Univention Bugzilla – Bug 48538
krb5: Multiple issues (4.2)
Last modified: 2019-02-06 12:55:56 CET
New Debian krb5 1.12.1+dfsg-19+deb8u5 fixes: This update addresses the following issues: * null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) * DN container check bypass by supplying special crafted data (CVE-2018-5730) * Reachable assertion in the KDC using S4U2Self requests (CVE-2018-20217)
--- mirror/ftp/4.2/unmaintained/4.2-4/source/krb5_1.12.1+dfsg-19+deb8u4.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/krb5_1.12.1+dfsg-19+deb8u5.dsc @@ -1,3 +1,11 @@ +1.12.1+dfsg-19+deb8u5 [Fri, 25 Jan 2019 16:03:02 +0100] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2018-20217 + Ignore password attributes for S4U2Self requests. + * CVE-2018-5729, CVE-2018-5730 + Fix flaws in LDAP DN checking. + 1.12.1+dfsg-19+deb8u4 [Mon, 28 Aug 2017 11:55:49 -0400] Sam Hartman <hartmans@debian.org>: * New version number; same code as deb8u3 but rebuilt to build arch all <http://10.200.17.11/4.2-5/#6550826317288880523>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] 0948ae2014 Bug #48538: krb5 1.12.1+dfsg-19+deb8u5 doc/errata/staging/krb5.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+)
<http://errata.software-univention.de/ucs/4.2/591.html>