-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 07 May 2025 19:06:22 +0200 Source: krb5 Binary: krb5-admin-server krb5-admin-server-dbgsym krb5-gss-samples krb5-gss-samples-dbgsym krb5-k5tls krb5-k5tls-dbgsym krb5-kdc krb5-kdc-dbgsym krb5-kdc-ldap krb5-kdc-ldap-dbgsym krb5-kpropd krb5-kpropd-dbgsym krb5-multidev krb5-otp krb5-otp-dbgsym krb5-pkinit krb5-pkinit-dbgsym krb5-user krb5-user-dbgsym libgssapi-krb5-2 libgssrpc4 libk5crypto3 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 libkrad-dev libkrad0 libkrb5-3 libkrb5-dbg libkrb5-dev libkrb5support0 Architecture: amd64 Version: 1.20.1-2+deb12u4 Distribution: bookworm Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Bastien Roucariès Description: krb5-admin-server - MIT Kerberos master server (kadmind) krb5-gss-samples - MIT Kerberos GSS Sample applications krb5-k5tls - TLS plugin for MIT Kerberos krb5-kdc - MIT Kerberos key server (KDC) krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin krb5-kpropd - MIT Kerberos key server (Slave KDC Support) krb5-multidev - development files for MIT Kerberos without Heimdal conflict krb5-otp - OTP plugin for MIT Kerberos krb5-pkinit - PKINIT plugin for MIT Kerberos krb5-user - basic programs to authenticate using MIT Kerberos libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library libkadm5clnt-mit12 - MIT Kerberos runtime libraries - Administration Clients libkadm5srv-mit12 - MIT Kerberos runtime libraries - KDC and Admin Server libkdb5-10 - MIT Kerberos runtime libraries - Kerberos database libkrad-dev - MIT Kerberos RADIUS Library Development libkrad0 - MIT Kerberos runtime libraries - RADIUS library libkrb5-3 - MIT Kerberos runtime libraries libkrb5-dbg - debugging files for MIT Kerberos libkrb5-dev - headers and development libraries for MIT Kerberos libkrb5support0 - MIT Kerberos runtime libraries - Support library Closes: 1103525 Changes: krb5 (1.20.1-2+deb12u4) bookworm; urgency=medium . * Non Maintainer upload by LTS team * Fix CVE-2025-3576. Closes: #1103525 A Vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. * Tickets will not be issued with RC4 or triple-DES session keys unless explicitly configured with the new allow_rc4 or allow_des3 variables respectively. * In KDC, assume all services support aes256-sha1 To facilitate negotiating session keys with acceptable security, assume that services support aes256-cts-hmac-sha1 unless a session_enctypes string attribute says otherwise. Checksums-Sha1: 8e258266ea7f07d15a2cc471f6ac64c78d37357b 212904 krb5-admin-server-dbgsym_1.20.1-2+deb12u4_amd64.deb ec5c14a4091494359f07e4ec3c6c761dbef96e87 94192 krb5-admin-server_1.20.1-2+deb12u4_amd64.deb 054b90416de28b7a1947106d992a2808f1bcf62c 39528 krb5-gss-samples-dbgsym_1.20.1-2+deb12u4_amd64.deb fa01e2ca71dd950d31489cde4a5ad78947027b08 28848 krb5-gss-samples_1.20.1-2+deb12u4_amd64.deb 9ef886913bab486ede9d68288deb854f76287c2e 19764 krb5-k5tls-dbgsym_1.20.1-2+deb12u4_amd64.deb fd05ca59930a033a697b0813104b77f77f652516 19572 krb5-k5tls_1.20.1-2+deb12u4_amd64.deb 767002ad9a7cb0bc964897b2b03729e537fc84bc 456440 krb5-kdc-dbgsym_1.20.1-2+deb12u4_amd64.deb 1c60aeb21be0f2d3073d4e19300c818bce155f7d 193088 krb5-kdc-ldap-dbgsym_1.20.1-2+deb12u4_amd64.deb d49aad1bb56f545eff1445d7e1d000bd88e63968 88016 krb5-kdc-ldap_1.20.1-2+deb12u4_amd64.deb 3cb269ff2e5f5c0f0b813ac19441d0cccac93c55 181736 krb5-kdc_1.20.1-2+deb12u4_amd64.deb 05e37d76109650e9cf0da40d7c08f3375df97c9c 43528 krb5-kpropd-dbgsym_1.20.1-2+deb12u4_amd64.deb 7f83de98c6d7fc162f041700500fde94d2c21298 31852 krb5-kpropd_1.20.1-2+deb12u4_amd64.deb df7841811ea1ad6112e6470231e4484d7f5b3437 125620 krb5-multidev_1.20.1-2+deb12u4_amd64.deb ea3d82be6593e01547d6add37bcb762961a3c26b 29304 krb5-otp-dbgsym_1.20.1-2+deb12u4_amd64.deb 3dd2c39ff271b50af1d2d3e9a1af2de2d528ed05 22116 krb5-otp_1.20.1-2+deb12u4_amd64.deb 96b828388da6cef384187ebefdd185044c629771 156500 krb5-pkinit-dbgsym_1.20.1-2+deb12u4_amd64.deb 66b59c2762ae145f3d0e3f4edd0938b4dae07147 57840 krb5-pkinit_1.20.1-2+deb12u4_amd64.deb 62408774a62c2f2e8728147eccc06a867e230997 202160 krb5-user-dbgsym_1.20.1-2+deb12u4_amd64.deb 1c4bc13d958837e222f48017b90f2df7b3e93d67 119392 krb5-user_1.20.1-2+deb12u4_amd64.deb 094cbae3ba02eabb52e23b5f93c358b08220416c 16009 krb5_1.20.1-2+deb12u4_amd64-buildd.buildinfo 1328899c0e5accdae2d2dcfbf6589ec66434159e 135032 libgssapi-krb5-2_1.20.1-2+deb12u4_amd64.deb 5007ab6f1d23d59240a8359c1023d84224f3b1d0 58736 libgssrpc4_1.20.1-2+deb12u4_amd64.deb 092cb2c6216b2205949f4dea4189155273532348 79808 libk5crypto3_1.20.1-2+deb12u4_amd64.deb cb11c952cfc8e4753136701ee01e2486c4bbf536 41616 libkadm5clnt-mit12_1.20.1-2+deb12u4_amd64.deb 977c096ce97d8a456c30fe35d73717c6651e8c79 53396 libkadm5srv-mit12_1.20.1-2+deb12u4_amd64.deb 93af96ab592f240447d81befa2f080e527465c61 41280 libkdb5-10_1.20.1-2+deb12u4_amd64.deb 962af1b21c3d2cbf1f9f6f1ebfbc30ddd5688c10 15888 libkrad-dev_1.20.1-2+deb12u4_amd64.deb 3b5caa571da81dcda4457bf74a046875b1101c97 24844 libkrad0_1.20.1-2+deb12u4_amd64.deb ed7b29df58a35ec53cd4d1a45a12e8fc662f690e 333928 libkrb5-3_1.20.1-2+deb12u4_amd64.deb c06d5e517e7aff5989574d87b78a98a35c5afb92 2181648 libkrb5-dbg_1.20.1-2+deb12u4_amd64.deb 97febd1ab41c964c51520ca267adeea241e4d60c 15408 libkrb5-dev_1.20.1-2+deb12u4_amd64.deb 61847110aa68b3b86456006981b73cfbd1549d1b 33204 libkrb5support0_1.20.1-2+deb12u4_amd64.deb Checksums-Sha256: 789ccbf90ac783691554d0071b21eca44458c71a09380e7fffd93ed18ab29775 212904 krb5-admin-server-dbgsym_1.20.1-2+deb12u4_amd64.deb 99488a1fd7862a95831bd943b8baf7f8f1d7b4c5f687043798a0a0126c3209fe 94192 krb5-admin-server_1.20.1-2+deb12u4_amd64.deb 85dd1a04c3fc81b1b36b5003685c338529cee93c837213067898bb83c3036743 39528 krb5-gss-samples-dbgsym_1.20.1-2+deb12u4_amd64.deb 525f3bc70dc03aeeee62e5a0f7ef014df88f823341f8216b480951e13016fbe0 28848 krb5-gss-samples_1.20.1-2+deb12u4_amd64.deb cd0bba4b38ddaddcdbd62d6f6c259fee28f59e3ed63304246cea495eec9931fc 19764 krb5-k5tls-dbgsym_1.20.1-2+deb12u4_amd64.deb 4a211380267ff401a9901a3f623812543816449c97764ab824037f99fedd0949 19572 krb5-k5tls_1.20.1-2+deb12u4_amd64.deb 3e720aa961669618f8f7cce1753c4037f241ade911dcea028d5693127bfd7413 456440 krb5-kdc-dbgsym_1.20.1-2+deb12u4_amd64.deb 193eac428adba31cfb3d4582121991f2f14bbe777b798731e3c2273b45de4cc9 193088 krb5-kdc-ldap-dbgsym_1.20.1-2+deb12u4_amd64.deb e152d32be6c3dc2bcaec042ec91e8ac6b6a77ed2d80facb105932a7863e1a0a5 88016 krb5-kdc-ldap_1.20.1-2+deb12u4_amd64.deb edd8d3ccab8f507f48e23cdf45873761fafc398be221c968cc3a81a582607035 181736 krb5-kdc_1.20.1-2+deb12u4_amd64.deb 3b3784debbefab57ffe1d7a821a58acae9ca4ce31862ed588a770b5b3e5d1172 43528 krb5-kpropd-dbgsym_1.20.1-2+deb12u4_amd64.deb 970f38404bc607b87b10ccef70684ffffe5fb4106c065dc8b2aec671babcb0cc 31852 krb5-kpropd_1.20.1-2+deb12u4_amd64.deb 541a7068f05208df88a4b4245dda1880a97c56e941a20a11fc770c5ab0398917 125620 krb5-multidev_1.20.1-2+deb12u4_amd64.deb 4068efc2765100c6ff7dc1eac09ade4bf5a08ec1ed1e028e6bd0017bb1cce1fc 29304 krb5-otp-dbgsym_1.20.1-2+deb12u4_amd64.deb 491b7bff771a03e143c08f4cdd50246d8b347733b0293bbb2e055ae65c142f48 22116 krb5-otp_1.20.1-2+deb12u4_amd64.deb 003c5f56cadfe43f6702f190ae28386e7cfa5b0894827ee23f1aadce34ed4afc 156500 krb5-pkinit-dbgsym_1.20.1-2+deb12u4_amd64.deb a3c2f8b3ce73279390d02b2d1f7695e8f8973251f01fa3944a44090755f6cdae 57840 krb5-pkinit_1.20.1-2+deb12u4_amd64.deb e62b1abcb1b82dceb24fc3de6fe5da57b1c0c024f3c4b9c5d834225d3deef62b 202160 krb5-user-dbgsym_1.20.1-2+deb12u4_amd64.deb 9a6ab85a54efbf2ce15b69dee66221d9bc49a94cda31f036ab1628df77fd93f2 119392 krb5-user_1.20.1-2+deb12u4_amd64.deb 33c7dd950f9bf183c610772032bd6c8d8bbb1d4156c8e64f946fc43ef3513e33 16009 krb5_1.20.1-2+deb12u4_amd64-buildd.buildinfo ae20a9d90d0998ccb062a42739c8c5c725579e2d3f44fbd16b026e336b4543bb 135032 libgssapi-krb5-2_1.20.1-2+deb12u4_amd64.deb 1e3e133136425d360cf84ea2db9bec12e0819b57e4f4b7574805558088d8d3b0 58736 libgssrpc4_1.20.1-2+deb12u4_amd64.deb b921355ee030582117aadd95a9f08de341867921a277803ae7e520be2ac9786d 79808 libk5crypto3_1.20.1-2+deb12u4_amd64.deb db83340fcefb7a214342e242aa6fe46680a800ba5604436c30f4f94b64a6646d 41616 libkadm5clnt-mit12_1.20.1-2+deb12u4_amd64.deb f2dc6c98ad0fe5ba7c692ae775f9fc61031dd79c31dff049c0e6e6e7a36d74d1 53396 libkadm5srv-mit12_1.20.1-2+deb12u4_amd64.deb 1e6adb168aa3866cf0d880805aab8398648a58755a62266c5fb8f9b2a09aab2e 41280 libkdb5-10_1.20.1-2+deb12u4_amd64.deb e4fe4cd44681cc9794a7352e6b2fab30ef466d063c54f0f69b732ce8ed85bf67 15888 libkrad-dev_1.20.1-2+deb12u4_amd64.deb b8339a631a1600911190fafbc24db73afa37ed39c9c6da759062327ebd28f4ef 24844 libkrad0_1.20.1-2+deb12u4_amd64.deb af14ab652a7e8579c67c846dd95b987a4332c05165c8eec9790028f5aea6c2b0 333928 libkrb5-3_1.20.1-2+deb12u4_amd64.deb f0bc8fa47fff26bb2a260d3cc052cd1e4cd0e8d49745bdccab1d4b566468e188 2181648 libkrb5-dbg_1.20.1-2+deb12u4_amd64.deb bddcdc494477ce62ce1e007e29769b0ecc634376c6c0c107bb3966c51fdc2e4c 15408 libkrb5-dev_1.20.1-2+deb12u4_amd64.deb 5e7fac690530a3e16c0a6707d8262d869c23248eac72daee3eb7c40982c3ddfe 33204 libkrb5support0_1.20.1-2+deb12u4_amd64.deb Files: 4d5e5c30b1e087a0812a92dce1357a30 212904 debug optional krb5-admin-server-dbgsym_1.20.1-2+deb12u4_amd64.deb bc985019dbbd2bea50872c56c3ace317 94192 net optional krb5-admin-server_1.20.1-2+deb12u4_amd64.deb acca0f881fe2c078ecbfc326d081de41 39528 debug optional krb5-gss-samples-dbgsym_1.20.1-2+deb12u4_amd64.deb cc7d82503dd2563f2b0990d68314770b 28848 net optional krb5-gss-samples_1.20.1-2+deb12u4_amd64.deb afaf153ee2daff3a3c12136b5cee5473 19764 debug optional krb5-k5tls-dbgsym_1.20.1-2+deb12u4_amd64.deb daa0317f1f1fc60377ab82904bba1168 19572 net optional krb5-k5tls_1.20.1-2+deb12u4_amd64.deb 1b3251d0cb61bb026ce77e75b8ae6b7b 456440 debug optional krb5-kdc-dbgsym_1.20.1-2+deb12u4_amd64.deb 9a8aba387ac4f4eb27d8379a74cde901 193088 debug optional krb5-kdc-ldap-dbgsym_1.20.1-2+deb12u4_amd64.deb c07045a1ae9df16e023b615d5a129bce 88016 net optional krb5-kdc-ldap_1.20.1-2+deb12u4_amd64.deb 6d635bda7d1c0a5e3dae346642a17e81 181736 net optional krb5-kdc_1.20.1-2+deb12u4_amd64.deb 5adaa3805059e5790fa83a6faa663142 43528 debug optional krb5-kpropd-dbgsym_1.20.1-2+deb12u4_amd64.deb 6713ae6f2d0fe99f54056a397308dd26 31852 net optional krb5-kpropd_1.20.1-2+deb12u4_amd64.deb 01e8bbd9a96bf0f4c0de9664c601f134 125620 libdevel optional krb5-multidev_1.20.1-2+deb12u4_amd64.deb e47bf00e65f251f325512d1502ff99a0 29304 debug optional krb5-otp-dbgsym_1.20.1-2+deb12u4_amd64.deb bea543459f2989b253b1027561bdacab 22116 net optional krb5-otp_1.20.1-2+deb12u4_amd64.deb a07170ead8c5aa11d795d809dba0f8fb 156500 debug optional krb5-pkinit-dbgsym_1.20.1-2+deb12u4_amd64.deb 23f66b95dc596d290822afcb5b8e1a2f 57840 net optional krb5-pkinit_1.20.1-2+deb12u4_amd64.deb 9551f8e44f3590d0b646904ead4df535 202160 debug optional krb5-user-dbgsym_1.20.1-2+deb12u4_amd64.deb df20a4109a73837c65da4d5182dfd81e 119392 net optional krb5-user_1.20.1-2+deb12u4_amd64.deb f2f6ab2d8d6eb86974bb8daa50711776 16009 net optional krb5_1.20.1-2+deb12u4_amd64-buildd.buildinfo 373ed83bf76f3ee1b7ac21f836409005 135032 libs optional libgssapi-krb5-2_1.20.1-2+deb12u4_amd64.deb b58b7ce2d4a6d0975556805d65cf6467 58736 libs optional libgssrpc4_1.20.1-2+deb12u4_amd64.deb 031d19c6f813176850149b10bc6e233e 79808 libs optional libk5crypto3_1.20.1-2+deb12u4_amd64.deb 9405c3da8da7f634ab7e7095ad80ee40 41616 libs optional libkadm5clnt-mit12_1.20.1-2+deb12u4_amd64.deb 7da33d3d95927ffd1edb2ee40d8cd7ca 53396 libs optional libkadm5srv-mit12_1.20.1-2+deb12u4_amd64.deb 627daa792e0cae529f78bc47ad1de70a 41280 libs optional libkdb5-10_1.20.1-2+deb12u4_amd64.deb 3f0b774c5178f0a367fb24e8e605f5be 15888 libdevel optional libkrad-dev_1.20.1-2+deb12u4_amd64.deb f8e0035aa34732a1be064d75cc14f318 24844 libs optional libkrad0_1.20.1-2+deb12u4_amd64.deb 366f752c020f6a01d0677e3ef292e86b 333928 libs optional libkrb5-3_1.20.1-2+deb12u4_amd64.deb debab3b1d888fc03c6c032c0402967a8 2181648 debug optional libkrb5-dbg_1.20.1-2+deb12u4_amd64.deb c2bfc57a22f9575830994cbe8ce60011 15408 libdevel optional libkrb5-dev_1.20.1-2+deb12u4_amd64.deb 105a9f51f7522fb25077055fe64a2322 33204 libs optional libkrb5support0_1.20.1-2+deb12u4_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEaPzFtKPtF0JrKPV5iZlfn74WV6kFAmg7eFYACgkQiZlfn74W V6nKmRAAsOmA7/HhNpCIm6ozjOf7Hg2/PgvzUI+fQQ+0LGbaMREdqGLl52NwPwdQ qrLo2fRzxH0qePuN7+isGV2lS1JOS8hcZwZ6UFeImrBNZSQa0F3jHzfm2OgmXW40 1Li2BCdAaBVO4V5x3BNnUIl3rpUZ2uNALdhFgdmO7Z1/MXSiPd8KtTcqCN9fplx+ d79Y7qA4kRI54B8ulyvMa2z98igqL0+pvp73IcB9S+I2zXWYp6ebzUXw7oo4RhuK 6YvZIFcFTkOEMQiYJYLqgnrYCKcJfOoYmGzY2h8HYWO6oIGxrTyhAAi4zs2mBnO4 s46TlxceG09FgPa+7Mr86xqRQNIysyprmAWT0ZRLR9TXofQkuVtnGSefGkmBXASH 3QspaEthFzC0cFFk8M1khtCNshkSSYWyLFgtfraWCkSl+lhzugZkmxkieVW5l9g+ Ud5uTWc9ie98byn9+F97LcXiTwq3HptF4oFy0UKtOrjYZkfLRZZEXWo8JFXbliSO 0w+ar7VBw0+e7NXkCghvJ2/snU0/Mv3T+3Apy0kCbiUMe0VQI6EsXS3+0nNikr/C 9GupxKgfkSNoQL8h9LzR8tHr8Y44tyYbre7+QFmz0VWsCVAP8YzIz4HO/HVc5d9/ L1QMkexuibUodCNJehEzy7Zj8tCa9QkSVay5R4o3IkzB4Ytd57g= =kJdZ -----END PGP SIGNATURE-----