krb5 1.13.2+dfsg-5ubuntu2.1 source package in Ubuntu

Changelog

krb5 (1.13.2+dfsg-5ubuntu2.1) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to
    modify a principal
    - debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on
      empty arg
    - CVE-2016-3119
  * SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request
    - debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon
      is restricted
    - CVE-2016-3120
  * SECURITY UPDATE: KDC assertion failure
    - debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status
      assertion failures
    - debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment
    - CVE-2017-11368
  * SECURITY UPDATE: Double free vulnerability
    - debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept
      failure
    - CVE-2017-11462
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

 -- Eduardo Barretto <email address hidden>  Fri, 11 Jan 2019 13:46:00 -0200

Upload details

Uploaded by:
Eduardo dos Santos Barretto on 2019-01-14
Uploaded to:
Xenial
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Xenial updates on 2019-01-14 main net
Xenial security on 2019-01-14 main net

Downloads

File Size SHA-256 Checksum
krb5_1.13.2+dfsg.orig.tar.gz 11.3 MiB a7af3953e4ab52b17f80bdfc2fc7471b66b512b128520796e2b993554543873a
krb5_1.13.2+dfsg-5ubuntu2.1.debian.tar.xz 110.9 KiB 2536a14f7a186c9076d8fb8053be04842300ab000046b4d53c8fa8c9959f1efd
krb5_1.13.2+dfsg-5ubuntu2.1.dsc 3.4 KiB d32e3a18bd00e7446c67d28c4c70bb96ec80da9b0e9215d4d8531100e1f91952

View changes file

Binary packages built by this source

krb5-admin-server: MIT Kerberos master server (kadmind)

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the Kerberos master server (kadmind), which handles
 account creations and deletions, password changes, and other
 administrative commands via the Kerberos admin protocol. It also
 contains the command used by the master KDC to propagate its database to
 slave KDCs. This package is generally only used on the master KDC for a
 Kerberos realm.

krb5-admin-server-dbgsym: debug symbols for package krb5-admin-server

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the Kerberos master server (kadmind), which handles
 account creations and deletions, password changes, and other
 administrative commands via the Kerberos admin protocol. It also
 contains the command used by the master KDC to propagate its database to
 slave KDCs. This package is generally only used on the master KDC for a
 Kerberos realm.

krb5-doc: Documentation for MIT Kerberos

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the installation, administrator, and user reference
 manuals for MIT Kerberos and the man pages for the MIT Kerberos
 configuration files.

krb5-gss-samples: MIT Kerberos GSS Sample applications

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains bgss-sample and gss-server, programs used to
 test GSS-API mechanisms. These programs are most commonly used in
 testing newly developed GSS-API mechanisms or in testing events
 between Kerberos or GSS implementations.

krb5-gss-samples-dbgsym: debug symbols for package krb5-gss-samples

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains bgss-sample and gss-server, programs used to
 test GSS-API mechanisms. These programs are most commonly used in
 testing newly developed GSS-API mechanisms or in testing events
 between Kerberos or GSS implementations.

krb5-k5tls: TLS plugin for MIT Kerberos

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains a plugin for the TLS functionality used by optional
 functionality in MIT Kerberos. The only current consumer is client support
 for the MS-KKDCP protocol, which tunnels Kerberos protocol traffic through
 an HTTPS proxy.

krb5-k5tls-dbgsym: debug symbols for package krb5-k5tls

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains a plugin for the TLS functionality used by optional
 functionality in MIT Kerberos. The only current consumer is client support
 for the MS-KKDCP protocol, which tunnels Kerberos protocol traffic through
 an HTTPS proxy.

krb5-kdc: MIT Kerberos key server (KDC)

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the Kerberos key server (KDC). The KDC manages all
 authentication credentials for a Kerberos realm, holds the master keys
 for the realm, and responds to authentication requests. This package
 should be installed on both master and slave KDCs.

krb5-kdc-dbgsym: debug symbols for package krb5-kdc

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the Kerberos key server (KDC). The KDC manages all
 authentication credentials for a Kerberos realm, holds the master keys
 for the realm, and responds to authentication requests. This package
 should be installed on both master and slave KDCs.

krb5-kdc-ldap: MIT Kerberos key server (KDC) LDAP plugin

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the LDAP plugin for the Kerberos key server (KDC)
 and supporting utilities. This plugin allows the KDC data to be stored
 in an LDAP server rather than the default local database. It should be
 installed on both master and slave KDCs that use LDAP as a storage
 backend.

krb5-kdc-ldap-dbgsym: debug symbols for package krb5-kdc-ldap

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the LDAP plugin for the Kerberos key server (KDC)
 and supporting utilities. This plugin allows the KDC data to be stored
 in an LDAP server rather than the default local database. It should be
 installed on both master and slave KDCs that use LDAP as a storage
 backend.

krb5-locales: Internationalization support for MIT Kerberos

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains internationalized messages for MIT Kerberos.

krb5-multidev: Development files for MIT Kerberos without Heimdal conflict

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 Most users wishing to build applications against MIT Kerberos should
 install libkrb5-dev. However, that package conflicts with heimdal-dev.
 This package installs libraries and headers in /usr/include/mit-krb5 and
 /usr/lib/mit-krb5 and can be installed along side heimdal-multidev, which
 provides the same facilities for Heimdal.

krb5-multidev-dbgsym: debug symbols for package krb5-multidev

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 Most users wishing to build applications against MIT Kerberos should
 install libkrb5-dev. However, that package conflicts with heimdal-dev.
 This package installs libraries and headers in /usr/include/mit-krb5 and
 /usr/lib/mit-krb5 and can be installed along side heimdal-multidev, which
 provides the same facilities for Heimdal.

krb5-otp: OTP plugin for MIT Kerberos

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains a plugin for the OTP preauthentication method
 (RFC 6560), which allows Kerberos tickets to be obtained using
 One-Time Password authentication. This plugin is for use on the KDC; the
 client support is built in to libkrb5.

krb5-otp-dbgsym: debug symbols for package krb5-otp

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains a plugin for the OTP preauthentication method
 (RFC 6560), which allows Kerberos tickets to be obtained using
 One-Time Password authentication. This plugin is for use on the KDC; the
 client support is built in to libkrb5.

krb5-pkinit: PKINIT plugin for MIT Kerberos

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains a plugin for the PKINIT protocol, which allows
 Kerberos tickets to be obtained using public-key credentials such as
 X.509 certificates or a smart card. This plugin can be used by the
 client libraries and the KDC.

krb5-pkinit-dbgsym: debug symbols for package krb5-pkinit

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains a plugin for the PKINIT protocol, which allows
 Kerberos tickets to be obtained using public-key credentials such as
 X.509 certificates or a smart card. This plugin can be used by the
 client libraries and the KDC.

krb5-user: Basic programs to authenticate using MIT Kerberos

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the basic programs to authenticate to MIT Kerberos,
 change passwords, and talk to the admin server (to create and delete
 principals, list principals, etc.).

krb5-user-dbgsym: debug symbols for package krb5-user

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the basic programs to authenticate to MIT Kerberos,
 change passwords, and talk to the admin server (to create and delete
 principals, list principals, etc.).

libgssapi-krb5-2: MIT Kerberos runtime libraries - krb5 GSS-API Mechanism

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime library for the MIT Kerberos
 implementation of GSS-API used by applications and Kerberos clients.

libgssapi-krb5-2-dbgsym: debug symbols for package libgssapi-krb5-2

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime library for the MIT Kerberos
 implementation of GSS-API used by applications and Kerberos clients.

libgssrpc4: MIT Kerberos runtime libraries - GSS enabled ONCRPC

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains an RPC library used by the Kerberos administrative
 programs and potentially other applications.

libgssrpc4-dbgsym: debug symbols for package libgssrpc4

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains an RPC library used by the Kerberos administrative
 programs and potentially other applications.

libk5crypto3: MIT Kerberos runtime libraries - Crypto Library

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime cryptography libraries used by
 applications and Kerberos clients.

libk5crypto3-dbgsym: debug symbols for package libk5crypto3

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime cryptography libraries used by
 applications and Kerberos clients.

libkadm5clnt-mit9: MIT Kerberos runtime libraries - Administration Clients

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime library used by clients of the Kerberos
 administration protocol.

libkadm5clnt-mit9-dbgsym: debug symbols for package libkadm5clnt-mit9

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime library used by clients of the Kerberos
 administration protocol.

libkadm5srv-mit9: MIT Kerberos runtime libraries - KDC and Admin Server

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime library used by Kerberos administrative
 servers.

libkadm5srv-mit9-dbgsym: debug symbols for package libkadm5srv-mit9

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime library used by Kerberos administrative
 servers.

libkdb5-8: MIT Kerberos runtime libraries - Kerberos database

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the internal Kerberos database libraries.

libkdb5-8-dbgsym: debug symbols for package libkdb5-8

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the internal Kerberos database libraries.

libkrad-dev: MIT Kerberos RADIUS Library Development

 This package includes development headers for libkrad0, the MIT
 Kerberos RADIUS library. You should not use this RADIUS library in
 packages unrelated to MIT Kerberos.

libkrad-dev-dbgsym: debug symbols for package libkrad-dev

 This package includes development headers for libkrad0, the MIT
 Kerberos RADIUS library. You should not use this RADIUS library in
 packages unrelated to MIT Kerberos.

libkrad0: MIT Kerberos runtime libraries - RADIUS library

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the internal support library for RADIUS functionality.

libkrad0-dbgsym: debug symbols for package libkrad0

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the internal support library for RADIUS functionality.

libkrb5-3: MIT Kerberos runtime libraries

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime library for the main Kerberos v5 API
 used by applications and Kerberos clients.

libkrb5-3-dbgsym: debug symbols for package libkrb5-3

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the runtime library for the main Kerberos v5 API
 used by applications and Kerberos clients.

libkrb5-dbg: Debugging files for MIT Kerberos

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the debugging information for the MIT Kerberos
 libraries. Install this package if you need to trace problems inside the
 MIT Kerberos libraries with a debugger.

libkrb5-dev: Headers and development libraries for MIT Kerberos

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the symlinks, headers, and development libraries
 needed to compile and link programs that use the Kerberos libraries.

libkrb5-dev-dbgsym: debug symbols for package libkrb5-dev

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains the symlinks, headers, and development libraries
 needed to compile and link programs that use the Kerberos libraries.

libkrb5support0: MIT Kerberos runtime libraries - Support library

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains an internal runtime support library used by other
 Kerberos libraries.

libkrb5support0-dbgsym: debug symbols for package libkrb5support0

 Kerberos is a system for authenticating users and services on a network.
 Kerberos is a trusted third-party service. That means that there is a
 third party (the Kerberos server) that is trusted by all the entities on
 the network (users and services, usually called "principals").
 .
 This is the MIT reference implementation of Kerberos V5.
 .
 This package contains an internal runtime support library used by other
 Kerberos libraries.