krb5 (1.8.1+dfsg-2ubuntu0.13) lucid-security; urgency=medium
* SECURITY UPDATE: denial of service via malformed KRB5_PADATA_PK_AS_REQ
AS-REQ request
- src/plugins/preauth/pkinit/pkinit_crypto_openssl.c: don't dereference
null pointer.
- c773d3c775e9b2d88bcdff5f8a8ba88d7ec4e8ed
- CVE-2013-1415
* SECURITY UPDATE: denial of service via crafted TGS-REQ request
- src/kdc/do_tgs_req.c: don't pass null pointer to strlcpy().
- 8ee70ec63931d1e38567905387ab9b1d45734d81
- CVE-2013-1416
* SECURITY UPDATE: multi-realm denial of service via crafted request
- src/kdc/main.c: don't dereference a null pointer.
- c2ccf4197f697c4ff143b8a786acdd875e70a89d
- CVE-2013-1418
- CVE-2013-6800
* SECURITY UPDATE: denial of service via invalid tokens
- src/lib/gssapi/krb5/k5unseal.c, src/lib/gssapi/krb5/k5unsealiov.c:
handle invalid tokens.
- fb99962cbd063ac04c9a9d2cc7c75eab73f3533d
- CVE-2014-4341
- CVE-2014-4342
* SECURITY UPDATE: denial of service via double-free in SPNEGO
- src/lib/gssapi/spnego/spnego_mech.c: fix double-free.
- f18ddf5d82de0ab7591a36e465bc24225776940f
- CVE-2014-4343
* SECURITY UPDATE: denial of service via null deref in SPNEGO acceptor
- src/lib/gssapi/spnego/spnego_mech.c: validate REMAIN.
- 524688ce87a15fc75f87efc8c039ba4c7d5c197b
- CVE-2014-4344
* SECURITY UPDATE: denial of service and possible code execution in
kadmind with LDAP backend
- src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c: fix off-by-one
- 81c332e29f10887c6b9deb065f81ba259f4c7e03
- CVE-2014-4345
Date: 2014-08-08 19:17:20.570845+00:00
Changed-By: Marc Deslauriers <marc.deslauri...@canonical.com>
Signed-By: Ubuntu Archive Robot
<cjwatson+ubuntu-archive-ro...@chiark.greenend.org.uk>
https://launchpad.net/ubuntu/lucid/+source/krb5/1.8.1+dfsg-2ubuntu0.13
Sorry, changesfile not available.
--
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/lucid-changes
