Your message dated Wed, 05 Jun 2013 22:47:33 +0000
with message-id <e1ukmup-0006i4...@franck.debian.org>
and subject line Bug#708267: fixed in krb5 1.8.3+dfsg-4squeeze7
has caused the Debian Bug report #708267,
regarding cve-2002-2443: kpasswd udp ping-pong
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
708267: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708267
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: krb5-admin-server
Version: 1.10.1+dfsg-5
Owner: ka...@mit.edu
Upstream has fixed CVE-2002-2443 in their git master, with the following
commit message:
Fix kpasswd UDP ping-pong [CVE-2002-2443]
The kpasswd service provided by kadmind was vulnerable to a UDP
"ping-pong" attack [CVE-2002-2443]. Don't respond to packets unless
they pass some basic validation, and don't respond to our own error
packets.
Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong
attack or UDP ping-pong attacks in general, but there is discussion
leading toward narrowing the definition of CVE-1999-0103 to the echo,
chargen, or other similar built-in inetd services.
Thanks to Vincent Danen for alerting us to this issue.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C
--- End Message ---
--- Begin Message ---
Source: krb5
Source-Version: 1.8.3+dfsg-4squeeze7
We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 708...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hartman <hartm...@debian.org> (supplier of updated krb5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 22 May 2013 07:33:24 -0400
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev
libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2
libgssrpc4 libkadm5srv-mit7 libkadm5clnt-mit7 libk5crypto3 libkdb5-4
libkrb5support0 libkrb53
Architecture: source all amd64
Version: 1.8.3+dfsg-4squeeze7
Distribution: oldstable-security
Urgency: medium
Maintainer: Sam Hartman <hartm...@debian.org>
Changed-By: Sam Hartman <hartm...@debian.org>
Description:
krb5-admin-server - MIT Kerberos master server (kadmind)
krb5-doc - Documentation for MIT Kerberos
krb5-kdc - MIT Kerberos key server (KDC)
krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
krb5-pkinit - PKINIT plugin for MIT Kerberos
krb5-user - Basic programs to authenticate using MIT Kerberos
libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
libkadm5clnt-mit7 - MIT Kerberos runtime libraries - Administration Clients
libkadm5srv-mit7 - MIT Kerberos runtime libraries - KDC and Admin Server
libkdb5-4 - MIT Kerberos runtime libraries - Kerberos database
libkrb5-3 - MIT Kerberos runtime libraries
libkrb5-dbg - Debugging files for MIT Kerberos
libkrb5-dev - Headers and development libraries for MIT Kerberos
libkrb53 - transitional package for MIT Kerberos libraries
libkrb5support0 - MIT Kerberos runtime libraries - Support library
Closes: 708267
Changes:
krb5 (1.8.3+dfsg-4squeeze7) oldstable-security; urgency=medium
.
* Fix "cve-2002-2443: kpasswd udp ping-pong" (Closes: #708267)
Checksums-Sha1:
9cc65c8e59a4068a8c3612dd11a0103dd34b14d6 1610 krb5_1.8.3+dfsg-4squeeze7.dsc
7197516c3a0e368fedcc737c84bec7977b911ed6 107176
krb5_1.8.3+dfsg-4squeeze7.diff.gz
6ac247cd0f720a9e5f7b899285fa3e520c7aef21 2255534
krb5-doc_1.8.3+dfsg-4squeeze7_all.deb
d4e444aab5d0cca3c7e1461e24ee279b7aa0cf97 1373874
libkrb53_1.8.3+dfsg-4squeeze7_all.deb
a468eb9e08a94f2bd15e0d5cc450913d1bf2f241 138772
krb5-user_1.8.3+dfsg-4squeeze7_amd64.deb
acef20cb3b4d3b0bf79a38254cb5927b5089e48b 219170
krb5-kdc_1.8.3+dfsg-4squeeze7_amd64.deb
50f5adab627a22aa6da23d272a36e6ada0c1f14d 118198
krb5-kdc-ldap_1.8.3+dfsg-4squeeze7_amd64.deb
c73e645550e1fb2e7be7e853ea79b2d536c5ff10 114290
krb5-admin-server_1.8.3+dfsg-4squeeze7_amd64.deb
9cc05d2be1e47735c6538855e79c7a15c4eca547 104400
krb5-multidev_1.8.3+dfsg-4squeeze7_amd64.deb
4ac1f237e2a8ab64a5f612e236c297a4ce9c2037 37710
libkrb5-dev_1.8.3+dfsg-4squeeze7_amd64.deb
7cdd6450841ef0433440cc96a8ad6c17734dbec1 1628328
libkrb5-dbg_1.8.3+dfsg-4squeeze7_amd64.deb
7db5733a65f53c7ba7e441227cc91a41977a5122 78126
krb5-pkinit_1.8.3+dfsg-4squeeze7_amd64.deb
3ce9991506e2f5756b293abbfcce1421ec03ded7 373650
libkrb5-3_1.8.3+dfsg-4squeeze7_amd64.deb
86410d02b35500bdea47ece6c2de1d39ace26b96 130530
libgssapi-krb5-2_1.8.3+dfsg-4squeeze7_amd64.deb
4504a0061e2dc0403b5fb222be25cbd713763ba8 84022
libgssrpc4_1.8.3+dfsg-4squeeze7_amd64.deb
bb43fd31b1cee86989653ee487b9730008102c9d 78742
libkadm5srv-mit7_1.8.3+dfsg-4squeeze7_amd64.deb
1baabab8c25a2524fdeae5b66ee7e64e30762f3e 64386
libkadm5clnt-mit7_1.8.3+dfsg-4squeeze7_amd64.deb
eb0dd925e7c302cf20d8f996ee1d365b05c7a730 106066
libk5crypto3_1.8.3+dfsg-4squeeze7_amd64.deb
374c054aba3149cdf45aa5d308ea14b97c4cbbb9 63808
libkdb5-4_1.8.3+dfsg-4squeeze7_amd64.deb
3a5f475d8dfc9f480a4e888752e6105fc09fc84c 46454
libkrb5support0_1.8.3+dfsg-4squeeze7_amd64.deb
Checksums-Sha256:
04f584260d734346bd868f31f7826480d1187f6ba69ba9a72f9ae2fd47316f3a 1610
krb5_1.8.3+dfsg-4squeeze7.dsc
1e464c6dd6ee4cf4a139f1bbb0e37e1a0178793125df36c38c6302382596af27 107176
krb5_1.8.3+dfsg-4squeeze7.diff.gz
ba70be277879a021dae7be52150b95e5688b8ee1c65c8d6aeefbeaf0932ab162 2255534
krb5-doc_1.8.3+dfsg-4squeeze7_all.deb
74c2b9ae4df07d2881e5f687e4c1973fc5aaeff219b3b0a4dbd885672be0581e 1373874
libkrb53_1.8.3+dfsg-4squeeze7_all.deb
4628dab7f1e359abe50ddf8b00964ead05017c209706a469a031c4c7c21638a4 138772
krb5-user_1.8.3+dfsg-4squeeze7_amd64.deb
b3a64fd7004c8d28b60b32af8848432d35eddb9cff8946870020d90834b44ded 219170
krb5-kdc_1.8.3+dfsg-4squeeze7_amd64.deb
0921ae67c6ef14ef12aafbef49e55c14803a083404ae38df109e38e42fd301ca 118198
krb5-kdc-ldap_1.8.3+dfsg-4squeeze7_amd64.deb
2daaf38df78979ea5d9d4410884be0aae7e1aaf87d88e5716010ee097e3c3e39 114290
krb5-admin-server_1.8.3+dfsg-4squeeze7_amd64.deb
e0fffd7f523b2005c770757f898ec0f4a025aa07e82d6025caf72747e89e4d0b 104400
krb5-multidev_1.8.3+dfsg-4squeeze7_amd64.deb
f189ed4881830c95dbf9ccda651ff104db4b453e6a035a1787212f5084522b02 37710
libkrb5-dev_1.8.3+dfsg-4squeeze7_amd64.deb
4d6ec4f05fdc0ebf63e67706c82548cebf2a5978edf1169a210f31a9f93b1e97 1628328
libkrb5-dbg_1.8.3+dfsg-4squeeze7_amd64.deb
618c816a237b0d8b654331c3aca1cffe5baabaa82f1f7c131159eb3efaaf6046 78126
krb5-pkinit_1.8.3+dfsg-4squeeze7_amd64.deb
40edefdc8a5acc971d478aef25f41496ea85434d0e280f09f6bf56c371675e34 373650
libkrb5-3_1.8.3+dfsg-4squeeze7_amd64.deb
5c4586b4481f378b87da66e2e5b709ea099115ca694c6c4a0a2bd8d9e5aaacef 130530
libgssapi-krb5-2_1.8.3+dfsg-4squeeze7_amd64.deb
e3afd4edec498c8b59ac3e7b58f1e65a9bbd550a8ba700bfe424129325eaea09 84022
libgssrpc4_1.8.3+dfsg-4squeeze7_amd64.deb
f6ae2bdb9ba3efccf743c2ebf90c21e78e00e20e4298177ced68ab5295d5910e 78742
libkadm5srv-mit7_1.8.3+dfsg-4squeeze7_amd64.deb
8fd96cd5cb3caa990c640b8a489d5c7025bd530ea4f4fea0670a5b80f43820ff 64386
libkadm5clnt-mit7_1.8.3+dfsg-4squeeze7_amd64.deb
7c685923268e7cdc1724d8946c39e6ed9c54e0feec9d27c787a669f407876274 106066
libk5crypto3_1.8.3+dfsg-4squeeze7_amd64.deb
c1879609673ee4b102c2d70384c791c4becc85ebbb94692466cf3f58bfe69cbe 63808
libkdb5-4_1.8.3+dfsg-4squeeze7_amd64.deb
02f8802f524cd5210e1df58d37480f719e83a0d15076a78b4e50643c955d3645 46454
libkrb5support0_1.8.3+dfsg-4squeeze7_amd64.deb
Files:
894c4bbe565183835ed54bfae7b386cc 1610 net standard
krb5_1.8.3+dfsg-4squeeze7.dsc
942cd6cdcb46e9d10f408b9baf973f77 107176 net standard
krb5_1.8.3+dfsg-4squeeze7.diff.gz
f2f32d1572ec63dd7bd0c4a3520e9118 2255534 doc optional
krb5-doc_1.8.3+dfsg-4squeeze7_all.deb
f305d359fc13d378733932a1190fef98 1373874 oldlibs extra
libkrb53_1.8.3+dfsg-4squeeze7_all.deb
5d2493357bbba7c052f1a4817d11e345 138772 net optional
krb5-user_1.8.3+dfsg-4squeeze7_amd64.deb
c146d6ff4c0b0149b70a69b639ad6f83 219170 net optional
krb5-kdc_1.8.3+dfsg-4squeeze7_amd64.deb
9cd1daf368b6d2a91545869c9789247b 118198 net extra
krb5-kdc-ldap_1.8.3+dfsg-4squeeze7_amd64.deb
3d16357af7e4e1b8ba84bbce4d43ca93 114290 net optional
krb5-admin-server_1.8.3+dfsg-4squeeze7_amd64.deb
8625cc3cebd71928c994ede308cf675e 104400 libdevel optional
krb5-multidev_1.8.3+dfsg-4squeeze7_amd64.deb
39c1130fa7641bd55dd8d1494f5fa002 37710 libdevel extra
libkrb5-dev_1.8.3+dfsg-4squeeze7_amd64.deb
88c91077fd0af7d5758f1eb16cb82fce 1628328 debug extra
libkrb5-dbg_1.8.3+dfsg-4squeeze7_amd64.deb
918820c24b883ae290c9b02f0580e121 78126 net extra
krb5-pkinit_1.8.3+dfsg-4squeeze7_amd64.deb
28dc465d0ec532d41b6cea3b1737f20e 373650 libs standard
libkrb5-3_1.8.3+dfsg-4squeeze7_amd64.deb
fd528cb051563a08687a4faf9d523b50 130530 libs standard
libgssapi-krb5-2_1.8.3+dfsg-4squeeze7_amd64.deb
909caf1d518bba4d932a961de89dab6a 84022 libs standard
libgssrpc4_1.8.3+dfsg-4squeeze7_amd64.deb
09e9adf10cfa223ad82e22f3461556e7 78742 libs standard
libkadm5srv-mit7_1.8.3+dfsg-4squeeze7_amd64.deb
09ff2331976a49120d5bb31b0f9330c0 64386 libs standard
libkadm5clnt-mit7_1.8.3+dfsg-4squeeze7_amd64.deb
c3f53d11efd7695de7c9bc0d73ef7e22 106066 libs standard
libk5crypto3_1.8.3+dfsg-4squeeze7_amd64.deb
2fb83ebd5d477f082278820f74e18f52 63808 libs standard
libkdb5-4_1.8.3+dfsg-4squeeze7_amd64.deb
2449f350cfd7b36c63fb1ef37702cf11 46454 libs standard
libkrb5support0_1.8.3+dfsg-4squeeze7_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlGcuhoACgkQ/I12czyGJg9ELgCgzWMX8jjwm07GZDGdYuan/g8r
+kEAnAhHGnbAhCSzL2kIlpFx0+GEzk5Y
=+aUP
-----END PGP SIGNATURE-----
--- End Message ---
