-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 07 May 2025 19:06:22 +0200 Source: krb5 Binary: krb5-admin-server krb5-admin-server-dbgsym krb5-gss-samples krb5-gss-samples-dbgsym krb5-k5tls krb5-k5tls-dbgsym krb5-kdc krb5-kdc-dbgsym krb5-kdc-ldap krb5-kdc-ldap-dbgsym krb5-kpropd krb5-kpropd-dbgsym krb5-multidev krb5-otp krb5-otp-dbgsym krb5-pkinit krb5-pkinit-dbgsym krb5-user krb5-user-dbgsym libgssapi-krb5-2 libgssrpc4 libk5crypto3 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 libkrad-dev libkrad0 libkrb5-3 libkrb5-dbg libkrb5-dev libkrb5support0 Architecture: ppc64el Version: 1.20.1-2+deb12u4 Distribution: bookworm Urgency: medium Maintainer: ppc64el Build Daemon (ppc64el-osuosl-02) Changed-By: Bastien Roucariès Description: krb5-admin-server - MIT Kerberos master server (kadmind) krb5-gss-samples - MIT Kerberos GSS Sample applications krb5-k5tls - TLS plugin for MIT Kerberos krb5-kdc - MIT Kerberos key server (KDC) krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin krb5-kpropd - MIT Kerberos key server (Slave KDC Support) krb5-multidev - development files for MIT Kerberos without Heimdal conflict krb5-otp - OTP plugin for MIT Kerberos krb5-pkinit - PKINIT plugin for MIT Kerberos krb5-user - basic programs to authenticate using MIT Kerberos libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library libkadm5clnt-mit12 - MIT Kerberos runtime libraries - Administration Clients libkadm5srv-mit12 - MIT Kerberos runtime libraries - KDC and Admin Server libkdb5-10 - MIT Kerberos runtime libraries - Kerberos database libkrad-dev - MIT Kerberos RADIUS Library Development libkrad0 - MIT Kerberos runtime libraries - RADIUS library libkrb5-3 - MIT Kerberos runtime libraries libkrb5-dbg - debugging files for MIT Kerberos libkrb5-dev - headers and development libraries for MIT Kerberos libkrb5support0 - MIT Kerberos runtime libraries - Support library Closes: 1103525 Changes: krb5 (1.20.1-2+deb12u4) bookworm; urgency=medium . * Non Maintainer upload by LTS team * Fix CVE-2025-3576. Closes: #1103525 A Vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. * Tickets will not be issued with RC4 or triple-DES session keys unless explicitly configured with the new allow_rc4 or allow_des3 variables respectively. * In KDC, assume all services support aes256-sha1 To facilitate negotiating session keys with acceptable security, assume that services support aes256-cts-hmac-sha1 unless a session_enctypes string attribute says otherwise. Checksums-Sha1: 7f6cc4ab4c0decf4e155035ff6be1c93ac978c95 213276 krb5-admin-server-dbgsym_1.20.1-2+deb12u4_ppc64el.deb 6a8f4555fda1b1280dfe731b1898685537757930 98968 krb5-admin-server_1.20.1-2+deb12u4_ppc64el.deb 67333bb5112f2df863eb88290ee377d98c9e248d 38064 krb5-gss-samples-dbgsym_1.20.1-2+deb12u4_ppc64el.deb 3df206bc133843f3cfbb8862e3e71abc0a72ca0b 30188 krb5-gss-samples_1.20.1-2+deb12u4_ppc64el.deb b43e102329488543fd04570397c9e33f5f11fdbf 20880 krb5-k5tls-dbgsym_1.20.1-2+deb12u4_ppc64el.deb 9ff83aec832fe437247603582a5a17b74d66d027 20508 krb5-k5tls_1.20.1-2+deb12u4_ppc64el.deb a1dcdaf069abd8906a91fd958d9e8dbf81f33191 463128 krb5-kdc-dbgsym_1.20.1-2+deb12u4_ppc64el.deb 00f7cac55bec750f7d0ee79ee9c653228ba73c14 193452 krb5-kdc-ldap-dbgsym_1.20.1-2+deb12u4_ppc64el.deb b4f34b9392e9b56fbd3ec479ccaf3eba147eea07 99604 krb5-kdc-ldap_1.20.1-2+deb12u4_ppc64el.deb f57bd46d016fcf3be25edda6b6bf62fc88c289c7 197104 krb5-kdc_1.20.1-2+deb12u4_ppc64el.deb 91c8ae0168e02f68ecbb09a00f8d37aea585242f 44936 krb5-kpropd-dbgsym_1.20.1-2+deb12u4_ppc64el.deb d320ee182340070e1755eb1c966875003e5a70aa 32296 krb5-kpropd_1.20.1-2+deb12u4_ppc64el.deb 2d24aa5b29787cb79a50dd5604b279b4e4d81802 125628 krb5-multidev_1.20.1-2+deb12u4_ppc64el.deb 1dc79ec5896a0b7d180411a3445901f80ba54638 29772 krb5-otp-dbgsym_1.20.1-2+deb12u4_ppc64el.deb 8ddb6d46d635e81f5c8e6c04de17afe9365911a0 23156 krb5-otp_1.20.1-2+deb12u4_ppc64el.deb ec7d377d7c7aec8722dfed7bb229293406c445f1 161024 krb5-pkinit-dbgsym_1.20.1-2+deb12u4_ppc64el.deb 6dce4e451e04c8094997c61cf1e0c9a81d72bac2 63244 krb5-pkinit_1.20.1-2+deb12u4_ppc64el.deb 71ebea262ee01a20c5f2167e0d893a8bbc588125 204340 krb5-user-dbgsym_1.20.1-2+deb12u4_ppc64el.deb 0fe26d1239f630389128441fdd0f360310f7deb1 125924 krb5-user_1.20.1-2+deb12u4_ppc64el.deb 34b9a7e79e1277fc6eec4d824fd1aeb7707d3e8c 16195 krb5_1.20.1-2+deb12u4_ppc64el-buildd.buildinfo ff65b184f3389d5fa22c6fa4d4c66fe4baee610f 149808 libgssapi-krb5-2_1.20.1-2+deb12u4_ppc64el.deb 28e3329e65dfeeb1cae24ef813d53129fe51e443 63876 libgssrpc4_1.20.1-2+deb12u4_ppc64el.deb 6485cceab3f45ddf2936dddc12243286bb4689a8 90428 libk5crypto3_1.20.1-2+deb12u4_ppc64el.deb 611d5819cd81c057455e499b8e56d3e880fc6776 43512 libkadm5clnt-mit12_1.20.1-2+deb12u4_ppc64el.deb 1a0457321bee938f8784b8ff2971228e88c6ec76 58636 libkadm5srv-mit12_1.20.1-2+deb12u4_ppc64el.deb 16cf6d0ad89bb1713d6b352ed6e8f0c5ac7c0163 46672 libkdb5-10_1.20.1-2+deb12u4_ppc64el.deb 0683c8f8a573b98761172b65c46e7bb402f167a2 15900 libkrad-dev_1.20.1-2+deb12u4_ppc64el.deb 6e9693903c655531daa2bbda9253aa3b16432855 26232 libkrad0_1.20.1-2+deb12u4_ppc64el.deb 85c5f34d843633499ca51a1a6ab01a5a19f67550 364592 libkrb5-3_1.20.1-2+deb12u4_ppc64el.deb 2eeb6ea10878b828c469619f88cd20a31aa06665 2208288 libkrb5-dbg_1.20.1-2+deb12u4_ppc64el.deb 78fdda49dfe6c55680cee182139552d4e389c9a7 15436 libkrb5-dev_1.20.1-2+deb12u4_ppc64el.deb ab6feeeab1863c3b1750c31615c4f5d13feebf36 36368 libkrb5support0_1.20.1-2+deb12u4_ppc64el.deb Checksums-Sha256: 10dc21a610a18ff0e1d6275dfdcd38ed318bb19603346f38f63b3345c1e9d266 213276 krb5-admin-server-dbgsym_1.20.1-2+deb12u4_ppc64el.deb 9a22b9c8c204954996fb4ec08e81e63dfbdafe44398df10df9af3814ac5af1c3 98968 krb5-admin-server_1.20.1-2+deb12u4_ppc64el.deb 6c8d67de8f7ae801f98aeea8cd7aa2380c47c70737add2749c8cdfa3ee6c0296 38064 krb5-gss-samples-dbgsym_1.20.1-2+deb12u4_ppc64el.deb 30f5b82e8934570592c31fafb9dbe1e3922bc8f8efd0a2d8bd33e922eb824b0f 30188 krb5-gss-samples_1.20.1-2+deb12u4_ppc64el.deb a038d83722252bb0f59b51b178873ed864d1ac08fd7c26686ae54b20f67fbe48 20880 krb5-k5tls-dbgsym_1.20.1-2+deb12u4_ppc64el.deb 2f4ade45d941cc80e40154e717719aef64c5e3c5db82e47d8e3147bdd1be7c46 20508 krb5-k5tls_1.20.1-2+deb12u4_ppc64el.deb dcc2b6511a2b18ae714169ddc7132cb5ef8f5c00cf4ffa3796f7c3c24969f4e9 463128 krb5-kdc-dbgsym_1.20.1-2+deb12u4_ppc64el.deb 7e0e2eac9e6e843657f083a25eae3afa63d160d6e8ca9359a2c67c02a9d2612a 193452 krb5-kdc-ldap-dbgsym_1.20.1-2+deb12u4_ppc64el.deb 50c61762cd8581187498bee01e5441cb635d580f050332aff34e1129c3517816 99604 krb5-kdc-ldap_1.20.1-2+deb12u4_ppc64el.deb dee4335515089d1afed4a8d2f1cd934049a4cf7421279a2e6e4d33299ee4309c 197104 krb5-kdc_1.20.1-2+deb12u4_ppc64el.deb 1f0438b89e847ec5728eba787d7fd9c2f4fbcc50c71629f77e140533c0be91ed 44936 krb5-kpropd-dbgsym_1.20.1-2+deb12u4_ppc64el.deb ac55ff3f52ab02f851ba51a6b266eee5739e5c539e115f8cfda90caeb567199c 32296 krb5-kpropd_1.20.1-2+deb12u4_ppc64el.deb 660e2de29296eac357647e6cbbd276026b72dff71492582ab63aa161aed722d4 125628 krb5-multidev_1.20.1-2+deb12u4_ppc64el.deb e2f16e63dc0a632036a06ec0578df5fbba3b12ee25fa1be030ecc996e6e0c352 29772 krb5-otp-dbgsym_1.20.1-2+deb12u4_ppc64el.deb f18b4be8af12224380cf214cca80877d004e54f2ede78f73a0173408205c78f4 23156 krb5-otp_1.20.1-2+deb12u4_ppc64el.deb 4b09880a2d0087b8dfc39376c04078fec5a20089e167faaadbf4f0b0e8a032b8 161024 krb5-pkinit-dbgsym_1.20.1-2+deb12u4_ppc64el.deb a2c19b493e72ac8f53512c5e97234d67c01ce05fccb1e677a687dd69a6979fec 63244 krb5-pkinit_1.20.1-2+deb12u4_ppc64el.deb 7e86cadd7167e962d1367dc41bd964a9f2e350f148b2d19440be5af8ef13cdf3 204340 krb5-user-dbgsym_1.20.1-2+deb12u4_ppc64el.deb 5e6778032e2fbff477e1e2891a9e05afe25e1879056d914326f777f97f2d965a 125924 krb5-user_1.20.1-2+deb12u4_ppc64el.deb 3b63d948c2c9d5f1e92b26ca0fe86e8f5d62e48266a14e4898e77d4767bf3c82 16195 krb5_1.20.1-2+deb12u4_ppc64el-buildd.buildinfo fd292678fe4431d531b794787092bd98d46d8209719f319bb6f5c70c0045440c 149808 libgssapi-krb5-2_1.20.1-2+deb12u4_ppc64el.deb 872d3f3fdb9453898b07e571d28f902cd37a7db120e4ea206946a4325eaf38a6 63876 libgssrpc4_1.20.1-2+deb12u4_ppc64el.deb 5b23458c6c569fd50c63de7a5d979e0c3bea082013b6c661662d8ba2b02f62f5 90428 libk5crypto3_1.20.1-2+deb12u4_ppc64el.deb 699a05a9724f5c58d98c87384bac2247966c0e47c7a4edb091bcffe5d400009b 43512 libkadm5clnt-mit12_1.20.1-2+deb12u4_ppc64el.deb 890f691ca24190b208c1c25579bbf2b066bd803ad1fa58c36228275779692eed 58636 libkadm5srv-mit12_1.20.1-2+deb12u4_ppc64el.deb 34fde2c326031cc9a8208954afb76f8dc13b47a276bbd58eca3a1ec169397497 46672 libkdb5-10_1.20.1-2+deb12u4_ppc64el.deb 0461e8ce0476a72b11ba3e018e0eb5e3ef118595b7d9d3754b69ee4dd3138674 15900 libkrad-dev_1.20.1-2+deb12u4_ppc64el.deb 21bff3bb5a76e519778dc9362588c4bd46760089257836b9577d0f312dce94c9 26232 libkrad0_1.20.1-2+deb12u4_ppc64el.deb ea694876468f84856c58cd55f80b425a965c750f012f285852ec7972d6bce160 364592 libkrb5-3_1.20.1-2+deb12u4_ppc64el.deb 55eec0590151ab4fe393b1739af1f697f6080a988dacf0040654e408789829d6 2208288 libkrb5-dbg_1.20.1-2+deb12u4_ppc64el.deb 5b745d83a5c2fca1f4aaf204f22fb35db4fdae935fd8b5e31ac879fec2c2db3b 15436 libkrb5-dev_1.20.1-2+deb12u4_ppc64el.deb de95a3eba443b754d63466b78c19ceafb5b60902a2b15935dbeaf6b3240b6c93 36368 libkrb5support0_1.20.1-2+deb12u4_ppc64el.deb Files: a5acd966f255a9b007a53e15c70248ea 213276 debug optional krb5-admin-server-dbgsym_1.20.1-2+deb12u4_ppc64el.deb 90ed46e5c37bd3c5904ffdac7ebeb234 98968 net optional krb5-admin-server_1.20.1-2+deb12u4_ppc64el.deb 582b46e7e0bc69a73c50c07e4ed0471d 38064 debug optional krb5-gss-samples-dbgsym_1.20.1-2+deb12u4_ppc64el.deb 0089d96214c60d80839d4bcbfca7bb66 30188 net optional krb5-gss-samples_1.20.1-2+deb12u4_ppc64el.deb b2c655bd51785f2bfd21c15f3935d821 20880 debug optional krb5-k5tls-dbgsym_1.20.1-2+deb12u4_ppc64el.deb 3cfdb53200d280155ecca4cb66dbf7d6 20508 net optional krb5-k5tls_1.20.1-2+deb12u4_ppc64el.deb d78a97b921beb83a49f603f90c45c7ae 463128 debug optional krb5-kdc-dbgsym_1.20.1-2+deb12u4_ppc64el.deb 1956b297ed3b047c932d7b7d6093bb6f 193452 debug optional krb5-kdc-ldap-dbgsym_1.20.1-2+deb12u4_ppc64el.deb b4d320e808921e7a3b1b9423b5bfdac7 99604 net optional krb5-kdc-ldap_1.20.1-2+deb12u4_ppc64el.deb 8fa99fea94a8c6a09426aefcc884dc4f 197104 net optional krb5-kdc_1.20.1-2+deb12u4_ppc64el.deb bd3d98c4f87e4bac661e83c31974d2ee 44936 debug optional krb5-kpropd-dbgsym_1.20.1-2+deb12u4_ppc64el.deb eff4337cdbca165943a6728fd6be58a3 32296 net optional krb5-kpropd_1.20.1-2+deb12u4_ppc64el.deb b798dfb55d3972a69470de5fed1fb68a 125628 libdevel optional krb5-multidev_1.20.1-2+deb12u4_ppc64el.deb 2322d38a3a3f2a103f575268e6f423c9 29772 debug optional krb5-otp-dbgsym_1.20.1-2+deb12u4_ppc64el.deb 29f5d7f62ff4fdfb8cb35fef4879bad4 23156 net optional krb5-otp_1.20.1-2+deb12u4_ppc64el.deb 5fc1fbfaef55b505373873b5235d2db1 161024 debug optional krb5-pkinit-dbgsym_1.20.1-2+deb12u4_ppc64el.deb 283521305f2805f252ad9a05a4949ced 63244 net optional krb5-pkinit_1.20.1-2+deb12u4_ppc64el.deb 2dc804f1ec9bd86a7fd8f8453ecbbfe7 204340 debug optional krb5-user-dbgsym_1.20.1-2+deb12u4_ppc64el.deb d967f3f1de88aaaf319759b3fee4f296 125924 net optional krb5-user_1.20.1-2+deb12u4_ppc64el.deb c5a42236f1347f2f45d2ae3f5c4765db 16195 net optional krb5_1.20.1-2+deb12u4_ppc64el-buildd.buildinfo 1a422320d30575d8756c7bb795c40a4a 149808 libs optional libgssapi-krb5-2_1.20.1-2+deb12u4_ppc64el.deb c399c6f49ab98c30838c25930b0d66e7 63876 libs optional libgssrpc4_1.20.1-2+deb12u4_ppc64el.deb 5910d5cb3e1bb9974a4a981e82a5e763 90428 libs optional libk5crypto3_1.20.1-2+deb12u4_ppc64el.deb e0d3aa4f86ddf1d2c7153f3127eadf8f 43512 libs optional libkadm5clnt-mit12_1.20.1-2+deb12u4_ppc64el.deb 8749268d8c696455a286477945c54f6d 58636 libs optional libkadm5srv-mit12_1.20.1-2+deb12u4_ppc64el.deb f071c21c833fb142f7c976fcce53dda8 46672 libs optional libkdb5-10_1.20.1-2+deb12u4_ppc64el.deb ee136fdf2ba319210036a45a7678a522 15900 libdevel optional libkrad-dev_1.20.1-2+deb12u4_ppc64el.deb 72ce696a33a46f366cdcaca017686fca 26232 libs optional libkrad0_1.20.1-2+deb12u4_ppc64el.deb 9292ccc99b424ec65e69cc419794971a 364592 libs optional libkrb5-3_1.20.1-2+deb12u4_ppc64el.deb a16c4384e03171498e150ed03c5717d4 2208288 debug optional libkrb5-dbg_1.20.1-2+deb12u4_ppc64el.deb e7841db7188e9d0c2a6fe6cf853ab8c7 15436 libdevel optional libkrb5-dev_1.20.1-2+deb12u4_ppc64el.deb 9eda85b6625260ac8aa06d415e978ca5 36368 libs optional libkrb5support0_1.20.1-2+deb12u4_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYo4fOZBRi9qmvTxH1PowSTJ8+YQFAmg7eEAACgkQ1PowSTJ8 +YSuuA/+P3i0SZHMezgNASCel6UAETmVaVFjqWcxSoWg2MpC6qHV9l06s5cl1vam r8QjlznCOT+MEwCdCQsPWR0xgT6XTrVbfJqrcw9UQAPXzcWBx8NsAC6VLBGL8OCT LawQqVAKMi2d30aOQsHckeIBIfZmKmhHQRKIhxkb9lKYY3x75VsPDeJ2AVpV5mlf GXvceAa9sKlt6aJwPg0Jjfv/e4KYCtCMkE6hsaKib8ELkfJMZ9C3OlctAS07lzKZ lyMO3hwI8o2LeBdtSaiI74T6ht6gNd0SNlo3MQEigBgB7OZbNRt+e+sqaqdYPhj4 D5P+kr3fsKQxVfdwSJ0RH20OXh3jUOxji7Zlcqn3+GNjWAYftvJEUTc0fGJcZD/7 B68y5Wk93kHr9vRjPPlzIAb6dh+nYcBZN8NybG0W3gvLo/hoZh7aoEP+ZcZhwr0/ dNU3IYuCgYNzyNWzBzciF9Tc9GwW9ROz/x/tCyAfXhiSb9YXBycUis8oqhb+C0Ec 43gTqjkQhTR9I5klhnH5vXda/yqpTPn/pf+Kni11VLPw57RzgD/eTx22Xdxyxmps mn1FHbuftKZIU7I2wI7h08ihe5A7iK6LKH2YbEZ7ZtT2IlDt8Gef/LODJ5WHfxbK CIvrA3YrPncdPxycqf1Yb4nNU5JCyD9aU7z71oVoeubHrlS1Mww= =gpa3 -----END PGP SIGNATURE-----