Ubuntu

“krb5” 1.10+dfsg~beta1-2ubuntu0.3 source package in The Precise Pangolin

Publishing history

1.10+dfsg~beta1-2ubuntu0.3
PUBLISHED: Precise pocket Updates in component main and section net
  • Published on 2012-07-31
  • Copied from ubuntu precise in Private PPA for Ubuntu Security Team
1.10+dfsg~beta1-2ubuntu0.3
PUBLISHED: Precise pocket Security in component main and section net
  • Published on 2012-07-31
  • Copied from ubuntu precise in Private PPA for Ubuntu Security Team

Builds

Changelog

krb5 (1.10+dfsg~beta1-2ubuntu0.3) precise-security; urgency=low

  * SECURITY UPDATE: KDC heap corruption and crash vulnerabilities
    - debian/patches/MITKRB5-SA-2012-001.patch: initialize pointers both
      at allocation and assignment time
    - CVE-2012-1015, CVE-2012-1014
  * SECURITY UPDATE: denial of service in kadmind (LP: #1009422)
    - debian/patches/krb5-CVE-2012-1013.patch: check for null password
    - CVE-2012-1013
  * SECURITY UPDATE: insufficient ACL checking on get_strings/set_string
    - debian/patches/krb5-CVE-2012-1012.patch: make the access
      controls for get_strings/set_string mirror those of
      get_principal/modify_principal
    - CVE-2012-1012
 -- Steve Beattie <email address hidden>   Thu, 26 Jul 2012 14:29:35 -0700