Information on source package krb5

Available versions

ReleaseVersion
jessie1.12.1+dfsg-19+deb8u9
stretch1.15-1+deb9u6
stretch (security)1.15-1+deb9u3
buster1.17-3+deb10u7
buster (security)1.17-3+deb10u6
bullseye1.18.3-6+deb11u5
bookworm1.20.1-2+deb12u2
trixie1.21.3-3
sid1.21.3-3

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-26462fixedfixedfixedfixedvulnerable (no DSA)vulnerablevulnerableKerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...
CVE-2017-11462vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedDouble free vulnerability in MIT Kerberos 5 (aka krb5) allows attacker ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-26461fixedfixedfixedvulnerablevulnerablevulnerablevulnerableKerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...
CVE-2024-26458fixedfixedfixedvulnerablevulnerablevulnerablevulnerableKerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/r ...
CVE-2018-5709vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableAn issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The ...
CVE-2017-15088vulnerablevulnerablefixedfixedfixedfixedfixedplugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka ...
CVE-2004-0971vulnerablefixedfixedfixedfixedfixedfixedThe krb5-send-pr script in the kerberos5 (krb5) package in Trustix Sec ...

Resolved issues

BugDescription
CVE-2024-37371In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause inva ...
CVE-2024-37370In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the ...
CVE-2023-39975kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a ...
CVE-2023-36054lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 an ...
CVE-2022-42898PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x befo ...
CVE-2021-37750The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before ...
CVE-2021-36222ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) ...
CVE-2020-28196MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allow ...
CVE-2019-14844A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including ...
CVE-2018-20217A Reachable Assertion issue was discovered in the KDC in MIT Kerberos ...
CVE-2018-5730MIT krb5 1.6 or later allows an authenticated kadmin with permission t ...
CVE-2018-5729MIT krb5 1.6 or later allows an authenticated kadmin with permission t ...
CVE-2018-5710An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The ...
CVE-2017-11368In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker ...
CVE-2017-7562An authentication bypass flaw was found in the way krb5's certauth int ...
CVE-2016-3120The validate_as_request function in kdc_util.c in the Key Distribution ...
CVE-2016-3119The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_prin ...
CVE-2015-8631Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MI ...
CVE-2015-8630The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functi ...
CVE-2015-8629The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in ...
CVE-2015-2698The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c ...
CVE-2015-2697The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Ker ...
CVE-2015-2696lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 reli ...
CVE-2015-2695lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1. ...
CVE-2015-2694The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x ...
CVE-2014-9423The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c ...
CVE-2014-9422The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadm ...
CVE-2014-9421The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in ...
CVE-2014-5355MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a kr ...
CVE-2014-5354plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka ...
CVE-2014-5353The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap ...
CVE-2014-5352The krb5_gss_process_context_token function in lib/gssapi/krb5/process ...
CVE-2014-5351The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal. ...
CVE-2014-4345Off-by-one error in the krb5_encode_krbsecretkey function in plugins/k ...
CVE-2014-4344The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/ ...
CVE-2014-4343Double free vulnerability in the init_ctx_reselect function in the SPN ...
CVE-2014-4342MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows re ...
CVE-2014-4341MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cau ...
CVE-2013-1418The setup_server_realm function in main.c in the Key Distribution Cent ...
CVE-2013-1417do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (a ...
CVE-2013-1416The prep_reprocess_req function in do_tgs_req.c in the Key Distributio ...
CVE-2013-1415The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_cr ...
CVE-2012-1016The pkinit_server_return_padata function in plugins/preauth/pkinit/pki ...
CVE-2012-1015The kdc_handle_protected_negotiation function in the Key Distribution ...
CVE-2012-1014The process_as_req function in the Key Distribution Center (KDC) in MI ...
CVE-2012-1013The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmi ...
CVE-2012-1012server/server_stubs.c in the kadmin protocol implementation in MIT Ker ...
CVE-2011-4862Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 throu ...
CVE-2011-4151The krb5_db2_lockout_audit function in the Key Distribution Center (KD ...
CVE-2011-1530The process_tgs_req function in do_tgs_req.c in the Key Distribution C ...
CVE-2011-1529The lookup_lockout_policy function in the Key Distribution Center (KDC ...
CVE-2011-1528The krb5_ldap_lockout_audit function in the Key Distribution Center (K ...
CVE-2011-1527The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerber ...
CVE-2011-0285The process_chpw_request function in schpw.c in the password-changing ...
CVE-2011-0284Double free vulnerability in the prepare_error_as function in do_as_re ...
CVE-2011-0283The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 all ...
CVE-2011-0282The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x t ...
CVE-2011-0281The unparse implementation in the Key Distribution Center (KDC) in MIT ...
CVE-2010-4022The do_standalone function in the MIT krb5 KDC database propagation da ...
CVE-2010-4021The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 doe ...
CVE-2010-4020MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key- ...
CVE-2010-1324MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not prope ...
CVE-2010-1323MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x ...
CVE-2010-1322The merge_authdata function in kdc_authdata.c in the Key Distribution ...
CVE-2010-1321The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-AP ...
CVE-2010-1320Double free vulnerability in do_tgs_req.c in the Key Distribution Cent ...
CVE-2010-0629Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmin ...
CVE-2010-0628The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego ...
CVE-2010-0283The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 bef ...
CVE-2009-4212Multiple integer underflows in the (1) AES and (2) RC4 decryption func ...
CVE-2009-3295The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm ...
CVE-2009-0847The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka ...
CVE-2009-0846The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c i ...
CVE-2009-0845The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego ...
CVE-2009-0844The get_input_token function in the SPNEGO implementation in MIT Kerbe ...
CVE-2008-0948Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by ...
CVE-2008-0947Buffer overflow in the RPC library used by libgssrpc and kadmind in MI ...
CVE-2008-0063The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not pro ...
CVE-2008-0062KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for som ...
CVE-2007-5972Double free vulnerability in the krb5_def_store_mkey function in lib/k ...
CVE-2007-5971Double free vulnerability in the gss_krb5int_make_seal_token_v3 functi ...
CVE-2007-5902Integer overflow in the svcauth_gss_get_principal function in lib/rpc/ ...
CVE-2007-5901Use-after-free vulnerability in the gss_indicate_mechs function in lib ...
CVE-2007-5894The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb ...
CVE-2007-4743The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_G ...
CVE-2007-4000The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy. ...
CVE-2007-3999Stack-based buffer overflow in the svcauth_gss_validate function in li ...
CVE-2007-2798Stack-based buffer overflow in the rename_principal_2_svc function in ...
CVE-2007-2443Integer signedness error in the gssrpc__svcauth_unix function in svc_a ...
CVE-2007-2442The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos ...
CVE-2007-1216Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5un ...
CVE-2007-0957Stack-based buffer overflow in the krb5_klog_syslog function in the ka ...
CVE-2007-0956The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote att ...
CVE-2006-6144The "mechglue" abstraction interface of the GSS-API library for Kerber ...
CVE-2006-6143The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1 ...
CVE-2006-3084The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1 ...
CVE-2006-3083The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) ...
CVE-2005-1689Double free vulnerability in the krb5_recvauth function in MIT Kerbero ...
CVE-2005-1175Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT ...
CVE-2005-1174MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) ...
CVE-2005-0488Certain BSD-based Telnet clients, including those used on Solaris and ...
CVE-2005-0469Buffer overflow in the slc_add_reply function in various BSD-based Tel ...
CVE-2005-0468Heap-based buffer overflow in the env_opt_add function in telnet.c for ...
CVE-2004-1189The add_to_history function in svr_principal.c in libkadm5srv for MIT ...
CVE-2004-0772Double free vulnerabilities in error handling code in krb524d for MIT ...
CVE-2004-0644The asn1buf_skiptail function in the ASN.1 decoder library for MIT Ker ...
CVE-2004-0643Double free vulnerability in the krb5_rd_cred function for MIT Kerbero ...
CVE-2004-0642Double free vulnerabilities in the error handling code for ASN.1 decod ...
CVE-2004-0523Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos ...
CVE-2003-0139Certain weaknesses in the implementation of version 4 of the Kerberos ...
CVE-2003-0138Version 4 of the Kerberos protocol (krb4), as used in Heimdal and othe ...
CVE-2003-0082The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earli ...
CVE-2003-0072The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earli ...
CVE-2003-0060Format string vulnerabilities in the logging routines for MIT Kerberos ...
CVE-2003-0059Unknown vulnerability in the chk_trans.c of the libkrb5 library for MI ...
CVE-2003-0058MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remo ...
CVE-2003-0041Kerberos FTP client allows remote FTP sites to execute arbitrary code ...
CVE-2003-0028Integer overflow in the xdrmem_getbytes() function, and possibly other ...
CVE-2002-2443schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) ...
CVE-2002-1235The kadm_ser_in function in (1) the Kerberos v4compatibility administr ...
CVE-2002-0391Integer overflow in xdr_array function in RPC servers for operating sy ...

Security announcements

DSA / DLADescription
ELA-1141-1krb5 - security update
DSA-5726-1krb5 - security update
ELA-987-1krb5 - security update
DLA-3626-1krb5 - security update
ELA-753-1krb5 - security update
DLA-3213-1krb5 - security update
DSA-5286-1krb5 - security update
DLA-2771-1krb5 - security update
DSA-4944-1krb5 - security update
DSA-4795-1krb5 - security update
DLA-2437-1krb5 - security update
ELA-308-1krb5 - security update
DLA-1643-1krb5 - security update
ELA-77-1krb5 - security update
DLA-1265-1krb5 - security update
DLA-1058-1krb5 - security update
DLA-423-1krb5 - security update
DSA-3466-1krb5 - security update
DSA-3395-2krb5 - security update
DLA-340-1krb5 - security update
DSA-3395-1krb5 - security update
DLA-146-1krb5 - security update
DSA-3153-1krb5 - security update
DLA-37-1krb5 - security update
DSA-3000-1krb5 - security update
DSA-2701-1krb5 - denial of service
DSA-2518-1krb5 - denial of service
DSA-2379-1krb5 - several
DSA-2375-1krb5 - buffer overflow
DSA-2129-1krb5 - checksum verification weakness
DSA-2052-1krb5 - denial of service
DSA-2031-1krb5 - denial of service
DSA-1969-1krb5 - denial of service
DSA-1766-1krb5 - several vulnerabilities
DSA-1524-1krb5 - multiple vulnerabilities
DSA-1367-1krb5 - arbitrary code execution
DSA-1323-1krb5
DSA-1276-1krb5 - several vulnerabilities
DSA-1146-1krb5 - programming error
DSA-757-1krb5 - buffer overflow, double-free memory
DSA-703-1krb5 - buffer overflows
DSA-629-1krb5 - buffer overflow
DSA-543-1krb5 -- several vulnerabilities
DSA-520krb5 - buffer overflows
DSA-266krb5 - several vulnerabilities
DSA-183krb5 - buffer overflow
DSA-143krb5 - integer overflow

Search for package or bug name: Reporting problems