This bug was fixed in the package krb5 - 1.10+dfsg~beta1-2ubuntu0.3
---------------
krb5 (1.10+dfsg~beta1-2ubuntu0.3) precise-security; urgency=low
* SECURITY UPDATE: KDC heap corruption and crash vulnerabilities
- debian/patches/MITKRB5-SA-2012-001.patch: initialize pointers both
at allocation and assignment time
- CVE-2012-1015, CVE-2012-1014
* SECURITY UPDATE: denial of service in kadmind (LP: #1009422)
- debian/patches/krb5-CVE-2012-1013.patch: check for null password
- CVE-2012-1013
* SECURITY UPDATE: insufficient ACL checking on get_strings/set_string
- debian/patches/krb5-CVE-2012-1012.patch: make the access
controls for get_strings/set_string mirror those of
get_principal/modify_principal
- CVE-2012-1012
-- Steve Beattie <sbeat...@ubuntu.com> Thu, 26 Jul 2012 14:29:35 -0700
** Changed in: krb5 (Ubuntu)
Status: Confirmed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1012
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1014
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1015
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1009422
Title:
(CVE-2012-1013) krb5 : kadmind denial of service
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1009422/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
