Your message dated Wed, 10 Feb 2016 22:19:13 +0000
with message-id <[email protected]>
and subject line Bug#813296: fixed in krb5 1.10.1+dfsg-5+deb7u7
has caused the Debian Bug report #813296,
regarding krb5: CVE-2015-8629: xdr_nullstring() doesn't check for terminating
null character
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
813296: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813296
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: krb5
Version: 1.10.1+dfsg-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for krb5.
CVE-2015-8629[0]:
xdr_nullstring() doesn't check for terminating null character
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-8629
[1] https://github.com/krb5/krb5/commit/df17a1224a3406f57477bcd372c61e04c0e5a5bb
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: krb5
Source-Version: 1.10.1+dfsg-5+deb7u7
We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated krb5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 31 Jan 2016 13:39:43 +0100
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev
libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2
libgssrpc4 libkadm5srv-mit8 libkadm5clnt-mit8 libk5crypto3 libkdb5-6
libkrb5support0 krb5-gss-samples krb5-locales
Architecture: source all amd64
Version: 1.10.1+dfsg-5+deb7u7
Distribution: wheezy-security
Urgency: high
Maintainer: Sam Hartman <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description:
krb5-admin-server - MIT Kerberos master server (kadmind)
krb5-doc - Documentation for MIT Kerberos
krb5-gss-samples - MIT Kerberos GSS Sample applications
krb5-kdc - MIT Kerberos key server (KDC)
krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
krb5-locales - Internationalization support for MIT Kerberos
krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
krb5-pkinit - PKINIT plugin for MIT Kerberos
krb5-user - Basic programs to authenticate using MIT Kerberos
libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
libkadm5clnt-mit8 - MIT Kerberos runtime libraries - Administration Clients
libkadm5srv-mit8 - MIT Kerberos runtime libraries - KDC and Admin Server
libkdb5-6 - MIT Kerberos runtime libraries - Kerberos database
libkrb5-3 - MIT Kerberos runtime libraries
libkrb5-dbg - Debugging files for MIT Kerberos
libkrb5-dev - Headers and development libraries for MIT Kerberos
libkrb5support0 - MIT Kerberos runtime libraries - Support library
Closes: 813126 813296
Changes:
krb5 (1.10.1+dfsg-5+deb7u7) wheezy-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Verify decoded kadmin C strings [CVE-2015-8629]
CVE-2015-8629: An authenticated attacker can cause kadmind to read
beyond the end of allocated memory by sending a string without a
terminating zero byte. Information leakage may be possible for an
attacker with permission to modify the database. (Closes: #813296)
* Fix leaks in kadmin server stubs [CVE-2015-8631]
CVE-2015-8631: An authenticated attacker can cause kadmind to leak
memory by supplying a null principal name in a request which uses one.
Repeating these requests will eventually cause kadmind to exhaust all
available memory. (Closes: #813126)
Checksums-Sha1:
2e13e07c08dd2e321795d2120e50521fa2c5699e 2938 krb5_1.10.1+dfsg-5+deb7u7.dsc
35bd8e021519007cf240eea0351242516cb761d2 156798
krb5_1.10.1+dfsg-5+deb7u7.debian.tar.gz
a49b966ada737cad5ade8005473103527624d57a 2668968
krb5-doc_1.10.1+dfsg-5+deb7u7_all.deb
3aa2c0f72ea7b70e498c5735275b2f38827169d8 1504092
krb5-locales_1.10.1+dfsg-5+deb7u7_all.deb
cf6b4473fc04c66d222954494518f348615d0401 154040
krb5-user_1.10.1+dfsg-5+deb7u7_amd64.deb
f5290babf83a4050f945d48477d86fede2563cdd 226770
krb5-kdc_1.10.1+dfsg-5+deb7u7_amd64.deb
79d69713d7968271f86a0f4fb307816d53e3b135 121496
krb5-kdc-ldap_1.10.1+dfsg-5+deb7u7_amd64.deb
6c4167a1bf51477696d2fb5f68930396fe3dfda8 124042
krb5-admin-server_1.10.1+dfsg-5+deb7u7_amd64.deb
3129e4506102b35f188ce26ba0154efcaeedcd54 154350
krb5-multidev_1.10.1+dfsg-5+deb7u7_amd64.deb
0370e07a94dbaf27e669acfd3274ef6c2a0df30c 40358
libkrb5-dev_1.10.1+dfsg-5+deb7u7_amd64.deb
5a279b895c488e9465ccb16b3c8fe1f8416ba36a 2210340
libkrb5-dbg_1.10.1+dfsg-5+deb7u7_amd64.deb
e6f38a22ddddd57184f854cd56b200709ac044f6 83218
krb5-pkinit_1.10.1+dfsg-5+deb7u7_amd64.deb
0772a0d2c302c19735eba29cd375d12a71f4ea1c 393868
libkrb5-3_1.10.1+dfsg-5+deb7u7_amd64.deb
4d3826bc7ffed84547fa960ebd75aae38abed4b6 150014
libgssapi-krb5-2_1.10.1+dfsg-5+deb7u7_amd64.deb
e0aae862fb77d50ef75e2458a3e6abf78db3bf96 88212
libgssrpc4_1.10.1+dfsg-5+deb7u7_amd64.deb
b173aa14747256f32de25a649fe49227c094c644 85546
libkadm5srv-mit8_1.10.1+dfsg-5+deb7u7_amd64.deb
470cf453123eb20e43141489ddf926cdd6d48dfb 68748
libkadm5clnt-mit8_1.10.1+dfsg-5+deb7u7_amd64.deb
9943eea567b0184c9000c2aa855daaf78339255f 113270
libk5crypto3_1.10.1+dfsg-5+deb7u7_amd64.deb
4bed0abbaa66ef57f8f6b8b79a2e3cd438b7e721 67788
libkdb5-6_1.10.1+dfsg-5+deb7u7_amd64.deb
17fb2da62255cf997ca57fe5cc13ff70f67add8b 50454
libkrb5support0_1.10.1+dfsg-5+deb7u7_amd64.deb
1cdddb97e3b861d7aae1ab8811759486c64c72d7 52684
krb5-gss-samples_1.10.1+dfsg-5+deb7u7_amd64.deb
Checksums-Sha256:
29b9149c3036b56c71ea311e287e1ab5fc02f65e0a217013310c8c5651ec5059 2938
krb5_1.10.1+dfsg-5+deb7u7.dsc
9f1e2cbe961420558ed4c27ee6c899b1fcca7c144ea3886151f4bc96d175ba7e 156798
krb5_1.10.1+dfsg-5+deb7u7.debian.tar.gz
20d30eb52776e7eda4630d374637e4e7a70617f0e9012cf67de966b84ed435e7 2668968
krb5-doc_1.10.1+dfsg-5+deb7u7_all.deb
a062a031b89a98441a89fed1e8f96d24cf29c10b45eef716e25a63b2ad7d9f46 1504092
krb5-locales_1.10.1+dfsg-5+deb7u7_all.deb
3dacd3f05eba31ca671b6139c317701832d2277ee08fbba6821035106d08660f 154040
krb5-user_1.10.1+dfsg-5+deb7u7_amd64.deb
ede1d932decb41d62bcb38b527d8b073d1dee01513e0503c27031e8d8f588b57 226770
krb5-kdc_1.10.1+dfsg-5+deb7u7_amd64.deb
d48b16f9c38e61a68136cef604f3921453b0da99d895c50c21fc42167fc34c7f 121496
krb5-kdc-ldap_1.10.1+dfsg-5+deb7u7_amd64.deb
594f2bff618fd0765d3d5294ed93629654db4d5e610c8f61f7c147cf47f0f948 124042
krb5-admin-server_1.10.1+dfsg-5+deb7u7_amd64.deb
f60d7c68594a03bf1ba9804e64cbcd39a5adc50c388010aa480f1eeb9fccdaae 154350
krb5-multidev_1.10.1+dfsg-5+deb7u7_amd64.deb
7d90b6e964c90895c36360b18009b3cf56de1446a2a6664bf8a1a51931f2f9f7 40358
libkrb5-dev_1.10.1+dfsg-5+deb7u7_amd64.deb
3507ab0f9c7e6f975ca2c05a75e76aaf1274276df1bfe23fda7c9bf30bfae051 2210340
libkrb5-dbg_1.10.1+dfsg-5+deb7u7_amd64.deb
922e3fd806405aca6070ebe187aee3a080891ca336623ac5dc2cd88537530af2 83218
krb5-pkinit_1.10.1+dfsg-5+deb7u7_amd64.deb
59aefb4890ccf9ec83969601ac02c3586b0cfdf08cbc2bd4eca2d09d66696678 393868
libkrb5-3_1.10.1+dfsg-5+deb7u7_amd64.deb
d54a29bac169a752fed6c55c2672bc40978ba30079e0aeabb9539e7c6bf5d6bf 150014
libgssapi-krb5-2_1.10.1+dfsg-5+deb7u7_amd64.deb
d3bf024e0630a77d42f13f25e6ee654d199647261384b8832abd56288e627a80 88212
libgssrpc4_1.10.1+dfsg-5+deb7u7_amd64.deb
f83bf3960009ce9483be8f528e55f40288e52e9022e631da752356ff44aa9644 85546
libkadm5srv-mit8_1.10.1+dfsg-5+deb7u7_amd64.deb
9180adddf336e81d5fcef8fd5b96de71a956bd0ce8bba04e45ebe89db5b41673 68748
libkadm5clnt-mit8_1.10.1+dfsg-5+deb7u7_amd64.deb
a62330e74af35acbb391d93e489b56ee9c1059ed154f0e1983dd64e75c5d92f5 113270
libk5crypto3_1.10.1+dfsg-5+deb7u7_amd64.deb
a81eb43225486804242ca373dd9a63b094e3917e1330987df8af4dccfd062371 67788
libkdb5-6_1.10.1+dfsg-5+deb7u7_amd64.deb
7336251e8ed091e8274ee7940e5590ea9caa834b958cf04b49436658f7e0218e 50454
libkrb5support0_1.10.1+dfsg-5+deb7u7_amd64.deb
5363b5039458e81bdfabd2354cd48d7dae8b5b0e596ae78c33d93e4719d7e6a4 52684
krb5-gss-samples_1.10.1+dfsg-5+deb7u7_amd64.deb
Files:
72188ba570f1a99516cd6b9250a12a1b 2938 net standard
krb5_1.10.1+dfsg-5+deb7u7.dsc
fc0315ec83e8d73020559f73d3cc2c50 156798 net standard
krb5_1.10.1+dfsg-5+deb7u7.debian.tar.gz
09ec839787aee09ab3dfdf14cbdaa0fb 2668968 doc optional
krb5-doc_1.10.1+dfsg-5+deb7u7_all.deb
faa2ca1ff5daf369d429057efb905596 1504092 localization standard
krb5-locales_1.10.1+dfsg-5+deb7u7_all.deb
7ab6b7dc37978fb20510e65772a426ef 154040 net optional
krb5-user_1.10.1+dfsg-5+deb7u7_amd64.deb
d0de7c0ec7f2e8877d6685899364dbfe 226770 net optional
krb5-kdc_1.10.1+dfsg-5+deb7u7_amd64.deb
6799e44a5bde8c22f4a84173aee82a55 121496 net extra
krb5-kdc-ldap_1.10.1+dfsg-5+deb7u7_amd64.deb
0a53b6f39202b18461953bf3b8c53689 124042 net optional
krb5-admin-server_1.10.1+dfsg-5+deb7u7_amd64.deb
fcd3b8f9a7d7353e246985f9752c2b2f 154350 libdevel optional
krb5-multidev_1.10.1+dfsg-5+deb7u7_amd64.deb
075da199eaeea7b669609ec0925938d7 40358 libdevel extra
libkrb5-dev_1.10.1+dfsg-5+deb7u7_amd64.deb
f2951d8bc1b27688adb299bf8d2da984 2210340 debug extra
libkrb5-dbg_1.10.1+dfsg-5+deb7u7_amd64.deb
981513e2263d11e0adee0dba92eae2f3 83218 net extra
krb5-pkinit_1.10.1+dfsg-5+deb7u7_amd64.deb
0fcddfff36b94031f44a0a242e4c3826 393868 libs standard
libkrb5-3_1.10.1+dfsg-5+deb7u7_amd64.deb
78b8ba2315686bdf38c1f7c4c1db043d 150014 libs standard
libgssapi-krb5-2_1.10.1+dfsg-5+deb7u7_amd64.deb
eac110517496f3d2bdf04a801fcb5586 88212 libs standard
libgssrpc4_1.10.1+dfsg-5+deb7u7_amd64.deb
3a0189ed2b5fe78229fc9ba56fd4973b 85546 libs standard
libkadm5srv-mit8_1.10.1+dfsg-5+deb7u7_amd64.deb
aa4bae65d5b67ae014c75d0456a82928 68748 libs standard
libkadm5clnt-mit8_1.10.1+dfsg-5+deb7u7_amd64.deb
aa4df70b1e455e9a3af268104cacbb0c 113270 libs standard
libk5crypto3_1.10.1+dfsg-5+deb7u7_amd64.deb
0b688a07a3620c3b77fff4c48b0f576e 67788 libs standard
libkdb5-6_1.10.1+dfsg-5+deb7u7_amd64.deb
21cc2471859751abd9c2ef9365a0ee5f 50454 libs standard
libkrb5support0_1.10.1+dfsg-5+deb7u7_amd64.deb
9afaa53ae62a15b2370ab21c251bfc8c 52684 net extra
krb5-gss-samples_1.10.1+dfsg-5+deb7u7_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWsaAOAAoJEAVMuPMTQ89ExXwP/RvVGqMg/JwAnt2/kT4Wt2Lc
UhOi2NgabYlXrVbrpQ3qEUwRhm4dkynAgEGOXS0Oq06OUrwV7PBXYuY7gJo4jhEn
VUNiEOQSN7Ykh1QbIURzjpyhXNTbnuQNrN+OkVrU/9ci1wgmv4KlkegYUCr/RXX1
9ZS/EoY5KJQX513sB9y5BOV9Jn/I6JjTD9bqUvpPbHzrPYPYm4hVgWSKrjFkUybN
bvYtcXOJJNg2Qfk3fkqpil1lHO8FDWumt3sMMwfTLKTcnPhEH2vbljhkbQajNtyD
kR1BORndIpj641ER4DrcVQ5Gh+ZL8bgMInLUo83dI0VjtaqXE3rmXqHM5kbUDSqj
/pNuJA5ES103QaXoSyB1WxCyhLRMwhfC0012COvPDVdeljIdU74LnNefX+7+7lEx
O7Wnzh+8+UYTHiKzF4HdZ2zhKRX4NYGusG0uiozpXziUVGuNnw92KSPLBeJLhzQ9
yr9QUgKaoMxpN4T1rVBsIOye+1rPxIQTAY+h2KVqsJzI4c8k1X2/gn1ew2BUZjrq
awixGuR3bpzSZM0f+4wcu2S12LCnV9z3KqejusTVRS8MkpBLDFMQ+AvyGZetE1K8
y/JXI7FcNmXdTkC5WnRgaOj1DFULRapjh3xp1K+V+RHfIO9TOUHUfmsZvLyFwHqk
sl+HI9L2hEo/i9Ci8ye4
=NJWW
-----END PGP SIGNATURE-----
--- End Message ---
