Bug#613487: marked as done (krb5: kdc kpropd and ldap backend DoS vulnerabilities (CVE-2010-4022, CVE-2011-0281, CVE-2011-0282))

Debian Bug Tracking System Tue, 07 Jun 2011 18:57:46 -0700

Your message dated Wed, 08 Jun 2011 01:54:38 +0000
with message-id <e1qu7yg-000874...@franck.debian.org>
and subject line Bug#613487: fixed in krb5 1.8.3+dfsg-4squeeze1
has caused the Debian Bug report #613487,
regarding krb5: kdc kpropd and ldap backend DoS vulnerabilities (CVE-2010-4022, 
CVE-2011-0281, CVE-2011-0282)
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
613487: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=613487
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: krb5
Version: 1.8.3+dfsg-4
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu natty ubuntu-patch

Attached patches are taken from
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2011-001.txt and
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2011-002.txt which fix
CVE-2010-4022, CVE-2011-0281, and CVE-2011-0282. (CVE-2011-0283
only applies to krb5 1.9.x.)

Thanks!

*** /home/steve/tmp/tmpJ0rjIg
In Ubuntu, we've applied the attached patch to achieve the following:

  * SECURITY UPDATE: kpropd denial of service via invalid network input
    - src/slave/kpropd.c: don't return on kpropd child exit; applied
      inline.
    - CVE-2010-4022
    - MITKRB5-SA-2011-001
  * SECURITY UPDATE: kdc denial of service from unauthenticated remote
    attackers
    - src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h,
      src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c,
      src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c,
      src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:
      applied inline
    - CVE-2011-0281
    - CVE-2011-0282
    - MITKRB5-SA-2011-002

We thought you might be interested in doing the same. 


-- System Information:
Debian Release: squeeze/sid
  APT prefers maverick-updates
  APT policy: (500, 'maverick-updates'), (500, 'maverick-security'), (500, 
'maverick-proposed'), (500, 'maverick')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.35-24-server (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -u krb5-1.8.3+dfsg/src/slave/kpropd.c krb5-1.8.3+dfsg/src/slave/kpropd.c
--- krb5-1.8.3+dfsg/src/slave/kpropd.c
+++ krb5-1.8.3+dfsg/src/slave/kpropd.c
@@ -398,11 +398,11 @@
             }
 
             close(s);
-            if (iproprole == IPROP_SLAVE)
+            if (iproprole == IPROP_SLAVE) {
                 close(finet);
-
-            if ((ret = WEXITSTATUS(status)) != 0)
-                return (ret);
+                if ((ret = WEXITSTATUS(status)) != 0)
+                    return (ret);
+            }
         }
         if (iproprole == IPROP_SLAVE)
             break;
only in patch2:
unchanged:
--- krb5-1.8.3+dfsg.orig/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+++ krb5-1.8.3+dfsg/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
@@ -103,10 +103,10 @@
                         unsigned int flags, krb5_db_entry *entries,
                         int *nentries, krb5_boolean *more)
 {
-    char                        *user=NULL, *filter=NULL, **subtree=NULL;
+    char                        *user=NULL, *filter=NULL, *filtuser=NULL;
     unsigned int                tree=0, ntrees=1, princlen=0;
     krb5_error_code             tempst=0, st=0;
-    char                        **values=NULL, *cname=NULL;
+    char                        **values=NULL, **subtree=NULL, *cname=NULL;
     LDAP                        *ld=NULL;
     LDAPMessage                 *result=NULL, *ent=NULL;
     krb5_ldap_context           *ldap_context=NULL;
@@ -142,12 +142,18 @@
     if ((st=krb5_ldap_unparse_principal_name(user)) != 0)
         goto cleanup;
 
-    princlen = strlen(FILTER) + strlen(user) + 2 + 1;      /* 2 for closing brackets */
+    filtuser = ldap_filter_correct(user);
+    if (filtuser == NULL) {
+        st = ENOMEM;
+        goto cleanup;
+    }
+
+    princlen = strlen(FILTER) + strlen(filtuser) + 2 + 1;  /* 2 for closing brackets */
     if ((filter = malloc(princlen)) == NULL) {
         st = ENOMEM;
         goto cleanup;
     }
-    snprintf(filter, princlen, FILTER"%s))", user);
+    snprintf(filter, princlen, FILTER"%s))", filtuser);
 
     if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntrees)) != 0)
         goto cleanup;
@@ -231,6 +237,9 @@
     if (user)
         free(user);
 
+    if (filtuser)
+        free(filtuser);
+
     if (cname)
         free(cname);
 
only in patch2:
unchanged:
--- krb5-1.8.3+dfsg.orig/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
+++ krb5-1.8.3+dfsg/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
@@ -102,14 +102,18 @@
 #define LDAP_SEARCH(base, scope, filter, attrs)   LDAP_SEARCH_1(base, scope, filter, attrs, CHECK_STATUS)
 
 #define LDAP_SEARCH_1(base, scope, filter, attrs, status_check)         \
-    do {                                                                \
-        st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, NULL, &timelimit, LDAP_NO_LIMIT, &result); \
-        if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \
-            tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \
-            if (ldap_server_handle)                                     \
-                ld = ldap_server_handle->ldap_handle;                   \
-        }                                                               \
-    }while (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR && tempst == 0); \
+    tempst = 0;                                                         \
+    st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL,     \
+                           NULL, &timelimit, LDAP_NO_LIMIT, &result);   \
+    if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \
+        tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle);   \
+        if (ldap_server_handle)                                         \
+            ld = ldap_server_handle->ldap_handle;                       \
+        if (tempst == 0)                                                \
+            st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0,   \
+                                   NULL, NULL, &timelimit,              \
+                                   LDAP_NO_LIMIT, &result);             \
+    }                                                                   \
                                                                         \
     if (status_check != IGNORE_STATUS) {                                \
         if (tempst != 0) {                                              \
only in patch2:
unchanged:
--- krb5-1.8.3+dfsg.orig/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
+++ krb5-1.8.3+dfsg/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
@@ -302,6 +302,7 @@
 {
     krb5_ldap_server_handle     *handle = *ldap_server_handle;
 
+    ldap_unbind_ext_s(handle->ldap_handle, NULL, NULL);
     if ((ldap_initialize(&handle->ldap_handle, handle->server_info->server_name) != LDAP_SUCCESS)
         || (krb5_ldap_bind(ldap_context, handle) != LDAP_SUCCESS))
         return krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle);
only in patch2:
unchanged:
--- krb5-1.8.3+dfsg.orig/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+++ krb5-1.8.3+dfsg/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
@@ -446,12 +446,11 @@
      * portion, then the first portion of the principal name SHOULD be
      * "krbtgt".  All this check is done in the immediate block.
      */
-    if (searchfor->length == 2)
-        if ((strncasecmp(searchfor->data[0].data, "krbtgt",
-                         FIND_MAX(searchfor->data[0].length, strlen("krbtgt"))) == 0) &&
-            (strncasecmp(searchfor->data[1].data, defrealm,
-                         FIND_MAX(searchfor->data[1].length, defrealmlen)) == 0))
+    if (searchfor->length == 2) {
+        if (data_eq_string(searchfor->data[0], "krbtgt") &&
+            data_eq_string(searchfor->data[1], defrealm))
             return 0;
+    }
 
     /* first check the length, if they are not equal, then they are not same */
     if (strlen(defrealm) != searchfor->realm.length)
only in patch2:
unchanged:
--- krb5-1.8.3+dfsg.orig/debian/patches/krb5-2011-001-patch
+++ krb5-1.8.3+dfsg/debian/patches/krb5-2011-001-patch
@@ -0,0 +1,31 @@
+Subject: kpropd denial of service
+Origin: upstream, http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2011-001.txt
+
+The MIT krb5 KDC database propagation daemon (kpropd) is vulnerable to
+a denial-of-service attack triggered by invalid network input.  If a
+kpropd worker process receives invalid input that causes it to exit
+with an abnormal status, it can cause the termination of the listening
+process that spawned it, preventing the slave KDC it was running on
+from receiving database updates from the master KDC.
+
+CVE-2010-4022
+
+diff -up krb5/src/slave/kpropd.c krb5/src/slave/kpropd.c
+--- krb5/src/slave/kpropd.c	2010-12-17 11:14:26.000000000 -0500
++++ krb5/src/slave/kpropd.c	2010-12-17 11:41:19.000000000 -0500
+@@ -404,11 +404,11 @@ retry:
+             }
+ 
+             close(s);
+-            if (iproprole == IPROP_SLAVE)
++            if (iproprole == IPROP_SLAVE) {
+                 close(finet);
+-
+-            if ((ret = WEXITSTATUS(status)) != 0)
+-                return (ret);
++                if ((ret = WEXITSTATUS(status)) != 0)
++                    return (ret);
++            }
+         }
+         if (iproprole == IPROP_SLAVE)
+             break;
only in patch2:
unchanged:
--- krb5-1.8.3+dfsg.orig/debian/patches/krb5-2011-002-r18-patch
+++ krb5-1.8.3+dfsg/debian/patches/krb5-2011-002-r18-patch
@@ -0,0 +1,127 @@
+Subject: krb5 Key Distribution Center (KDC) daemon DoS
+Origin: upstream, http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2011-002.txt
+
+The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable to
+denial of service attacks from unauthenticated remote attackers.
+CVE-2011-0281 and CVE-2011-0282 occur only in KDCs using LDAP back
+ends, but CVE-2011-0283 occurs in all krb5-1.9 KDCs.
+
+Exploit code is not known to exist, but the vulnerabilities are easy
+to trigger manually.  The trigger for CVE-2011-0281 has already been
+disclosed publicly, but that fact might not be obvious to casual
+readers of the message in which it was disclosed.  The triggers for
+CVE-2011-0282 and CVE-2011-0283 have not yet been disclosed publicly,
+but they are also trivial.
+
+diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
+index 1ca09b4..60caf3d 100644
+--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
++++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
+@@ -102,14 +102,18 @@ extern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code er
+ #define LDAP_SEARCH(base, scope, filter, attrs)   LDAP_SEARCH_1(base, scope, filter, attrs, CHECK_STATUS)
+ 
+ #define LDAP_SEARCH_1(base, scope, filter, attrs, status_check)         \
+-    do {                                                                \
+-        st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, NULL, &timelimit, LDAP_NO_LIMIT, &result); \
+-        if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \
+-            tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \
+-            if (ldap_server_handle)                                     \
+-                ld = ldap_server_handle->ldap_handle;                   \
+-        }                                                               \
+-    }while (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR && tempst == 0); \
++    tempst = 0;                                                         \
++    st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL,     \
++                           NULL, &timelimit, LDAP_NO_LIMIT, &result);   \
++    if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \
++        tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle);   \
++        if (ldap_server_handle)                                         \
++            ld = ldap_server_handle->ldap_handle;                       \
++        if (tempst == 0)                                                \
++            st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0,   \
++                                   NULL, NULL, &timelimit,              \
++                                   LDAP_NO_LIMIT, &result);             \
++    }                                                                   \
+                                                                         \
+     if (status_check != IGNORE_STATUS) {                                \
+         if (tempst != 0) {                                              \
+diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
+index 82b0333..84e80ee 100644
+--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
++++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
+@@ -302,6 +302,7 @@ krb5_ldap_rebind(krb5_ldap_context *ldap_context,
+ {
+     krb5_ldap_server_handle     *handle = *ldap_server_handle;
+ 
++    ldap_unbind_ext_s(handle->ldap_handle, NULL, NULL);
+     if ((ldap_initialize(&handle->ldap_handle, handle->server_info->server_name) != LDAP_SUCCESS)
+         || (krb5_ldap_bind(ldap_context, handle) != LDAP_SUCCESS))
+         return krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle);
+diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+index f549e23..b70940f 100644
+--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
++++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+@@ -446,12 +446,11 @@ is_principal_in_realm(krb5_ldap_context *ldap_context,
+      * portion, then the first portion of the principal name SHOULD be
+      * "krbtgt".  All this check is done in the immediate block.
+      */
+-    if (searchfor->length == 2)
+-        if ((strncasecmp(searchfor->data[0].data, "krbtgt",
+-                         FIND_MAX(searchfor->data[0].length, strlen("krbtgt"))) == 0) &&
+-            (strncasecmp(searchfor->data[1].data, defrealm,
+-                         FIND_MAX(searchfor->data[1].length, defrealmlen)) == 0))
++    if (searchfor->length == 2) {
++        if (data_eq_string(searchfor->data[0], "krbtgt") &&
++            data_eq_string(searchfor->data[1], defrealm))
+             return 0;
++    }
+ 
+     /* first check the length, if they are not equal, then they are not same */
+     if (strlen(defrealm) != searchfor->realm.length)
+diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+index 7ad31da..626ed1f 100644
+--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
++++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+@@ -103,10 +103,10 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor,
+                         unsigned int flags, krb5_db_entry *entries,
+                         int *nentries, krb5_boolean *more)
+ {
+-    char                        *user=NULL, *filter=NULL, **subtree=NULL;
++    char                        *user=NULL, *filter=NULL, *filtuser=NULL;
+     unsigned int                tree=0, ntrees=1, princlen=0;
+     krb5_error_code             tempst=0, st=0;
+-    char                        **values=NULL, *cname=NULL;
++    char                        **values=NULL, **subtree=NULL, *cname=NULL;
+     LDAP                        *ld=NULL;
+     LDAPMessage                 *result=NULL, *ent=NULL;
+     krb5_ldap_context           *ldap_context=NULL;
+@@ -142,12 +142,18 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor,
+     if ((st=krb5_ldap_unparse_principal_name(user)) != 0)
+         goto cleanup;
+ 
+-    princlen = strlen(FILTER) + strlen(user) + 2 + 1;      /* 2 for closing brackets */
++    filtuser = ldap_filter_correct(user);
++    if (filtuser == NULL) {
++        st = ENOMEM;
++        goto cleanup;
++    }
++
++    princlen = strlen(FILTER) + strlen(filtuser) + 2 + 1;  /* 2 for closing brackets */
+     if ((filter = malloc(princlen)) == NULL) {
+         st = ENOMEM;
+         goto cleanup;
+     }
+-    snprintf(filter, princlen, FILTER"%s))", user);
++    snprintf(filter, princlen, FILTER"%s))", filtuser);
+ 
+     if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntrees)) != 0)
+         goto cleanup;
+@@ -231,6 +237,9 @@ cleanup:
+     if (user)
+         free(user);
+ 
++    if (filtuser)
++        free(filtuser);
++
+     if (cname)
+         free(cname);
+

--- End Message ---

--- Begin Message ---

Source: krb5
Source-Version: 1.8.3+dfsg-4squeeze1

We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive:

krb5-admin-server_1.8.3+dfsg-4squeeze1_amd64.deb
  to main/k/krb5/krb5-admin-server_1.8.3+dfsg-4squeeze1_amd64.deb
krb5-doc_1.8.3+dfsg-4squeeze1_all.deb
  to main/k/krb5/krb5-doc_1.8.3+dfsg-4squeeze1_all.deb
krb5-kdc-ldap_1.8.3+dfsg-4squeeze1_amd64.deb
  to main/k/krb5/krb5-kdc-ldap_1.8.3+dfsg-4squeeze1_amd64.deb
krb5-kdc_1.8.3+dfsg-4squeeze1_amd64.deb
  to main/k/krb5/krb5-kdc_1.8.3+dfsg-4squeeze1_amd64.deb
krb5-multidev_1.8.3+dfsg-4squeeze1_amd64.deb
  to main/k/krb5/krb5-multidev_1.8.3+dfsg-4squeeze1_amd64.deb
krb5-pkinit_1.8.3+dfsg-4squeeze1_amd64.deb
  to main/k/krb5/krb5-pkinit_1.8.3+dfsg-4squeeze1_amd64.deb
krb5-user_1.8.3+dfsg-4squeeze1_amd64.deb
  to main/k/krb5/krb5-user_1.8.3+dfsg-4squeeze1_amd64.deb
krb5_1.8.3+dfsg-4squeeze1.diff.gz
  to main/k/krb5/krb5_1.8.3+dfsg-4squeeze1.diff.gz
krb5_1.8.3+dfsg-4squeeze1.dsc
  to main/k/krb5/krb5_1.8.3+dfsg-4squeeze1.dsc
libgssapi-krb5-2_1.8.3+dfsg-4squeeze1_amd64.deb
  to main/k/krb5/libgssapi-krb5-2_1.8.3+dfsg-4squeeze1_amd64.deb
libgssrpc4_1.8.3+dfsg-4squeeze1_amd64.deb
  to main/k/krb5/libgssrpc4_1.8.3+dfsg-4squeeze1_amd64.deb
libk5crypto3_1.8.3+dfsg-4squeeze1_amd64.deb
  to main/k/krb5/libk5crypto3_1.8.3+dfsg-4squeeze1_amd64.deb
libkadm5clnt-mit7_1.8.3+dfsg-4squeeze1_amd64.deb
  to main/k/krb5/libkadm5clnt-mit7_1.8.3+dfsg-4squeeze1_amd64.deb
libkadm5srv-mit7_1.8.3+dfsg-4squeeze1_amd64.deb
  to main/k/krb5/libkadm5srv-mit7_1.8.3+dfsg-4squeeze1_amd64.deb
libkdb5-4_1.8.3+dfsg-4squeeze1_amd64.deb
  to main/k/krb5/libkdb5-4_1.8.3+dfsg-4squeeze1_amd64.deb
libkrb5-3_1.8.3+dfsg-4squeeze1_amd64.deb
  to main/k/krb5/libkrb5-3_1.8.3+dfsg-4squeeze1_amd64.deb
libkrb5-dbg_1.8.3+dfsg-4squeeze1_amd64.deb
  to main/k/krb5/libkrb5-dbg_1.8.3+dfsg-4squeeze1_amd64.deb
libkrb5-dev_1.8.3+dfsg-4squeeze1_amd64.deb
  to main/k/krb5/libkrb5-dev_1.8.3+dfsg-4squeeze1_amd64.deb
libkrb53_1.8.3+dfsg-4squeeze1_all.deb
  to main/k/krb5/libkrb53_1.8.3+dfsg-4squeeze1_all.deb
libkrb5support0_1.8.3+dfsg-4squeeze1_amd64.deb
  to main/k/krb5/libkrb5support0_1.8.3+dfsg-4squeeze1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 613...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sam Hartman <hartm...@debian.org> (supplier of updated krb5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 02 Jun 2011 13:14:03 -0400
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev 
libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2 
libgssrpc4 libkadm5srv-mit7 libkadm5clnt-mit7 libk5crypto3 libkdb5-4 
libkrb5support0 libkrb53
Architecture: source all amd64
Version: 1.8.3+dfsg-4squeeze1
Distribution: stable
Urgency: low
Maintainer: Sam Hartman <hartm...@debian.org>
Changed-By: Sam Hartman <hartm...@debian.org>
Description: 
 krb5-admin-server - MIT Kerberos master server (kadmind)
 krb5-doc   - Documentation for MIT Kerberos
 krb5-kdc   - MIT Kerberos key server (KDC)
 krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
 krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
 krb5-pkinit - PKINIT plugin for MIT Kerberos
 krb5-user  - Basic programs to authenticate using MIT Kerberos
 libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
 libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
 libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
 libkadm5clnt-mit7 - MIT Kerberos runtime libraries - Administration Clients
 libkadm5srv-mit7 - MIT Kerberos runtime libraries - KDC and Admin Server
 libkdb5-4  - MIT Kerberos runtime libraries - Kerberos database
 libkrb5-3  - MIT Kerberos runtime libraries
 libkrb5-dbg - Debugging files for MIT Kerberos
 libkrb5-dev - Headers and development libraries for MIT Kerberos
 libkrb53   - transitional package for MIT Kerberos libraries
 libkrb5support0 - MIT Kerberos runtime libraries - Support library
Closes: 584282 611906 613487 616429 616728 618517 622681
Changes: 
 krb5 (1.8.3+dfsg-4squeeze1) stable; urgency=low
 .
   * Fix double free with pkinit on KDC, CVE-2011-0284, Closes: #618517
   * Updated Danish debconf translations, thanks  Joe Dalton, Closes:
     #584282
   * KDC/LDAP DOS    (CVE-2010-4022, CVE-2011-0281, and CVE-2011-0282,
     Closes: #613487
   * Fix delegation of credentials against Windows servers; significant
     interoperability issue, Closes: #611906
   * Set nt-srv-inst on TGS names to work against W2K8R2 KDCs, Closes:
     #616429
   * Don't fail authentication when PAC verification fails; support hmac-
     md5 checksums even for non-RC4 keys, Closes: #616728
   * Port fix to upstream ticket 6899: fix invalid free in kadmind change
     password case, Closes: #622681
Checksums-Sha1: 
 e365edbf5074a9ed77528bf9aade4a578207426b 1610 krb5_1.8.3+dfsg-4squeeze1.dsc
 b2b9bc3225d687180bf2bf208894380cba43740e 105919 
krb5_1.8.3+dfsg-4squeeze1.diff.gz
 8e1403ed2baa677989a67245e73fe047038e3dd9 2253356 
krb5-doc_1.8.3+dfsg-4squeeze1_all.deb
 c78dcadcb98ca098c3cc34e00124a17ed79906bb 1373520 
libkrb53_1.8.3+dfsg-4squeeze1_all.deb
 85c3079d77351cad4a882721f9a4d8de5db00b76 139100 
krb5-user_1.8.3+dfsg-4squeeze1_amd64.deb
 e591007dae060dd83629f778566964d07f758dc9 220522 
krb5-kdc_1.8.3+dfsg-4squeeze1_amd64.deb
 f0896b03ee679836b53fd6698028e704e90f8a2c 118352 
krb5-kdc-ldap_1.8.3+dfsg-4squeeze1_amd64.deb
 f72a4a3868aa95c5212e502e361d2ed7e483a55e 114526 
krb5-admin-server_1.8.3+dfsg-4squeeze1_amd64.deb
 9f31d52b81a318949533b63619c717b0345ddda4 103340 
krb5-multidev_1.8.3+dfsg-4squeeze1_amd64.deb
 16d904d6ff8c251a37f876e55efa5b6a1db6be48 37328 
libkrb5-dev_1.8.3+dfsg-4squeeze1_amd64.deb
 b4705aa6dd50d79a5bf09c55c485b40aeb4f4d03 1629346 
libkrb5-dbg_1.8.3+dfsg-4squeeze1_amd64.deb
 e9dd8001f67b7aff8c636343a768bda831180d4e 78164 
krb5-pkinit_1.8.3+dfsg-4squeeze1_amd64.deb
 dae18c9ec215244325e5d14f481c51a553b4aa88 375018 
libkrb5-3_1.8.3+dfsg-4squeeze1_amd64.deb
 543b742bf318ddd0cb19e5430c1d0f8c793c9759 130600 
libgssapi-krb5-2_1.8.3+dfsg-4squeeze1_amd64.deb
 7c42ffc9038fe998996a0285ad66d5fabcfda097 84016 
libgssrpc4_1.8.3+dfsg-4squeeze1_amd64.deb
 3edc3ebf11e5b268cb1189b9cdb9dd385a50e719 78568 
libkadm5srv-mit7_1.8.3+dfsg-4squeeze1_amd64.deb
 9369b5921d3013ff2fb3147b7357281922399e7e 64094 
libkadm5clnt-mit7_1.8.3+dfsg-4squeeze1_amd64.deb
 833545785266e85abf52916c519005f38c555c8d 106066 
libk5crypto3_1.8.3+dfsg-4squeeze1_amd64.deb
 54ceac7a672753b55fee3a8c896d1d0d66d5a526 63570 
libkdb5-4_1.8.3+dfsg-4squeeze1_amd64.deb
 328bfb823dae9ee5b6c34f2e34d5491a47fffe73 45810 
libkrb5support0_1.8.3+dfsg-4squeeze1_amd64.deb
Checksums-Sha256: 
 cf491b4ffdd52f299298f79a7e296656f7a65eacd497f26609caabe06c58ad26 1610 
krb5_1.8.3+dfsg-4squeeze1.dsc
 3278d5ded7dfa5a4241952303bece47daca68bb7c0316d3208d0cc8902d4131f 105919 
krb5_1.8.3+dfsg-4squeeze1.diff.gz
 94fb3d1f70c871d77f124b49df3df9e4f3e3d1a23d58397b71efcb1051dad3a3 2253356 
krb5-doc_1.8.3+dfsg-4squeeze1_all.deb
 2b11a858255cc66f5d34d7b324ad2cbbe2be2ee6d83b6aa2be7af87bbde28a67 1373520 
libkrb53_1.8.3+dfsg-4squeeze1_all.deb
 f50b915a0114906c8e0cee9164885e34fe84c6be22aade1f1f5800dbe905198a 139100 
krb5-user_1.8.3+dfsg-4squeeze1_amd64.deb
 869a6d04124095c94d19ea99dd5e7bbdb5399ade2a534ac881853c2e0bd157f5 220522 
krb5-kdc_1.8.3+dfsg-4squeeze1_amd64.deb
 af705977cf71ddefd12aa5d2bb4b1223affd6c239109b6147885bed5d884420d 118352 
krb5-kdc-ldap_1.8.3+dfsg-4squeeze1_amd64.deb
 7f8e378cbcd48973d3520b18d1def8dbf0329499a54dfc1504b8ae63d2f2fea4 114526 
krb5-admin-server_1.8.3+dfsg-4squeeze1_amd64.deb
 8f6ea2aab9d82b5b644f0292f671ef3d37a8085ac91171b0ec0531bc4294e065 103340 
krb5-multidev_1.8.3+dfsg-4squeeze1_amd64.deb
 4bfe70488aae25186cb960b1ea9676c24ccf9c618a7fa2d75af00cc7b3bdc12c 37328 
libkrb5-dev_1.8.3+dfsg-4squeeze1_amd64.deb
 2c593aa9177933533d4c91539556a5eccf8c5d0d3bdaa559f3e911a463ae3563 1629346 
libkrb5-dbg_1.8.3+dfsg-4squeeze1_amd64.deb
 b41948b59a8f8c5acf0cd4c7d253c67fa073d4864bee82da61edf2977ec833ff 78164 
krb5-pkinit_1.8.3+dfsg-4squeeze1_amd64.deb
 f672866b2d9c1a6922236116a808600ac4b82543fb0379cc799311b8d3a6cc0f 375018 
libkrb5-3_1.8.3+dfsg-4squeeze1_amd64.deb
 b5e4d2e33d84f718050a024bdd06b59df2297824b79e5c05052065a9524912a8 130600 
libgssapi-krb5-2_1.8.3+dfsg-4squeeze1_amd64.deb
 67b66784852744578477724edea8e924e8faae81f2111777753fa6578870cf87 84016 
libgssrpc4_1.8.3+dfsg-4squeeze1_amd64.deb
 48d2406537b1d6027cc1fd9580c4ad384c51ea436fb5678516d6ee68ffa9927b 78568 
libkadm5srv-mit7_1.8.3+dfsg-4squeeze1_amd64.deb
 5050abac0958afae13fc5d300512b0d684f9b5895e292f39e4a87ac3320cb12e 64094 
libkadm5clnt-mit7_1.8.3+dfsg-4squeeze1_amd64.deb
 d5410484c7d7984e3c8a34af3d80beb95d01e366589df676cce25eb97d965003 106066 
libk5crypto3_1.8.3+dfsg-4squeeze1_amd64.deb
 df42dd9f6a02cd5d5dfbb8d233af1b1e2a7d7d03a00ed49f4eb347b31f42d4b2 63570 
libkdb5-4_1.8.3+dfsg-4squeeze1_amd64.deb
 4e98655e36d6bfa1768e5f85e0632fc9e9f714ca0c6d65311b579150fcddd34e 45810 
libkrb5support0_1.8.3+dfsg-4squeeze1_amd64.deb
Files: 
 3c431c531b8426f1d48ad8f419209f57 1610 net standard 
krb5_1.8.3+dfsg-4squeeze1.dsc
 a2019a80103362ddd8044f42d9b8f3bf 105919 net standard 
krb5_1.8.3+dfsg-4squeeze1.diff.gz
 b0137d5452c726271dbd306f72fd2130 2253356 doc optional 
krb5-doc_1.8.3+dfsg-4squeeze1_all.deb
 69af33c86f32004ca9dc4d0f7f19c5bc 1373520 oldlibs extra 
libkrb53_1.8.3+dfsg-4squeeze1_all.deb
 604c112e735ce804494821b759e32e23 139100 net optional 
krb5-user_1.8.3+dfsg-4squeeze1_amd64.deb
 eb447f3979c7704f8f24e0f67acdf6a9 220522 net optional 
krb5-kdc_1.8.3+dfsg-4squeeze1_amd64.deb
 fb39a30a60465c8edf281665c1ba326d 118352 net extra 
krb5-kdc-ldap_1.8.3+dfsg-4squeeze1_amd64.deb
 cd51b343d0c5855208564bab19591e6d 114526 net optional 
krb5-admin-server_1.8.3+dfsg-4squeeze1_amd64.deb
 ce0e187d8aed0f9e7750fb68778d972f 103340 libdevel optional 
krb5-multidev_1.8.3+dfsg-4squeeze1_amd64.deb
 27dd07656be90d57062121c5f734bd93 37328 libdevel extra 
libkrb5-dev_1.8.3+dfsg-4squeeze1_amd64.deb
 4cfeabf8ff952b07733caa8585919546 1629346 debug extra 
libkrb5-dbg_1.8.3+dfsg-4squeeze1_amd64.deb
 41c74ae3e7eca73e62ecf17dd7226aab 78164 net extra 
krb5-pkinit_1.8.3+dfsg-4squeeze1_amd64.deb
 6a7c2b8db72b3032c58410a685642d8e 375018 libs standard 
libkrb5-3_1.8.3+dfsg-4squeeze1_amd64.deb
 77a2fab35ab1bf717b267818331e0f8c 130600 libs standard 
libgssapi-krb5-2_1.8.3+dfsg-4squeeze1_amd64.deb
 7625d2f7fe3cfb3379404fb1f7a91ebb 84016 libs standard 
libgssrpc4_1.8.3+dfsg-4squeeze1_amd64.deb
 b47cd3b359404b81ff6598b4772eff23 78568 libs standard 
libkadm5srv-mit7_1.8.3+dfsg-4squeeze1_amd64.deb
 471bb350eb5c54b26fa81a55f5c3eb3f 64094 libs standard 
libkadm5clnt-mit7_1.8.3+dfsg-4squeeze1_amd64.deb
 1c1e3be738a4c36fc00966fc2645eebb 106066 libs standard 
libk5crypto3_1.8.3+dfsg-4squeeze1_amd64.deb
 70a8bbeeedc04351c4fcf23ddd08e13b 63570 libs standard 
libkdb5-4_1.8.3+dfsg-4squeeze1_amd64.deb
 f07a690fa90966096f163cff34f8992e 45810 libs standard 
libkrb5support0_1.8.3+dfsg-4squeeze1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk3nzikACgkQ/I12czyGJg/ZaQCfakbKebrYpsv64ThAfNe659X3
V00AoM+FqyZYJZcPYEgZ6uNfZE8q0KM3
=AuUz
-----END PGP SIGNATURE-----

--- End Message ---

Bug#613487: marked as done (krb5: kdc kpropd and ldap backend DoS vulnerabilities (CVE-2010-4022, CVE-2011-0281, CVE-2011-0282))

Reply via email to