, which
 provides the same facilities for Heimdal.

krb5-pkinit: PKINIT plugin for MIT Kerberos

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains a plugin for the PKINIT protocol, which allows
 Kerberos tickets to be obtained using public-key credentials such as
 X.509 certificates or a smart card. This plugin can be used by the
 client libraries and the KDC.

krb5-pkinit-dbgsym: debug symbols for package krb5-pkinit

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains a plugin for the PKINIT protocol, which allows
 Kerberos tickets to be obtained using public-key credentials such as
 X.509 certificates or a smart card. This plugin can be used by the
 client libraries and the KDC.

krb5-user: Basic programs to authenticate using MIT Kerberos

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the basic programs to authenticate to MIT Kerberos,
 change passwords, and talk to the admin server (to create and delete
 principals, list principals, etc.).

krb5-user-dbgsym: debug symbols for package krb5-user

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the basic programs to authenticate to MIT Kerberos,
 change passwords, and talk to the admin server (to create and delete
 principals, list principals, etc.).

libgssapi-krb5-2: MIT Kerberos runtime libraries - krb5 GSS-API Mechanism

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime library for the MIT Kerberos
 implementation of GSS-API used by applications and Kerberos clients.

libgssapi-krb5-2-dbgsym: debug symbols for package libgssapi-krb5-2

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime library for the MIT Kerberos
 implementation of GSS-API used by applications and Kerberos clients.

libgssrpc4: MIT Kerberos runtime libraries - GSS enabled ONCRPC

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains an RPC library used by the Kerberos administrative
 programs and potentially other applications.

libgssrpc4-dbgsym: debug symbols for package libgssrpc4

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains an RPC library used by the Kerberos administrative
 programs and potentially other applications.

libk5crypto3: MIT Kerberos runtime libraries - Crypto Library

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime cryptography libraries used by
 applications and Kerberos clients.

libk5crypto3-dbgsym: debug symbols for package libk5crypto3

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime cryptography libraries used by
 applications and Kerberos clients.

libkadm5clnt-mit8: MIT Kerberos runtime libraries - Administration Clients

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime library used by clients of the Kerberos
 administration protocol.

libkadm5clnt-mit8-dbgsym: debug symbols for package libkadm5clnt-mit8

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime library used by clients of the Kerberos
 administration protocol.

libkadm5srv-mit8: MIT Kerberos runtime libraries - KDC and Admin Server

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime library used by Kerberos administrative
 servers.

libkadm5srv-mit8-dbgsym: debug symbols for package libkadm5srv-mit8

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime library used by Kerberos administrative
 servers.

libkdb5-6: MIT Kerberos runtime libraries - Kerberos database

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the internal Kerberos database libraries.

libkdb5-6-dbgsym: debug symbols for package libkdb5-6

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the internal Kerberos database libraries.

libkrb5-3: MIT Kerberos runtime libraries

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime library for the main Kerberos v5 API
 used by applications and Kerberos clients.

libkrb5-3-dbgsym: debug symbols for package libkrb5-3

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime library for the main Kerberos v5 API
 used by applications and Kerberos clients.

libkrb5-dbg: Debugging files for MIT Kerberos

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the debugging information for the MIT Kerberos
 libraries. Install this package if you need to trace problems inside the
 MIT Kerberos libraries with a debugger.

libkrb5-dev: Headers and development libraries for MIT Kerberos

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the symlinks, headers, and development libraries
 needed to compile and link programs that use the Kerberos libraries.

libkrb53: transitional package for MIT Kerberos libraries

 This package provides transitions to allow previously installed
 packages that do not depend on krb4 libraries to continue to
 function. This package may be removed if unneeded.

libkrb5support0: MIT Kerberos runtime libraries - Support library

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains an internal runtime support library used by other
 Kerberos libraries.

libkrb5support0-dbgsym: debug symbols for package libkrb5support0

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains an internal runtime support library used by other
 Kerberos libraries.