From ${URL} : In the OTP kdcpreauth module, the TKT_FLG_PRE_AUTH bit was set before the request was successfully verified. In the PKINIT kdcpreauth module, code 0 was returned on empty input or an unconfigured realm. Together, these bugs could cause the KDC preauth framework to erroneously treat a request as pre-authenticated. In MIT krb5 1.12 and later, when the KDC is configured with PKINIT support, an unauthenticated remote attacker can bypass the requires_preauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line dictionary attack against the user's password. Upstream patch: https://github.com/krb5/krb5/commit/e3b5a5e5267818c97750b266df50b6a3d4649604 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2015-2694 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2694): The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
CVE-2014-5355 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5355): MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.
Maintainers, are we ready for stabilization here?
Arches, please test and mark stable =app-crypt/mit-krb5-1.13.2 Target Keywords: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
amd64 stable
ppc stable
Stable for PPC64.
Stable for HPPA.
x86 stable
arm stable
ia64 stable
alpha stable
sparc stable. Maintainer(s), please cleanup. Security, please vote.
Arches and Maintainer(s), Thank you for your work. GLSA Vote: No
GLSA Vote: No