non port: security/krb5-119/distinfo |
Number of commits found: 7 |
Tuesday, 16 Apr 2024
|
19:56 Rene Ladan (rene)
security/krb5-119: Remove expired port
2024-04-15 security/krb5-119: Desupported by MIT following 1.21
4c14a7fa |
Tuesday, 15 Nov 2022
|
17:19 Cy Schubert (cy)
security/krb5-119: Update to 1.19.4
MFH: 2022Q4
Security: CVE-2022-42898
eed9a79 |
16:37 Cy Schubert (cy)
security/krb5-*: Address CVE-2022-42898
Topic: Vulnerabilities in PAC parsing
CVE-2022-42898: integer overflow vulnerabilities in PAC parsing
SUMMARY
=======
Three integer overflow vulnerabilities have been discovered in the MIT
krb5 library function krb5_parse_pac().
IMPACT
======
An authenticated attacker may be able to cause a KDC or kadmind
process to crash by reading beyond the bounds of allocated memory,
creating a denial of service. A privileged attacker may similarly be
able to cause a Kerberos or GSS application service to crash.
On a 32-bit platform, an authenticated attacker may be able to cause
heap corruption in a KDC or kadmind process, possibly leading to
remote code execution. A privileged attacker may similarly be able to
cause heap corruption in a Kerberos or GSS application service running
on a 32-bit platform.
An attacker with the privileges of a cross-realm KDC may be able to
extract secrets from a KDC process's memory by having them copied into
the PAC of a new ticket.
AFFECTED SOFTWARE
=================
Kerberos and GSS application services using krb5-1.8 or later are
affected. kadmind in krb5-1.8 or later is affected. The krb5-1.20
KDC is affected. The krb5-1.8 through krb5-1.19 KDC is affected when
using the Samba or FreeIPA KDB modules.
REFERENCES
==========
This announcement is posted at:
https://web.mit.edu/kerberos/advisories/MITKRB5-SA-2022-001.txt
This announcement and related security advisories may be found on the
MIT Kerberos security advisory page at:
https://web.mit.edu/kerberos/advisories/index.html
The main MIT Kerberos web page is at:
https://web.mit.edu/kerberos/index.html
CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898
MFH: 2022Q4
Security: CVE-2022-42898
de40003 |
Monday, 14 Mar 2022
|
16:59 Cy Schubert (cy)
security/krb5-119: Update to 1.19.3
f47c333 |
Monday, 26 Jul 2021
|
19:55 Cy Schubert (cy)
security/krb5-119: Update to 1.19.2
The announcement as follows:
The MIT Kerberos Team announces the availability of MIT Kerberos 5
Releases 1.19.2 and 1.18.4. Please see below for a list of some major
changes included, or consult the README file in the source tree for a
more detailed list of significant changes.
Retrieving krb5-1.19.2 and krb5-1.18.4
======================================
You may retrieve the krb5-1.19.2 and krb5-1.18.4 sources from the
following URL:
https://kerberos.org/dist/
The homepage for the krb5-1.19.2 and krb5-1.18.4 releases are:
https://web.mit.edu/kerberos/krb5-1.19/
https://web.mit.edu/kerberos/krb5-1.18/
Further information about Kerberos 5 may be found at the following
URL:
https://web.mit.edu/kerberos/
Triple-DES transition
=====================
Beginning with the krb5-1.19 release, a warning will be issued if
initial credentials are acquired using the des3-cbc-sha1 encryption
type. In future releases, this encryption type will be disabled by
default and eventually removed.
Beginning with the krb5-1.18 release, single-DES encryption types have
been removed.
Major changes in 1.19.2 and 1.18.4 (2021-07-22)
===============================================
These are bug fix releases.
* Fix a denial of service attack against the KDC encrypted challenge
code [CVE-2021-36222].
* Fix a memory leak when gss_inquire_cred() is called without a
credential handle.
MFH: 2021Q3
Security: CVE-2021-36222
f6f818b |
Friday, 19 Feb 2021
|
15:31 cy
security/krb5: update 1.19 --> 1.19.1.
|
Tuesday, 2 Feb 2021
|
05:01 cy
Welcome the new KRB5 1.19 (krb5-119)
In addition, deprecate krb5-117 to retire one year after the release
of krb5-119: Feb 1, 2022.
krb5-119 becomes the default krb5 port.
|
Number of commits found: 7 |