-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 07 May 2025 19:06:22 +0200 Source: krb5 Binary: krb5-admin-server krb5-admin-server-dbgsym krb5-gss-samples krb5-gss-samples-dbgsym krb5-k5tls krb5-k5tls-dbgsym krb5-kdc krb5-kdc-dbgsym krb5-kdc-ldap krb5-kdc-ldap-dbgsym krb5-kpropd krb5-kpropd-dbgsym krb5-multidev krb5-otp krb5-otp-dbgsym krb5-pkinit krb5-pkinit-dbgsym krb5-user krb5-user-dbgsym libgssapi-krb5-2 libgssrpc4 libk5crypto3 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 libkrad-dev libkrad0 libkrb5-3 libkrb5-dbg libkrb5-dev libkrb5support0 Architecture: s390x Version: 1.20.1-2+deb12u4 Distribution: bookworm Urgency: medium Maintainer: s390x Build Daemon (zandonai) Changed-By: Bastien Roucariès Description: krb5-admin-server - MIT Kerberos master server (kadmind) krb5-gss-samples - MIT Kerberos GSS Sample applications krb5-k5tls - TLS plugin for MIT Kerberos krb5-kdc - MIT Kerberos key server (KDC) krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin krb5-kpropd - MIT Kerberos key server (Slave KDC Support) krb5-multidev - development files for MIT Kerberos without Heimdal conflict krb5-otp - OTP plugin for MIT Kerberos krb5-pkinit - PKINIT plugin for MIT Kerberos krb5-user - basic programs to authenticate using MIT Kerberos libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library libkadm5clnt-mit12 - MIT Kerberos runtime libraries - Administration Clients libkadm5srv-mit12 - MIT Kerberos runtime libraries - KDC and Admin Server libkdb5-10 - MIT Kerberos runtime libraries - Kerberos database libkrad-dev - MIT Kerberos RADIUS Library Development libkrad0 - MIT Kerberos runtime libraries - RADIUS library libkrb5-3 - MIT Kerberos runtime libraries libkrb5-dbg - debugging files for MIT Kerberos libkrb5-dev - headers and development libraries for MIT Kerberos libkrb5support0 - MIT Kerberos runtime libraries - Support library Closes: 1103525 Changes: krb5 (1.20.1-2+deb12u4) bookworm; urgency=medium . * Non Maintainer upload by LTS team * Fix CVE-2025-3576. Closes: #1103525 A Vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. * Tickets will not be issued with RC4 or triple-DES session keys unless explicitly configured with the new allow_rc4 or allow_des3 variables respectively. * In KDC, assume all services support aes256-sha1 To facilitate negotiating session keys with acceptable security, assume that services support aes256-cts-hmac-sha1 unless a session_enctypes string attribute says otherwise. Checksums-Sha1: b9f8f0a9e5564d05c2a5dd434894e4fab0d25324 204416 krb5-admin-server-dbgsym_1.20.1-2+deb12u4_s390x.deb 4e50c669691aa8153d65389ce8f98eae6ac723bc 88428 krb5-admin-server_1.20.1-2+deb12u4_s390x.deb dceff2ac49d749f3b78a1336d2d2e4db0e7c0063 36256 krb5-gss-samples-dbgsym_1.20.1-2+deb12u4_s390x.deb c2ef0530467529f7e627b4a3e667594256a93182 27720 krb5-gss-samples_1.20.1-2+deb12u4_s390x.deb 34e380dea450c1bac2dbf0852b8511ab66796ef8 19484 krb5-k5tls-dbgsym_1.20.1-2+deb12u4_s390x.deb 8d230da395918e98e8920dba0bffc577be87b5ee 19024 krb5-k5tls_1.20.1-2+deb12u4_s390x.deb f69aa48a1d1163ac1ab78a5a06731c4c6d445030 443484 krb5-kdc-dbgsym_1.20.1-2+deb12u4_s390x.deb 459abb9512c35336d76deb78d493a012499671df 184344 krb5-kdc-ldap-dbgsym_1.20.1-2+deb12u4_s390x.deb e40f2052b76a31ffea6acdbe9bf3e0ad5d1e53a1 82780 krb5-kdc-ldap_1.20.1-2+deb12u4_s390x.deb f49b015d1efd8ef6a3c5f670a96ae1b93603ad26 170840 krb5-kdc_1.20.1-2+deb12u4_s390x.deb cb8a3dd133c7aee92a6a570abdb4b940a3158180 42464 krb5-kpropd-dbgsym_1.20.1-2+deb12u4_s390x.deb 375b826672a18f11af1abd4d219439a6e6964f2b 30956 krb5-kpropd_1.20.1-2+deb12u4_s390x.deb c8c94efdfae4db38e773b5bb92674b505944ee97 125600 krb5-multidev_1.20.1-2+deb12u4_s390x.deb 051b5ddb750febbb48aef2e0bf03b56842538344 28860 krb5-otp-dbgsym_1.20.1-2+deb12u4_s390x.deb 2d55f40ef740ab41e0b6633f5337735f925a2809 21524 krb5-otp_1.20.1-2+deb12u4_s390x.deb 5505fa4b55da52f844e7e393a71126b9a228132b 154316 krb5-pkinit-dbgsym_1.20.1-2+deb12u4_s390x.deb 63d9f016c2b831863388d9bd462d48a90fc6d9fb 54300 krb5-pkinit_1.20.1-2+deb12u4_s390x.deb 102e4993e2cca027c926e9d679a75b5a36103740 193180 krb5-user-dbgsym_1.20.1-2+deb12u4_s390x.deb 0be9e5bd66b9fcdff65e048495a05442348f74d4 114060 krb5-user_1.20.1-2+deb12u4_s390x.deb 8400f3b1cfa8b4b1212393d11ca264b47fd36421 15880 krb5_1.20.1-2+deb12u4_s390x-buildd.buildinfo b29e09069eb95105aa3a0247c2cfd194ac8822ed 122324 libgssapi-krb5-2_1.20.1-2+deb12u4_s390x.deb 575e9fdb2d1be93631e85a0dd6e1275d9a991cff 54988 libgssrpc4_1.20.1-2+deb12u4_s390x.deb 59090d380ccc34bfb60276c90832d6925a58b7f7 77264 libk5crypto3_1.20.1-2+deb12u4_s390x.deb ed1ce00d5c9d2a8a3bccd8b412faf461c337f27b 38848 libkadm5clnt-mit12_1.20.1-2+deb12u4_s390x.deb 8013eab1116a11c8521734fc0d5a3d7bddfaa7ff 50484 libkadm5srv-mit12_1.20.1-2+deb12u4_s390x.deb 801e6a1220ff3eeb5a176ca0800c857963f0f04e 39648 libkdb5-10_1.20.1-2+deb12u4_s390x.deb 79cb5ea1d1b957ab7dba62899025977912d281a8 15900 libkrad-dev_1.20.1-2+deb12u4_s390x.deb 828175e010c57e3f8008542e60291f3774618857 24164 libkrad0_1.20.1-2+deb12u4_s390x.deb 9da765e98acfabfed0810f8afa473a52db5872f8 310968 libkrb5-3_1.20.1-2+deb12u4_s390x.deb 2f1b7ca6edf62a34289430297f4219ddb853e02b 2129696 libkrb5-dbg_1.20.1-2+deb12u4_s390x.deb 386e571f2223dd9534c62bd1ced9c12b3cecd818 15412 libkrb5-dev_1.20.1-2+deb12u4_s390x.deb 1e10cfecdf86662f4764f322736b9cda92dbae4c 32240 libkrb5support0_1.20.1-2+deb12u4_s390x.deb Checksums-Sha256: 545783a969dbb14387435ec3a05c76275a6aff3aedc14005264cbb573cb15c1f 204416 krb5-admin-server-dbgsym_1.20.1-2+deb12u4_s390x.deb 30951f858304c4a37dc8e3ae804f7db7151e9dde8c9b6b88037c381498d8dd1d 88428 krb5-admin-server_1.20.1-2+deb12u4_s390x.deb 6d359e1144cae235cf9a022180aa32667ce75b4ed57cf6c479a8d4a5f28e18d4 36256 krb5-gss-samples-dbgsym_1.20.1-2+deb12u4_s390x.deb 3b74ba1af993e7205e92d924b444b3d49b3c21525bec34f69b697b19b9950f7b 27720 krb5-gss-samples_1.20.1-2+deb12u4_s390x.deb 754788352cff02bf224643d81fedf342ff6120bf41abd955529771e56549962d 19484 krb5-k5tls-dbgsym_1.20.1-2+deb12u4_s390x.deb afe5efa194fe80dd95afbf771312dad763f581f05d972c4694ddf9b5f956b497 19024 krb5-k5tls_1.20.1-2+deb12u4_s390x.deb 4a371dfa17149cf1c269e27bf8420a13bdbdfb22664bfb15086ec725992a9c4c 443484 krb5-kdc-dbgsym_1.20.1-2+deb12u4_s390x.deb 021052e8c3aa1fa4cf9df1ff52829980f0c8ca4e46bf2d9856b757fd33796263 184344 krb5-kdc-ldap-dbgsym_1.20.1-2+deb12u4_s390x.deb 2efeebb2381138e47738fb9df0b408e0c9daf707b646a0c3f763979ec7386b8a 82780 krb5-kdc-ldap_1.20.1-2+deb12u4_s390x.deb 7c2d75eb95e4d2aac8985798993205ec7e5503cb2b8c9e73c0983bd36bea0f71 170840 krb5-kdc_1.20.1-2+deb12u4_s390x.deb 5f641d3e8592e53a2f341632b9d07ffb156b76bc789ef87fa958812e32f6bb30 42464 krb5-kpropd-dbgsym_1.20.1-2+deb12u4_s390x.deb 4a40f0669816522368b79427a575d74f1103a706356bdbe35d13c664c7c9da47 30956 krb5-kpropd_1.20.1-2+deb12u4_s390x.deb 246e6712c93dd23040e3f5565c77d0c15451e0a2df1309f2ea64fd384f3882eb 125600 krb5-multidev_1.20.1-2+deb12u4_s390x.deb 2775f17b954fe9ae434273bb56706a2b1faf435f955f96b89bff81ed4717c403 28860 krb5-otp-dbgsym_1.20.1-2+deb12u4_s390x.deb 9c0394fed6b316087e883e21560ad987c7df23660979f3c03d7d1fe780a5c066 21524 krb5-otp_1.20.1-2+deb12u4_s390x.deb bdb07ad44cc6f60392abd7a82a2f746b01d6cfd7a3fb5d1ccc6c6859572b7acd 154316 krb5-pkinit-dbgsym_1.20.1-2+deb12u4_s390x.deb f8613a4e4e82002c49e84a8a2e37a4ba2a1cfe7415df09a535ca6c3d5e7ee0d0 54300 krb5-pkinit_1.20.1-2+deb12u4_s390x.deb 0f96ee26db20051ffe28e4267dd6c49910489ba75be3829107c29a0dae665303 193180 krb5-user-dbgsym_1.20.1-2+deb12u4_s390x.deb 11c61041322fa0918137a00a2e35b00e7edce5e6017a383f9777fd23d3b56146 114060 krb5-user_1.20.1-2+deb12u4_s390x.deb aec33fb3cccbbbf203c70bca1aebea17e6626eb231c49ee4430ebe2bb270adfa 15880 krb5_1.20.1-2+deb12u4_s390x-buildd.buildinfo 938970c1538ed5c3fd3f75898964837a6c4fd833db981c517ebfbf5885c69d9d 122324 libgssapi-krb5-2_1.20.1-2+deb12u4_s390x.deb b33963dda1bbc3d400c383a6d2b0b86d39bb515155179c8711d1cf883cea8226 54988 libgssrpc4_1.20.1-2+deb12u4_s390x.deb db3d70f97b4998addadb3e7ef17a3ec71341d7e375d855617107e12f06734241 77264 libk5crypto3_1.20.1-2+deb12u4_s390x.deb 24852996b983d4dcdaef39d220d780251d5491ca3c1d0fdf14e01b6393c3bcc7 38848 libkadm5clnt-mit12_1.20.1-2+deb12u4_s390x.deb 7dbcbc7038b8fb75c377dcdf30a9df8065d2d8ee18099fce2dda44130b625a73 50484 libkadm5srv-mit12_1.20.1-2+deb12u4_s390x.deb b7e8278f08bba1b2df6d74f36a61c2e2a05d3248ac640055e31c4c85dbc51199 39648 libkdb5-10_1.20.1-2+deb12u4_s390x.deb 578551cba3b03947ade309cb769d8d4ce127604ec5f1052d3e138d2acb4fe98f 15900 libkrad-dev_1.20.1-2+deb12u4_s390x.deb 6b3c1bf41b2eb6c920397aedadfa126bdcc2a8d2764803ee45d807c00f14a262 24164 libkrad0_1.20.1-2+deb12u4_s390x.deb b1954c83d7302ea065db5bb65aa1caf86f9efdf947d62e2a19f57db8f7914a1e 310968 libkrb5-3_1.20.1-2+deb12u4_s390x.deb 67284c56ff1e0e1aa7beecf7d40ad2d6574bde925766beacc6d81157d24b5acd 2129696 libkrb5-dbg_1.20.1-2+deb12u4_s390x.deb 4fde733d142bb0cae15876a15f6675a7ca0379a00cb78dfe813bfa56872c0178 15412 libkrb5-dev_1.20.1-2+deb12u4_s390x.deb af43591cf2b0c1d748b977ed478ffcaf5547f343ef49242ab9f5444c8dcabb9a 32240 libkrb5support0_1.20.1-2+deb12u4_s390x.deb Files: 710e673a0e564dd13b271d243aa9e80e 204416 debug optional krb5-admin-server-dbgsym_1.20.1-2+deb12u4_s390x.deb 320846e68baa821cb0a72b13c24a926c 88428 net optional krb5-admin-server_1.20.1-2+deb12u4_s390x.deb a004d263f4b01533fa7fd5576c39bef9 36256 debug optional krb5-gss-samples-dbgsym_1.20.1-2+deb12u4_s390x.deb 4950025bd51b4399204813f1b4bf9ba9 27720 net optional krb5-gss-samples_1.20.1-2+deb12u4_s390x.deb c9232dbe8084c6e7e40b3c13fd5f4b18 19484 debug optional krb5-k5tls-dbgsym_1.20.1-2+deb12u4_s390x.deb 427f1d1530751bb61f260f9eba1dead7 19024 net optional krb5-k5tls_1.20.1-2+deb12u4_s390x.deb d253b5e7553f4cedafe15ea283daf46c 443484 debug optional krb5-kdc-dbgsym_1.20.1-2+deb12u4_s390x.deb fde45f07d47a64622aaddebdeb79139c 184344 debug optional krb5-kdc-ldap-dbgsym_1.20.1-2+deb12u4_s390x.deb 17f43dbfc03bc337cc0731fd6bf78baf 82780 net optional krb5-kdc-ldap_1.20.1-2+deb12u4_s390x.deb ef1db58b13697ae22855ba63e09d7066 170840 net optional krb5-kdc_1.20.1-2+deb12u4_s390x.deb b8e183a7fe78f2e70b646a5889314ecd 42464 debug optional krb5-kpropd-dbgsym_1.20.1-2+deb12u4_s390x.deb dd755d89f906c29fe064a6242be6ee88 30956 net optional krb5-kpropd_1.20.1-2+deb12u4_s390x.deb f3cef281785f4498a1c508a7577b6f25 125600 libdevel optional krb5-multidev_1.20.1-2+deb12u4_s390x.deb c863b99786e9074f2b67340fa6aefed8 28860 debug optional krb5-otp-dbgsym_1.20.1-2+deb12u4_s390x.deb 5fa31ddcda5119fb3007a29610b34315 21524 net optional krb5-otp_1.20.1-2+deb12u4_s390x.deb bca37a756116adaa03fdb4a45aadcf80 154316 debug optional krb5-pkinit-dbgsym_1.20.1-2+deb12u4_s390x.deb 8d6a0483df4efa9c19211c2e58798455 54300 net optional krb5-pkinit_1.20.1-2+deb12u4_s390x.deb 800145cf8a9e8ee72519f1bf0e35d06b 193180 debug optional krb5-user-dbgsym_1.20.1-2+deb12u4_s390x.deb e20b8d6e4905ca50d159485604a7237f 114060 net optional krb5-user_1.20.1-2+deb12u4_s390x.deb 853e562fbe94abcdcbca1d47aeaed7fe 15880 net optional krb5_1.20.1-2+deb12u4_s390x-buildd.buildinfo 21908f74926b8215c5e90d6944f39448 122324 libs optional libgssapi-krb5-2_1.20.1-2+deb12u4_s390x.deb 40c3fb1ed9fe8eafb4e8f37eddcc77f8 54988 libs optional libgssrpc4_1.20.1-2+deb12u4_s390x.deb 9995333bdfbe5b0a663790e2ac017e5b 77264 libs optional libk5crypto3_1.20.1-2+deb12u4_s390x.deb c7319f8770121145c8bfc89ca356f133 38848 libs optional libkadm5clnt-mit12_1.20.1-2+deb12u4_s390x.deb c784b481a0568155f9f0f6b37d97df17 50484 libs optional libkadm5srv-mit12_1.20.1-2+deb12u4_s390x.deb a38f0440e70f1867322d14024757b921 39648 libs optional libkdb5-10_1.20.1-2+deb12u4_s390x.deb 56c9fa09deb989f12b915112e8d800df 15900 libdevel optional libkrad-dev_1.20.1-2+deb12u4_s390x.deb daabe7bc95a4e935e4d9ee15f182b75d 24164 libs optional libkrad0_1.20.1-2+deb12u4_s390x.deb b2589a8a2e9d88843b20db57ebde2265 310968 libs optional libkrb5-3_1.20.1-2+deb12u4_s390x.deb e21ac33fb1b0dadf365a09c15d285939 2129696 debug optional libkrb5-dbg_1.20.1-2+deb12u4_s390x.deb 76cc244e3fe6030d101e483481a277a0 15412 libdevel optional libkrb5-dev_1.20.1-2+deb12u4_s390x.deb e6234d65fa42d3ce1f574fc6eb1d7e7c 32240 libs optional libkrb5support0_1.20.1-2+deb12u4_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEu0D/YpnnSxv8epH9AKOyQzsWVasFAmg7ghIACgkQAKOyQzsW VauZkA/+Khdl3lWZv7zBBli1JAkDAMp0V+aJ5eA+pBdWq5wvci0hxUMKTYMAnN/0 BWD9uv2ayVOPH/r6hnz0iPUf8hYgd9KR8XFimHwBDzJvDjtZ12ELtVWKhTJXLWCd Oq6Yw3fwkr+OJSYgPaBmflpkP8WQjzh3GMDpy6wemZIF+RWRsLXo9WLlbC2i8rjI bxHe/aqK7oau//fsPukN9LO6IFp6Ia8FQ2F+sLB5DcaXYKYwjAx+bqXiujUWanfd eOxixt2+djSpfhVh+YByOzCGNbyo3ddDN0Eejyw1FQY1jyGO7rSnUnR772u41hSI FT/T3R2MdtHwHuYj1fxWUc1aP1vxXjl3lUZtULZ0dQOxgYjhUrg4SDgFWww5n3Jo iZ/PjHDzeBrtgSslzxr3PLWbAM992HWkCDKA8bgzpjHwZOSI+ksJfQtNgbQlwUff 9L1FO9aJKThrw3h864orVU24GU1cYG0W3GBRsppvkRw6K/wJmd0K/LJcyLFL0Hid etLNqaWoeqIJofk5q2rfH3uCeqU3pYF9cazytCZ0YNgHOcr4kn5zmqD6ip1R0325 +idHNGDM8byf2tPZd43nrsFKe+bnDUltbqlB5cLsifducjl5SK9Q6qxsHixQvS/U gkQGxEC3cePLp+4Mebam7WjpfZbvQnZ9tNkc3TKLB9fMRz2rCtw= =oInk -----END PGP SIGNATURE-----