Your message dated Mon, 22 Feb 2016 19:21:51 +0000
with message-id <[email protected]>
and subject line Bug#813296: fixed in krb5 1.8.3+dfsg-4squeeze11
has caused the Debian Bug report #813296,
regarding krb5: CVE-2015-8629: xdr_nullstring() doesn't check for terminating
null character
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
813296: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813296
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: krb5
Version: 1.10.1+dfsg-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for krb5.
CVE-2015-8629[0]:
xdr_nullstring() doesn't check for terminating null character
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-8629
[1] https://github.com/krb5/krb5/commit/df17a1224a3406f57477bcd372c61e04c0e5a5bb
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: krb5
Source-Version: 1.8.3+dfsg-4squeeze11
We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thorsten Alteholz <[email protected]> (supplier of updated krb5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 22 Feb 2016 18:00:24 +0100
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev
libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2
libgssrpc4 libkadm5srv-mit7 libkadm5clnt-mit7 libk5crypto3 libkdb5-4
libkrb5support0 libkrb53
Architecture: source all i386
Version: 1.8.3+dfsg-4squeeze11
Distribution: squeeze-lts
Urgency: medium
Maintainer: Sam Hartman <[email protected]>
Changed-By: Thorsten Alteholz <[email protected]>
Description:
krb5-admin-server - MIT Kerberos master server (kadmind)
krb5-doc - Documentation for MIT Kerberos
krb5-kdc - MIT Kerberos key server (KDC)
krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
krb5-pkinit - PKINIT plugin for MIT Kerberos
krb5-user - Basic programs to authenticate using MIT Kerberos
libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
libkadm5clnt-mit7 - MIT Kerberos runtime libraries - Administration Clients
libkadm5srv-mit7 - MIT Kerberos runtime libraries - KDC and Admin Server
libkdb5-4 - MIT Kerberos runtime libraries - Kerberos database
libkrb5-3 - MIT Kerberos runtime libraries
libkrb5-dbg - Debugging files for MIT Kerberos
libkrb5-dev - Headers and development libraries for MIT Kerberos
libkrb53 - transitional package for MIT Kerberos libraries
libkrb5support0 - MIT Kerberos runtime libraries - Support library
Closes: 813126 813296
Changes:
krb5 (1.8.3+dfsg-4squeeze11) squeeze-lts; urgency=medium
.
* Non-maintainer upload by the Squeeze LTS Team.
* patches taken from the Wheezy version
(prepared by Salvatore Bonaccorso)
* Verify decoded kadmin C strings [CVE-2015-8629]
CVE-2015-8629: An authenticated attacker can cause kadmind to read
beyond the end of allocated memory by sending a string without a
terminating zero byte. Information leakage may be possible for an
attacker with permission to modify the database. (Closes: #813296)
* Fix leaks in kadmin server stubs [CVE-2015-8631]
CVE-2015-8631: An authenticated attacker can cause kadmind to leak
memory by supplying a null principal name in a request which uses one.
Repeating these requests will eventually cause kadmind to exhaust all
available memory. (Closes: #813126)
Checksums-Sha1:
e447438589ae9a9817bd0a35cc6c4381643bc543 2367 krb5_1.8.3+dfsg-4squeeze11.dsc
58ebe5245c9bb07d170d84aca534a88c17ffd199 11564633 krb5_1.8.3+dfsg.orig.tar.gz
4d0898d4819311a803d5a27228caa8df74ac0b81 123436
krb5_1.8.3+dfsg-4squeeze11.diff.gz
b9f69c97577eb1b0a4a37d01f07b6984ec270e62 2259540
krb5-doc_1.8.3+dfsg-4squeeze11_all.deb
e86cd50578cc070ed97133af63fb336199da122c 1374666
libkrb53_1.8.3+dfsg-4squeeze11_all.deb
958038d20999b6b4eafdb35edb3d2b69daf764b1 131064
krb5-user_1.8.3+dfsg-4squeeze11_i386.deb
bd7e7e300dd8f6fc9ed2037b62149bc5b3814b40 204426
krb5-kdc_1.8.3+dfsg-4squeeze11_i386.deb
c52f5911d81314f85b172a33be78f513cff86753 114552
krb5-kdc-ldap_1.8.3+dfsg-4squeeze11_i386.deb
9ba9aee5cea42a329feace82a106877ae945b69f 107680
krb5-admin-server_1.8.3+dfsg-4squeeze11_i386.deb
632b898250473ca622df6f57ae5747c44c6011c6 104624
krb5-multidev_1.8.3+dfsg-4squeeze11_i386.deb
b32737ebcd75243cb798a1c5046579194fd95c4a 38502
libkrb5-dev_1.8.3+dfsg-4squeeze11_i386.deb
a237f31facf1e02314c759a211281e9adff76edb 1613484
libkrb5-dbg_1.8.3+dfsg-4squeeze11_i386.deb
ec59a25604e35fea03edf009ba019d6860ea5839 75726
krb5-pkinit_1.8.3+dfsg-4squeeze11_i386.deb
32e788de15ae75ff8fa179240ab68bcc9738077b 357080
libkrb5-3_1.8.3+dfsg-4squeeze11_i386.deb
d705bc3e9b4c6483fb39ff4517b70d9247490004 123966
libgssapi-krb5-2_1.8.3+dfsg-4squeeze11_i386.deb
9b4774b86e6f3c2b913d395dad6cac17cd2b5b09 78116
libgssrpc4_1.8.3+dfsg-4squeeze11_i386.deb
8ea08a8e398cb035a3d5256bd3205b6c1a058d54 75098
libkadm5srv-mit7_1.8.3+dfsg-4squeeze11_i386.deb
509e0b215b13048311c2e3757824a2940841fe70 61856
libkadm5clnt-mit7_1.8.3+dfsg-4squeeze11_i386.deb
c47214903aa2d608fd7c1b8fb88b65f4d291420c 99160
libk5crypto3_1.8.3+dfsg-4squeeze11_i386.deb
530940b2fa1ed2dc9b6a9dd409888c2fb3cdee95 61932
libkdb5-4_1.8.3+dfsg-4squeeze11_i386.deb
329bd23cb66f23b3da30450814130c6457e3ad17 45086
libkrb5support0_1.8.3+dfsg-4squeeze11_i386.deb
Checksums-Sha256:
aea9ffde7af0d9e24247012e89d6d301bd8979060ff46128dd73b40842bd7081 2367
krb5_1.8.3+dfsg-4squeeze11.dsc
ed8b74faedee22ab961c6acaea17e5801aa89dc904a44457ef13bb5a297c83eb 11564633
krb5_1.8.3+dfsg.orig.tar.gz
514a90bf45811ea455bda34789204edd4031541e424291447fad13c5ee5399b5 123436
krb5_1.8.3+dfsg-4squeeze11.diff.gz
f6faa1cce7089bd7c5a652ea219c1affcaca3cc0ef03ab0632cefefc4e15677a 2259540
krb5-doc_1.8.3+dfsg-4squeeze11_all.deb
76c49e5aec9b86fb9de5f3a3a47c5cbb595903b42ad5b9c67bfe2560031ba3ec 1374666
libkrb53_1.8.3+dfsg-4squeeze11_all.deb
dac3ec4157023647a7059e726549d699f59770780a00344b245fc899a2962a50 131064
krb5-user_1.8.3+dfsg-4squeeze11_i386.deb
28e41ee19fc86cbc7374724ef1d06d15de552ad03fdebbdaf6424d5d09ca9b9f 204426
krb5-kdc_1.8.3+dfsg-4squeeze11_i386.deb
eef00ee1c2e705a77f47a796c4c2a62c372f1f36e4e8c90bdba12974338d2934 114552
krb5-kdc-ldap_1.8.3+dfsg-4squeeze11_i386.deb
48816cea81e1042b74da4d52942d0cba4f82f421ea752c2b12798b5d1712c312 107680
krb5-admin-server_1.8.3+dfsg-4squeeze11_i386.deb
530595107284f55b4433c56d4e82258215ec7da2f8e8fdda06be5f75b80321b1 104624
krb5-multidev_1.8.3+dfsg-4squeeze11_i386.deb
d9d6d7c8f487979d8aa3219f4c343e89a06e77762a4331ce2c7270e0d989e44d 38502
libkrb5-dev_1.8.3+dfsg-4squeeze11_i386.deb
ca0bb415be516a66834af5c0aaf1c5671af9d88599c84a1d988df11b03300622 1613484
libkrb5-dbg_1.8.3+dfsg-4squeeze11_i386.deb
bf3425a8fcf752487780162a7a9626e22b9854ad47075e87c156224b56477179 75726
krb5-pkinit_1.8.3+dfsg-4squeeze11_i386.deb
ccdfa8e1014e7a87ac1e346a18a68f3f913bbbd045bdf7a3a73496e3687ae589 357080
libkrb5-3_1.8.3+dfsg-4squeeze11_i386.deb
655dbe5488ebce52f0da447a7378ce917eaeb973602943bb5c601d4c8aaafc03 123966
libgssapi-krb5-2_1.8.3+dfsg-4squeeze11_i386.deb
3153d5ac5d002e25b0fab807e6e4f8c67a7190afa2e111d6388b12b6965ef5d8 78116
libgssrpc4_1.8.3+dfsg-4squeeze11_i386.deb
1fbcad62f6275b4153c09f0d7f8a0db36883c40b2afa98428ca0758cb2380650 75098
libkadm5srv-mit7_1.8.3+dfsg-4squeeze11_i386.deb
98ec9d5a0a5f2e0832d4e818cd9090b482873fefb1e91e6ca8e568c65abd5b56 61856
libkadm5clnt-mit7_1.8.3+dfsg-4squeeze11_i386.deb
a396ba2e91908a6f9e65cd6b7e7482a1884ebad5718b9aec44e92a32eae0f045 99160
libk5crypto3_1.8.3+dfsg-4squeeze11_i386.deb
459ee3a20bce6bc8b6f6b7b9197b5596a1ed431aa1e578e94e9ff345ec6ee7f7 61932
libkdb5-4_1.8.3+dfsg-4squeeze11_i386.deb
06175075fd825800e1eeaa4e4fb28cff55454aee9e43aa368ac2c75ab5702a9b 45086
libkrb5support0_1.8.3+dfsg-4squeeze11_i386.deb
Files:
81ee8192b3162d4de6f81343185fe7fa 2367 net standard
krb5_1.8.3+dfsg-4squeeze11.dsc
a8bba2ef00a4afb18a2bdeec1deb6462 11564633 net standard
krb5_1.8.3+dfsg.orig.tar.gz
ad1e9f3565d6458084dd8322a12fac90 123436 net standard
krb5_1.8.3+dfsg-4squeeze11.diff.gz
7804e1b50546e26edd63d2e2cc10b417 2259540 doc optional
krb5-doc_1.8.3+dfsg-4squeeze11_all.deb
095a6d03377f7eb5fcdde4a49911b665 1374666 oldlibs extra
libkrb53_1.8.3+dfsg-4squeeze11_all.deb
14411cf09c177af50af44479cec4fecb 131064 net optional
krb5-user_1.8.3+dfsg-4squeeze11_i386.deb
67dba8146a6edbd134196d47a0b6fe21 204426 net optional
krb5-kdc_1.8.3+dfsg-4squeeze11_i386.deb
775f8aea59d5cb8176c84542a8a80ebd 114552 net extra
krb5-kdc-ldap_1.8.3+dfsg-4squeeze11_i386.deb
5f519f220fd560532e5ecb3a62594fd0 107680 net optional
krb5-admin-server_1.8.3+dfsg-4squeeze11_i386.deb
153b8affc41b071d1f6e055936d28003 104624 libdevel optional
krb5-multidev_1.8.3+dfsg-4squeeze11_i386.deb
7ed324564f8395c0bfaefd7094c15e9d 38502 libdevel extra
libkrb5-dev_1.8.3+dfsg-4squeeze11_i386.deb
e3671d513e5ff943355df3f72ed087ad 1613484 debug extra
libkrb5-dbg_1.8.3+dfsg-4squeeze11_i386.deb
b06529f947ce347d511a301974c8b656 75726 net extra
krb5-pkinit_1.8.3+dfsg-4squeeze11_i386.deb
d605546dddb7ae8c08a3ce0a552cfff9 357080 libs standard
libkrb5-3_1.8.3+dfsg-4squeeze11_i386.deb
f16aa5a6997155d71284e19e86fe2317 123966 libs standard
libgssapi-krb5-2_1.8.3+dfsg-4squeeze11_i386.deb
c54b98d811cf712841ed17eb2ec351af 78116 libs standard
libgssrpc4_1.8.3+dfsg-4squeeze11_i386.deb
85d0530da788e404d9b3b3324f8862a9 75098 libs standard
libkadm5srv-mit7_1.8.3+dfsg-4squeeze11_i386.deb
481fd416bae13bb45ae4eecc71f163a4 61856 libs standard
libkadm5clnt-mit7_1.8.3+dfsg-4squeeze11_i386.deb
002d413af53c5e5b876331f57cbbad3e 99160 libs standard
libk5crypto3_1.8.3+dfsg-4squeeze11_i386.deb
57033a7245b2ea5d34ef657a56fce4ba 61932 libs standard
libkdb5-4_1.8.3+dfsg-4squeeze11_i386.deb
115e04f9d8f675d2494aa637b4156370 45086 libs standard
libkrb5support0_1.8.3+dfsg-4squeeze11_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJWy1gXXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH9roQAJ9AMO5Lz4k9XslGoBvsu3nL
jq0y5Ao0BkAHqblwivaHw4zdY+vIxUXl6l91VTEiNtStZih9usXxnKuE3GSbboaA
AZAH0YTx6lV9oISFYrZ3W4feU5q8Ld831csxC60p4rP8PVwWlDOT1Q2W8hYUZfVa
VwZ/FMjGvHmM6cUCtHJUb/WwxGjZ8Ih/D7Pc5+v5CttrfKFqSDBkhDh25v/y94/K
rhnczJo9CltEqDdhFPPvahiSQQ3UkT4eXaWVbLp1/MLy1Kh9PhW1ry7xD3UJkIRN
hEGWU/9gxBIAydHzvtfv9i4REwlkroukYSG9fheriwm9CZ4wSsaMOQvvc2oEdXJc
PIsLxwWPeydxibIsXaXpFa77e8AorXR5txIMu6elmAiYF01aK+zXokVsovaoeNtV
O2DMyHnztdaMztqnpNfmHyFC5JZPLeIJFkLp4wOgQloTWI5lkArTsC0avMNNX+lf
Kz6ybpGf16QdSk0HCppMIW9NZDmLvhOvPpb4wg25XrYHD6ym3xXrFB+zIFOrpWvC
EZ4yUhlwLShTiq4tA9pYDET52Z7biesfKxrGcNxC4PMJm9K/l7k5zAe5D0zz+bcc
7oGGEO/pvwbI10KAJAJ9j9IPZhtPLzS3/VZSmbttmZAiZuIuVmWHplKicudOenIq
zgJpy0MwRZfJdVXS2N7O
=Fb3i
-----END PGP SIGNATURE-----
--- End Message ---
