[ubuntu/xenial-updates] krb5 1.13.2+dfsg-5ubuntu2.1 (Accepted)

Ubuntu Archive Robot Mon, 14 Jan 2019 13:29:05 -0800

krb5 (1.13.2+dfsg-5ubuntu2.1) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to
    modify a principal
    - debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on
      empty arg
    - CVE-2016-3119
  * SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request
    - debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon
      is restricted
    - CVE-2016-3120
  * SECURITY UPDATE: KDC assertion failure
    - debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status
      assertion failures
    - debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment
    - CVE-2017-11368
  * SECURITY UPDATE: Double free vulnerability
    - debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept
      failure
    - CVE-2017-11462
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730


Date: 2019-01-14 14:23:16.443521+00:00
Changed-By: Eduardo dos Santos Barretto <eduardo.barre...@canonical.com>
Signed-By: Ubuntu Archive Robot 
<cjwatson+ubuntu-archive-ro...@chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.1

Sorry, changesfile not available.

-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] krb5 1.13.2+dfsg-5ubuntu2.1 (Accepted)

Reply via email to