diff -Nru krb5-1.19.2/debian/changelog krb5-1.19.2/debian/changelog
--- krb5-1.19.2/debian/changelog	2023-01-20 11:34:37.000000000 +0000
+++ krb5-1.19.2/debian/changelog	2023-10-24 16:59:06.000000000 +0000
@@ -1,3 +1,19 @@
+krb5 (1.19.2-2ubuntu0.3) jammy-security; urgency=medium
+
+  * SECURITY UPDATE: freeing of uninitialized memory
+    - debian/patches/CVE-2023-36054.patch: ensure array count consistency in
+      kadm5 RPC.
+    - CVE-2023-36054
+
+ -- Camila Camargo de Matos <camila.camargodematos@canonical.com>  Tue, 24 Oct 2023 13:59:06 -0300
+
+krb5 (1.19.2-2ubuntu0.2) jammy; urgency=medium
+
+  * d/kdc.conf: Do not specify master key type to avoid weak crypto for
+    new realms. Existing realms will not be changed. (LP: #1981697)
+
+ -- Andreas Hasenack <andreas@canonical.com>  Thu, 06 Apr 2023 19:21:06 -0300
+
 krb5 (1.19.2-2ubuntu0.1) jammy-security; urgency=medium
 
   * SECURITY UPDATE: Integer overflow
diff -Nru krb5-1.19.2/debian/kdc.conf krb5-1.19.2/debian/kdc.conf
--- krb5-1.19.2/debian/kdc.conf	2021-12-14 17:27:28.000000000 +0000
+++ krb5-1.19.2/debian/kdc.conf	2023-04-06 22:19:20.000000000 +0000
@@ -10,7 +10,7 @@
         kdc_ports = 750,88
         max_life = 10h 0m 0s
         max_renewable_life = 7d 0h 0m 0s
-        master_key_type = des3-hmac-sha1
+        #master_key_type = aes256-cts
         #supported_enctypes = aes256-cts:normal aes128-cts:normal
         default_principal_flags = +preauth
     }
diff -Nru krb5-1.19.2/debian/patches/CVE-2023-36054.patch krb5-1.19.2/debian/patches/CVE-2023-36054.patch
--- krb5-1.19.2/debian/patches/CVE-2023-36054.patch	1970-01-01 00:00:00.000000000 +0000
+++ krb5-1.19.2/debian/patches/CVE-2023-36054.patch	2023-10-24 16:13:14.000000000 +0000
@@ -0,0 +1,62 @@
+From ef08b09c9459551aabbe7924fb176f1583053cdd Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Wed, 21 Jun 2023 10:57:39 -0400
+Subject: [PATCH] Ensure array count consistency in kadm5 RPC
+
+In _xdr_kadm5_principal_ent_rec(), ensure that n_key_data matches the
+key_data array count when decoding.  Otherwise when the structure is
+later freed, xdr_array() could iterate over the wrong number of
+elements, either leaking some memory or freeing uninitialized
+pointers.  Reported by Robert Morris.
+
+CVE-2023-36054:
+
+An authenticated attacker can cause a kadmind process to crash by
+freeing uninitialized pointers.  Remote code execution is unlikely.
+An attacker with control of a kadmin server can cause a kadmin client
+to crash by freeing uninitialized pointers.
+
+ticket: 9099 (new)
+tags: pullup
+target_version: 1.21-next
+target_version: 1.20-next
+---
+ src/lib/kadm5/kadm_rpc_xdr.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c
+index 0411c3fd3f4..287cae750f9 100644
+--- a/src/lib/kadm5/kadm_rpc_xdr.c
++++ b/src/lib/kadm5/kadm_rpc_xdr.c
+@@ -390,6 +390,7 @@ _xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp,
+ 			     int v)
+ {
+ 	unsigned int n;
++	bool_t r;
+ 
+ 	if (!xdr_krb5_principal(xdrs, &objp->principal)) {
+ 		return (FALSE);
+@@ -443,6 +444,9 @@ _xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp,
+ 	if (!xdr_krb5_int16(xdrs, &objp->n_key_data)) {
+ 		return (FALSE);
+ 	}
++	if (xdrs->x_op == XDR_DECODE && objp->n_key_data < 0) {
++		return (FALSE);
++	}
+ 	if (!xdr_krb5_int16(xdrs, &objp->n_tl_data)) {
+ 		return (FALSE);
+ 	}
+@@ -451,9 +455,10 @@ _xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp,
+ 		return FALSE;
+ 	}
+ 	n = objp->n_key_data;
+-	if (!xdr_array(xdrs, (caddr_t *) &objp->key_data,
+-		       &n, ~0, sizeof(krb5_key_data),
+-		       xdr_krb5_key_data_nocontents)) {
++	r = xdr_array(xdrs, (caddr_t *) &objp->key_data, &n, objp->n_key_data,
++		      sizeof(krb5_key_data), xdr_krb5_key_data_nocontents);
++	objp->n_key_data = n;
++	if (!r) {
+ 		return (FALSE);
+ 	}
+ 
diff -Nru krb5-1.19.2/debian/patches/series krb5-1.19.2/debian/patches/series
--- krb5-1.19.2/debian/patches/series	2023-01-20 11:33:57.000000000 +0000
+++ krb5-1.19.2/debian/patches/series	2023-10-24 16:13:14.000000000 +0000
@@ -10,3 +10,4 @@
 0011-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch
 0011-Fix-softpkcs11-build-issues-with-openssl-3.0.patch
 CVE-2022-42898.patch
+CVE-2023-36054.patch