-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 07 May 2025 19:06:22 +0200 Source: krb5 Binary: krb5-admin-server krb5-admin-server-dbgsym krb5-gss-samples krb5-gss-samples-dbgsym krb5-k5tls krb5-k5tls-dbgsym krb5-kdc krb5-kdc-dbgsym krb5-kdc-ldap krb5-kdc-ldap-dbgsym krb5-kpropd krb5-kpropd-dbgsym krb5-multidev krb5-otp krb5-otp-dbgsym krb5-pkinit krb5-pkinit-dbgsym krb5-user krb5-user-dbgsym libgssapi-krb5-2 libgssrpc4 libk5crypto3 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 libkrad-dev libkrad0 libkrb5-3 libkrb5-dbg libkrb5-dev libkrb5support0 Architecture: i386 Version: 1.20.1-2+deb12u4 Distribution: bookworm Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) Changed-By: Bastien Roucariès Description: krb5-admin-server - MIT Kerberos master server (kadmind) krb5-gss-samples - MIT Kerberos GSS Sample applications krb5-k5tls - TLS plugin for MIT Kerberos krb5-kdc - MIT Kerberos key server (KDC) krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin krb5-kpropd - MIT Kerberos key server (Slave KDC Support) krb5-multidev - development files for MIT Kerberos without Heimdal conflict krb5-otp - OTP plugin for MIT Kerberos krb5-pkinit - PKINIT plugin for MIT Kerberos krb5-user - basic programs to authenticate using MIT Kerberos libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library libkadm5clnt-mit12 - MIT Kerberos runtime libraries - Administration Clients libkadm5srv-mit12 - MIT Kerberos runtime libraries - KDC and Admin Server libkdb5-10 - MIT Kerberos runtime libraries - Kerberos database libkrad-dev - MIT Kerberos RADIUS Library Development libkrad0 - MIT Kerberos runtime libraries - RADIUS library libkrb5-3 - MIT Kerberos runtime libraries libkrb5-dbg - debugging files for MIT Kerberos libkrb5-dev - headers and development libraries for MIT Kerberos libkrb5support0 - MIT Kerberos runtime libraries - Support library Closes: 1103525 Changes: krb5 (1.20.1-2+deb12u4) bookworm; urgency=medium . * Non Maintainer upload by LTS team * Fix CVE-2025-3576. Closes: #1103525 A Vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. * Tickets will not be issued with RC4 or triple-DES session keys unless explicitly configured with the new allow_rc4 or allow_des3 variables respectively. * In KDC, assume all services support aes256-sha1 To facilitate negotiating session keys with acceptable security, assume that services support aes256-cts-hmac-sha1 unless a session_enctypes string attribute says otherwise. Checksums-Sha1: f2628cdd59a37d18169f64e70a140693d6625044 187840 krb5-admin-server-dbgsym_1.20.1-2+deb12u4_i386.deb 1c6cea0075e0d54ed1639d83e0518e4e74110c60 97152 krb5-admin-server_1.20.1-2+deb12u4_i386.deb 7d77b014d1047225d01fdbac6cf8aba5c9905820 36432 krb5-gss-samples-dbgsym_1.20.1-2+deb12u4_i386.deb 20c30fb2cc321503c31e9b52be5af46a315ce5f3 29204 krb5-gss-samples_1.20.1-2+deb12u4_i386.deb 803bfab4703d78e1c692c7b0b5e10dd1924df80c 18812 krb5-k5tls-dbgsym_1.20.1-2+deb12u4_i386.deb 4e809f965ea5b80183efa18cf36507122f09315c 20088 krb5-k5tls_1.20.1-2+deb12u4_i386.deb c2e0b1d9072dbc8405e21d8116e2e286f22ffc94 402828 krb5-kdc-dbgsym_1.20.1-2+deb12u4_i386.deb 7171640ed9c983b7ae6663ae555a3c4990defe40 171624 krb5-kdc-ldap-dbgsym_1.20.1-2+deb12u4_i386.deb 7949dec3c8316fc4b227fa89108138e2cf6656d7 93364 krb5-kdc-ldap_1.20.1-2+deb12u4_i386.deb 44737e838564e74b3d2337062a16a8b12efa8ea6 192128 krb5-kdc_1.20.1-2+deb12u4_i386.deb 0b24d31ffc0554d32b2a72632f0a8f89bdf693de 41692 krb5-kpropd-dbgsym_1.20.1-2+deb12u4_i386.deb 7f735e6709a3947386dd10e4d86208ef6e7add9e 32524 krb5-kpropd_1.20.1-2+deb12u4_i386.deb 3954744f71a72ea063578c2cd940ed1fc708ba85 125604 krb5-multidev_1.20.1-2+deb12u4_i386.deb 311c09a10ba803d78f470c1ef6d18d50969e0c9e 27368 krb5-otp-dbgsym_1.20.1-2+deb12u4_i386.deb c2a6314517e9e5e2e35b1d4d0c1ffd20b111a4e2 22932 krb5-otp_1.20.1-2+deb12u4_i386.deb cab8f7b5198d68ba955a7ab46f53867892689c28 136384 krb5-pkinit-dbgsym_1.20.1-2+deb12u4_i386.deb 4f3d672eb6f150dfd155a2956a8ea083e1ef9746 62744 krb5-pkinit_1.20.1-2+deb12u4_i386.deb 6c83655d6321a89a395ffe8d2fac21c8004af025 179100 krb5-user-dbgsym_1.20.1-2+deb12u4_i386.deb af6b823988b0e6ecd6216412602e502073746445 121364 krb5-user_1.20.1-2+deb12u4_i386.deb 517fe793cca05cccb30c4386b9589918afed51aa 15846 krb5_1.20.1-2+deb12u4_i386-buildd.buildinfo 2e5e4a74157b72217c469bf4be9ec54eb09c1129 144840 libgssapi-krb5-2_1.20.1-2+deb12u4_i386.deb ef6106af9f788b08db2e081d9411f4c7be44d138 62632 libgssrpc4_1.20.1-2+deb12u4_i386.deb 587e0072d9891415bda0a49df75e62c5650e68c5 83172 libk5crypto3_1.20.1-2+deb12u4_i386.deb 759b65d19bece014d244c5b2db84036c57791071 43176 libkadm5clnt-mit12_1.20.1-2+deb12u4_i386.deb c4d2a2503d1041a9e90f458dc918b1ea1b373270 56748 libkadm5srv-mit12_1.20.1-2+deb12u4_i386.deb 59e36c581cfcd5687dc906c42d388608054863ae 44512 libkdb5-10_1.20.1-2+deb12u4_i386.deb 5cf7baa318ee4eed710e19bb8df85ef5e19edf0f 15892 libkrad-dev_1.20.1-2+deb12u4_i386.deb 990a6b710bb06ec1fa2fd8a0dd356502efd8345a 25676 libkrad0_1.20.1-2+deb12u4_i386.deb 6e51727bfae5314c2c807f733c6f429138a8b96e 360272 libkrb5-3_1.20.1-2+deb12u4_i386.deb baafa6b028acd44959e9ccc42ab90005a0cdbc70 1915668 libkrb5-dbg_1.20.1-2+deb12u4_i386.deb 3dc41be279a15a3e5db7bcffa68941f83598ab86 15400 libkrb5-dev_1.20.1-2+deb12u4_i386.deb 74a1ebf7b6d819921b1c6968cddfea1ffe5a2c96 35956 libkrb5support0_1.20.1-2+deb12u4_i386.deb Checksums-Sha256: 56a8a7663c8072747072d20e7c8dc9075f177b67a412a5288698b9778dfbeff6 187840 krb5-admin-server-dbgsym_1.20.1-2+deb12u4_i386.deb f9494446b4d1094e15621cdc78aee2dd0e8807972b74c4eafca60878b148c222 97152 krb5-admin-server_1.20.1-2+deb12u4_i386.deb da34722ef3e45474530bb42a3d169d8a7a12cfe4fe5e69db97366677d8c35c65 36432 krb5-gss-samples-dbgsym_1.20.1-2+deb12u4_i386.deb bb1eb89bb8f61a3b621ae1ae18e5b73b6bd26042d5a7accaee24b62e46d4c549 29204 krb5-gss-samples_1.20.1-2+deb12u4_i386.deb 2b7c2e3a570ad7ee980ea6421fba037bbd4d7069cad3be245113295f6b6d4c17 18812 krb5-k5tls-dbgsym_1.20.1-2+deb12u4_i386.deb 07b58a3bfdfefc2f03f96edc3a701ed52af2eaef41172a36870cf98faa56849b 20088 krb5-k5tls_1.20.1-2+deb12u4_i386.deb 2069d8a74e94a9fb6c496aa0836dec138e5ef5db24dd2a8337ef63a6f02a1d98 402828 krb5-kdc-dbgsym_1.20.1-2+deb12u4_i386.deb 1b2794ae869d67d057170fde2f7aadc6a5f0359166f5cd1bd9925e248de61366 171624 krb5-kdc-ldap-dbgsym_1.20.1-2+deb12u4_i386.deb fc3f7b22f9235cc472b983dd326a3fc7d1f34c8823375a46d3d00d26aa3e63a6 93364 krb5-kdc-ldap_1.20.1-2+deb12u4_i386.deb 83ad42454c15adcf9be8019bda4cecc13859ad3102ac1c3b8d24c1cfff7f41cb 192128 krb5-kdc_1.20.1-2+deb12u4_i386.deb b3b5d42e7bfdf579eb3436c296242eaa504446c7acb2b6442625afccaa5c8c06 41692 krb5-kpropd-dbgsym_1.20.1-2+deb12u4_i386.deb dc0f831ecee3a2c6655e10e300c99545b695254948cd68c6edbd1c329960375e 32524 krb5-kpropd_1.20.1-2+deb12u4_i386.deb 6a13d8c0d1a28b621397c662418856b1381eadd4299b02f1adb913e17d358426 125604 krb5-multidev_1.20.1-2+deb12u4_i386.deb 6bc0a6f53b3806b1a026d8f6d7e5a22dcd7beb20843769935e2136a25e23c949 27368 krb5-otp-dbgsym_1.20.1-2+deb12u4_i386.deb 800e0887fd70e23e62ab4761c07ff3b91323f219d781f4efe267c1bd7ff74c57 22932 krb5-otp_1.20.1-2+deb12u4_i386.deb 615a9be411d6a5d331425430064a5822548820a46fb576770274fcbfa4c4cae0 136384 krb5-pkinit-dbgsym_1.20.1-2+deb12u4_i386.deb eef6308c0da6381ebf309410ce76933923ca5f2993a612f16b616f158c1e02ad 62744 krb5-pkinit_1.20.1-2+deb12u4_i386.deb ad79426b00e422b67c2eaac0a5dd2407a25c9b44b1377648dd3f5375831f5da5 179100 krb5-user-dbgsym_1.20.1-2+deb12u4_i386.deb 179779021df97bbedd5ac1e46aaa94099efb7641ddc9f061d60381aa078406eb 121364 krb5-user_1.20.1-2+deb12u4_i386.deb 2be186cd4d0888f74ef2f32de966233e934c0553f790723cdeb33397ab8e3fa1 15846 krb5_1.20.1-2+deb12u4_i386-buildd.buildinfo 7028a638e3e8059ade003831989a3060ada7a1364465ea2cd1980ea3b0ffb4d1 144840 libgssapi-krb5-2_1.20.1-2+deb12u4_i386.deb c2a5b5cd2ac7c28505418482b7e6514a75d3eb7af8395034ca394c418c02f0b1 62632 libgssrpc4_1.20.1-2+deb12u4_i386.deb d35f33ab1b80882779b65e5fc6993c28a9bb5d1f42b089cf6017f85944ac3e69 83172 libk5crypto3_1.20.1-2+deb12u4_i386.deb e63db96e39a3a3074b6c93c2751f3f04bc439a279d0a5ae5def4db8b3e98fef9 43176 libkadm5clnt-mit12_1.20.1-2+deb12u4_i386.deb c0f3b8228cb6823a0ab0cc9ebbd2444a542269f8d489dc5e7248dfec8a80e7be 56748 libkadm5srv-mit12_1.20.1-2+deb12u4_i386.deb 0f2fe7497c40cc30ecbf7ed939e480a2f00f3f57ea5b8c2eb939b6e5eb5f6e40 44512 libkdb5-10_1.20.1-2+deb12u4_i386.deb 38f1bfc2ebafc3e1cddd01ef876023f9f603d8215dc84bec610abf0b7d5fe79b 15892 libkrad-dev_1.20.1-2+deb12u4_i386.deb 0c610102cc2d0f2dafa4edb78502f81a9acd5295cc8556351592e2328e6da8ca 25676 libkrad0_1.20.1-2+deb12u4_i386.deb a4c8e309f5aa27c85cbcc4de9f36cb6510989765b82d71d0a508351dabcb97c2 360272 libkrb5-3_1.20.1-2+deb12u4_i386.deb c23342513b73cc09d4bbecba10e522f7de93ea581f2524ede3e575242c7a8a9e 1915668 libkrb5-dbg_1.20.1-2+deb12u4_i386.deb 3609f0cf0677b868e89bbbb46c7549e106b7657cbc4bc719c1532b78d9bda706 15400 libkrb5-dev_1.20.1-2+deb12u4_i386.deb b34a2bc77b9c4bfe400ebc1bc134d9aabcbf726ea1dc07e957a1ef6c1bc5fffe 35956 libkrb5support0_1.20.1-2+deb12u4_i386.deb Files: a8ad9fffb0e1fa36b8b978066ae6d15f 187840 debug optional krb5-admin-server-dbgsym_1.20.1-2+deb12u4_i386.deb 7804b46dcfd8f3b5f96a3af23b4233ea 97152 net optional krb5-admin-server_1.20.1-2+deb12u4_i386.deb ef7702a1c7fbca9a38bcd5b54bee78b9 36432 debug optional krb5-gss-samples-dbgsym_1.20.1-2+deb12u4_i386.deb a3ba5b80e4c835637533d4e8c21d00cf 29204 net optional krb5-gss-samples_1.20.1-2+deb12u4_i386.deb 92921c99030429eda6ba305709ca3961 18812 debug optional krb5-k5tls-dbgsym_1.20.1-2+deb12u4_i386.deb 80ee398238481f603429e6cb9039b828 20088 net optional krb5-k5tls_1.20.1-2+deb12u4_i386.deb 393f43823dab1dccf4a5c5b198358522 402828 debug optional krb5-kdc-dbgsym_1.20.1-2+deb12u4_i386.deb d58695c1ba592511a642ee2a3c442377 171624 debug optional krb5-kdc-ldap-dbgsym_1.20.1-2+deb12u4_i386.deb bb51f5e4a7abfd4032257b931d650941 93364 net optional krb5-kdc-ldap_1.20.1-2+deb12u4_i386.deb 342112628816b741ec63a8e45afec6a9 192128 net optional krb5-kdc_1.20.1-2+deb12u4_i386.deb 311a9013a83ff51737cc68e6a8b8f1b8 41692 debug optional krb5-kpropd-dbgsym_1.20.1-2+deb12u4_i386.deb 3c10b81a8871e0b2b26d9cda1fd06bf0 32524 net optional krb5-kpropd_1.20.1-2+deb12u4_i386.deb cb2241ac204e100d0640869d25d0d940 125604 libdevel optional krb5-multidev_1.20.1-2+deb12u4_i386.deb 05101cfecaf4644f3f03e18146c1a074 27368 debug optional krb5-otp-dbgsym_1.20.1-2+deb12u4_i386.deb 291cc99f2dc2d9eae9746c258725ff21 22932 net optional krb5-otp_1.20.1-2+deb12u4_i386.deb 431eb8b31526f2bd0faa8db3b5cd8f2c 136384 debug optional krb5-pkinit-dbgsym_1.20.1-2+deb12u4_i386.deb af533ea16b5db528a0292ab3ee198608 62744 net optional krb5-pkinit_1.20.1-2+deb12u4_i386.deb f67f1478fc72a264f310c898f7440686 179100 debug optional krb5-user-dbgsym_1.20.1-2+deb12u4_i386.deb d388e7b09fb544c0288b9a5fb2cf192e 121364 net optional krb5-user_1.20.1-2+deb12u4_i386.deb bc32daab2d0dfa1854ebc42367726473 15846 net optional krb5_1.20.1-2+deb12u4_i386-buildd.buildinfo 53044cc5e056ed961404bcb6453cc9a8 144840 libs optional libgssapi-krb5-2_1.20.1-2+deb12u4_i386.deb 47c8ba15d53e2d76bd1281e8d1e0c21e 62632 libs optional libgssrpc4_1.20.1-2+deb12u4_i386.deb 3e2c8d45533b5c524c60be1bb3ddf39f 83172 libs optional libk5crypto3_1.20.1-2+deb12u4_i386.deb e4da224f7800b0ad03c32ec989b87ebf 43176 libs optional libkadm5clnt-mit12_1.20.1-2+deb12u4_i386.deb e4a07f0c526cf8f25d2a34f88ac86a36 56748 libs optional libkadm5srv-mit12_1.20.1-2+deb12u4_i386.deb 6a2be9f221ceb7cd49aa3ce920f9c29a 44512 libs optional libkdb5-10_1.20.1-2+deb12u4_i386.deb 35dc6e5fcaa08b06fb7c78b60a7dd0ab 15892 libdevel optional libkrad-dev_1.20.1-2+deb12u4_i386.deb db37b5fe41e357c60815dccdab65a3db 25676 libs optional libkrad0_1.20.1-2+deb12u4_i386.deb f61464b81e672a2d8df49adccdf5c997 360272 libs optional libkrb5-3_1.20.1-2+deb12u4_i386.deb 302e786d72ca30fed40cad22c2e506bb 1915668 debug optional libkrb5-dbg_1.20.1-2+deb12u4_i386.deb 80076d024cc377df00468225ae8c2058 15400 libdevel optional libkrb5-dev_1.20.1-2+deb12u4_i386.deb 30d20c65ad2320e55fd26939fa97f9bd 35956 libs optional libkrb5support0_1.20.1-2+deb12u4_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEc5vuvf2HND40bnI+8IREj/cRiTMFAmg7eDgACgkQ8IREj/cR iTP03xAAsSDFnGllW+GayG2RKRpId8+Wm89D3XRDpuYCro0HH5Wlgy2kUjXWGv7L ZPx1HKoL6LfzA/kKvxIZO1Ae/Okls1G0KTtQ636FI5ku0YPy8MX5Qxj88EsJORY/ Shz2OkYTBjAm4D2DpF3ppPMNBiFVi2erUJFO8PFJHaVNcXQKCp9W9z65JKmUKkBu ee2i0AoRgxARZaXyGFI0YN7qaz48CmlNwo3cyLFVHSePMXqOJePzjgxCc12G3jwh GH9JJcBOqscq9J3Xu+OzpK5uTVnBzkJiowEAvGbHrxbt8OfufFC20zoecU7e2vYM WWq60DQ6qpATP+m+ZFFI9xCkqSmHe2CnrAWDHoCK59ImY9Bst0B6TnXQFpW+XhF+ 5+oiM+ie38zyPqvzDyLSw9Ei0ugLJJMt2CNfq+DRoUPgyOunn8TbxDY2x/B/QyVL dV2TmZys2xJN3a9estUn5B3hMvX7NTHP40vfgIAvStIzj8ZJPLVL3mBoU8TqVNz9 1hOSZmJE6O5fmxh9OahBC2JOLSA2DlBI7FVCEv0Caq5/RGvOS6B8MLBVnY30c3pj H9KSnzotuG68aRn2dJX/Y4K8B4jW0IXtfHceS9suQbCpDlOUJcyDoUaxnLnDpXz5 P8VKWh1TGxthIr6OwwoSSdKAuh9F316juHAOtpF/Lc65KcP6VIk= =BKl1 -----END PGP SIGNATURE-----