-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 07 May 2025 19:06:22 +0200 Source: krb5 Binary: krb5-admin-server krb5-admin-server-dbgsym krb5-gss-samples krb5-gss-samples-dbgsym krb5-k5tls krb5-k5tls-dbgsym krb5-kdc krb5-kdc-dbgsym krb5-kdc-ldap krb5-kdc-ldap-dbgsym krb5-kpropd krb5-kpropd-dbgsym krb5-multidev krb5-otp krb5-otp-dbgsym krb5-pkinit krb5-pkinit-dbgsym krb5-user krb5-user-dbgsym libgssapi-krb5-2 libgssrpc4 libk5crypto3 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 libkrad-dev libkrad0 libkrb5-3 libkrb5-dbg libkrb5-dev libkrb5support0 Architecture: arm64 Version: 1.20.1-2+deb12u4 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-conova-03) Changed-By: Bastien Roucariès Description: krb5-admin-server - MIT Kerberos master server (kadmind) krb5-gss-samples - MIT Kerberos GSS Sample applications krb5-k5tls - TLS plugin for MIT Kerberos krb5-kdc - MIT Kerberos key server (KDC) krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin krb5-kpropd - MIT Kerberos key server (Slave KDC Support) krb5-multidev - development files for MIT Kerberos without Heimdal conflict krb5-otp - OTP plugin for MIT Kerberos krb5-pkinit - PKINIT plugin for MIT Kerberos krb5-user - basic programs to authenticate using MIT Kerberos libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library libkadm5clnt-mit12 - MIT Kerberos runtime libraries - Administration Clients libkadm5srv-mit12 - MIT Kerberos runtime libraries - KDC and Admin Server libkdb5-10 - MIT Kerberos runtime libraries - Kerberos database libkrad-dev - MIT Kerberos RADIUS Library Development libkrad0 - MIT Kerberos runtime libraries - RADIUS library libkrb5-3 - MIT Kerberos runtime libraries libkrb5-dbg - debugging files for MIT Kerberos libkrb5-dev - headers and development libraries for MIT Kerberos libkrb5support0 - MIT Kerberos runtime libraries - Support library Closes: 1103525 Changes: krb5 (1.20.1-2+deb12u4) bookworm; urgency=medium . * Non Maintainer upload by LTS team * Fix CVE-2025-3576. Closes: #1103525 A Vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. * Tickets will not be issued with RC4 or triple-DES session keys unless explicitly configured with the new allow_rc4 or allow_des3 variables respectively. * In KDC, assume all services support aes256-sha1 To facilitate negotiating session keys with acceptable security, assume that services support aes256-cts-hmac-sha1 unless a session_enctypes string attribute says otherwise. Checksums-Sha1: 6c23fdeb7195310f547f60c62bb7474713eaae88 210996 krb5-admin-server-dbgsym_1.20.1-2+deb12u4_arm64.deb 2acd9c2a97c582924bef4aec89c0e0d4359e046d 89600 krb5-admin-server_1.20.1-2+deb12u4_arm64.deb 34350a474bf1a58ab3188ff788fc32bb282ef75b 39364 krb5-gss-samples-dbgsym_1.20.1-2+deb12u4_arm64.deb fc6047e6f126b3aa9e110878b9d46af01ba388e6 28080 krb5-gss-samples_1.20.1-2+deb12u4_arm64.deb 1195b20b0b4b6e41f7a91b7541a5daa3da83dc03 20164 krb5-k5tls-dbgsym_1.20.1-2+deb12u4_arm64.deb 1327ad9c3d8204632a5ff11ad1680bd8936bbb2d 19672 krb5-k5tls_1.20.1-2+deb12u4_arm64.deb 04e0108f3c00a48deb54c840efd2bb8bf01909f5 446984 krb5-kdc-dbgsym_1.20.1-2+deb12u4_arm64.deb ccc69a6675572ca4f53cfb9e081f26aa10422de1 191288 krb5-kdc-ldap-dbgsym_1.20.1-2+deb12u4_arm64.deb 17c7d0cb208e01b68e091c5b809e0ba9ce54524d 85552 krb5-kdc-ldap_1.20.1-2+deb12u4_arm64.deb 69ccbbf96170d9d90c1e4b9c6d73595b9d62a520 172428 krb5-kdc_1.20.1-2+deb12u4_arm64.deb d1099e0f3a6b7af6c1fdbc47303f014e11b7f0c0 43936 krb5-kpropd-dbgsym_1.20.1-2+deb12u4_arm64.deb e2383f5b9550aaed18b9a1072eaf0c2c6fca2dab 31152 krb5-kpropd_1.20.1-2+deb12u4_arm64.deb f7f04b83e6075c4e42c3e57ae81ebc4f89cc8b2b 125604 krb5-multidev_1.20.1-2+deb12u4_arm64.deb 2c4a5124882163dfd157994d138f8a17da670c38 29076 krb5-otp-dbgsym_1.20.1-2+deb12u4_arm64.deb d5be5de1d79dbd19e3a7e57e3f6514742234ea08 21664 krb5-otp_1.20.1-2+deb12u4_arm64.deb 0fdb4366cd63c1aa3e74a277aefc7921ef8c27c3 156020 krb5-pkinit-dbgsym_1.20.1-2+deb12u4_arm64.deb ed02249dabadc56ec3ca45817a2c512c418cdd92 54268 krb5-pkinit_1.20.1-2+deb12u4_arm64.deb 3b0a27ab25deb23af074a538b4cd6fd0e011bdfe 202364 krb5-user-dbgsym_1.20.1-2+deb12u4_arm64.deb d54b83518e55f6fee2e86064aa0c525c28b90ba0 116164 krb5-user_1.20.1-2+deb12u4_arm64.deb 2fc0c5db9ba11e5d80a8b3d28bc94d0302531cc2 16008 krb5_1.20.1-2+deb12u4_arm64-buildd.buildinfo 0eb45ae141c82113f690cb9136ebb785b77f0114 124204 libgssapi-krb5-2_1.20.1-2+deb12u4_arm64.deb b03bcbd84bbb7b980c49ab55aac200f7b3ac74a2 55952 libgssrpc4_1.20.1-2+deb12u4_arm64.deb 1134e1ab5f2d8787ab862a0fa7a4b9ff9f451dcd 80248 libk5crypto3_1.20.1-2+deb12u4_arm64.deb 6bb48e32a08d9d81f961b795fea47db984e9029e 40068 libkadm5clnt-mit12_1.20.1-2+deb12u4_arm64.deb 1673eae2cfe76a57adc0389e41e3bd9d8d68b577 51808 libkadm5srv-mit12_1.20.1-2+deb12u4_arm64.deb d059a7a5064eb81718c9e13d7acff096724d346b 40268 libkdb5-10_1.20.1-2+deb12u4_arm64.deb a49d0ea76dd37006c8c989ed6eb52fe8d472f380 15888 libkrad-dev_1.20.1-2+deb12u4_arm64.deb 5d0bf76eb8ada73d51164a8bc42b1753624a7588 24448 libkrad0_1.20.1-2+deb12u4_arm64.deb 97cbadfb457635afd784f99d38f988e2c00445d2 313652 libkrb5-3_1.20.1-2+deb12u4_arm64.deb c59bf9d0cb2378407378a5d5bea39ce6efbe0d41 2135872 libkrb5-dbg_1.20.1-2+deb12u4_arm64.deb 5383038d1ebea1ac99b584a624a0852620dbbed2 15420 libkrb5-dev_1.20.1-2+deb12u4_arm64.deb bd7f51a139080eedf8c8328cfea18d04a8e0f566 32492 libkrb5support0_1.20.1-2+deb12u4_arm64.deb Checksums-Sha256: 0fadc61e077d3e06f8ad021a44fd88c01812e129dc211906110673957b143156 210996 krb5-admin-server-dbgsym_1.20.1-2+deb12u4_arm64.deb aa6b47cbd69610a675e7e003aa6f8f81d44c3266349d69aa2258fbc6b1f8b35c 89600 krb5-admin-server_1.20.1-2+deb12u4_arm64.deb af5367beb4d690cc4ca98a55f2f3fa63f494bca05ecee5096afb89f38a34f061 39364 krb5-gss-samples-dbgsym_1.20.1-2+deb12u4_arm64.deb 0cf718d517aca6529790b79923e01fc237233fe233bb6e5b6716bc07c149e431 28080 krb5-gss-samples_1.20.1-2+deb12u4_arm64.deb 82bf32a64bcaf0d01a2404159442398b7410b1e1df3f7f8ff0a92ea7fd15c8ba 20164 krb5-k5tls-dbgsym_1.20.1-2+deb12u4_arm64.deb 4e16a552b7224d94873302bddbcdb47ad9d84e6ea228e96e3384eb9f334dad1c 19672 krb5-k5tls_1.20.1-2+deb12u4_arm64.deb 691b3ce41b0e1f9e015be299705c84ce8ff72258c32604bb6e595539f92fb272 446984 krb5-kdc-dbgsym_1.20.1-2+deb12u4_arm64.deb fc2fafe9d4bd9698c94901a1da847e8f578924c0f04ea135f25dc9f7fa0d5ea0 191288 krb5-kdc-ldap-dbgsym_1.20.1-2+deb12u4_arm64.deb 4361167868c73003d2fd8994ef2169afcc07867c8e189bf148f62bf9e54b7b94 85552 krb5-kdc-ldap_1.20.1-2+deb12u4_arm64.deb b5a436790a0cfedd9c1b429e7da7898edf60f3d88287bc7f1c0a35314746741e 172428 krb5-kdc_1.20.1-2+deb12u4_arm64.deb ab469eda9ec81f0b64f29ff682ff135a434a6ba44cf67abfc59e8e51928c9597 43936 krb5-kpropd-dbgsym_1.20.1-2+deb12u4_arm64.deb d0eb8b68b50fce4bc18164607278af56d49bd2bd2ac0cdb66ec30164251ac12a 31152 krb5-kpropd_1.20.1-2+deb12u4_arm64.deb bc5472e1df5bc8deb2c54281f641150db73db56b236142607f332681caeaec7e 125604 krb5-multidev_1.20.1-2+deb12u4_arm64.deb f4bbd2ed33c75c7d280d79a07864dedcdf6205f2e4f04ebe40781d582f9ae856 29076 krb5-otp-dbgsym_1.20.1-2+deb12u4_arm64.deb 6f67dd2613eb0820e42fbeda04a3bb63792eaccb016ff4307abbb6d70922d633 21664 krb5-otp_1.20.1-2+deb12u4_arm64.deb 01b59ec2672eed2d2524aade41cef213d09d9fd3c77dd7a3ddf8f028590a1089 156020 krb5-pkinit-dbgsym_1.20.1-2+deb12u4_arm64.deb f608c975da981ab6d4c3d621688a00af1073738312af7bfb78b3e7d27fbb6ea7 54268 krb5-pkinit_1.20.1-2+deb12u4_arm64.deb c3706472e78dac4d90f7c5f6febddc7d80032cd41e9315efeca1e56072769fa3 202364 krb5-user-dbgsym_1.20.1-2+deb12u4_arm64.deb c8bfd9cd1a5a45c8854cfec46a26d2d9afe5a5010e5cba3e990aaf4c30a6ea6c 116164 krb5-user_1.20.1-2+deb12u4_arm64.deb c9a3e7bcf84b7ea1cbbb0c9581cfc2e21296da95b4b7d25ab39e1a76d15dd3ee 16008 krb5_1.20.1-2+deb12u4_arm64-buildd.buildinfo 5dd7242e08da4b8e190b8c4bbad2a0f7b26d718bf98c332233362aface6fd44d 124204 libgssapi-krb5-2_1.20.1-2+deb12u4_arm64.deb 51dc544d7a27b75c994db739b70a4c1d790b24528a1933bd4de95c70d58c08ad 55952 libgssrpc4_1.20.1-2+deb12u4_arm64.deb e72fc6077826bcc070e56c11491f6032010269f1af0135ccb918bf90471add6b 80248 libk5crypto3_1.20.1-2+deb12u4_arm64.deb 7c1b144ddb307a37f88e39fa28f94444b0759d0a3faa815a0cca7dd36be506e1 40068 libkadm5clnt-mit12_1.20.1-2+deb12u4_arm64.deb d78b723af7becf2b1f7ffb0655ef887e29763621d9f4703e6f6793bd20415961 51808 libkadm5srv-mit12_1.20.1-2+deb12u4_arm64.deb 75718bbd1d7a02f3e43e4fcc3ade1ab9a8eeda0f22f19fcc1332a2340ef40fc7 40268 libkdb5-10_1.20.1-2+deb12u4_arm64.deb 6281ece59a47d90fc1f043ed62e8914d49750095254dbbccc407db3fec8dfa44 15888 libkrad-dev_1.20.1-2+deb12u4_arm64.deb 7f26d4a11db974b572e81b3676a8fb3bcc5a6570dd7c80ade517caeb5c807dc9 24448 libkrad0_1.20.1-2+deb12u4_arm64.deb 70599ea93ff9dacf0621f776faa4ae142b6cc0420f50dad7cf6bd2c1bcdad71b 313652 libkrb5-3_1.20.1-2+deb12u4_arm64.deb ce72f86825fce9fd9f70a0c98879d2981715df12da5d9604b6002529f08ad8bb 2135872 libkrb5-dbg_1.20.1-2+deb12u4_arm64.deb 5d49e46e93962f9bda845b9e13a917d4959c401c364feafc89f98582e8eb96d6 15420 libkrb5-dev_1.20.1-2+deb12u4_arm64.deb e201269c7fa36cc22a4edb680bc093a155a32fbef23ef2d65fef20907cee4ff7 32492 libkrb5support0_1.20.1-2+deb12u4_arm64.deb Files: 1d0ecf7ed57894dbf08edf90385610df 210996 debug optional krb5-admin-server-dbgsym_1.20.1-2+deb12u4_arm64.deb 474c92d32642eb647436bff82e9e3395 89600 net optional krb5-admin-server_1.20.1-2+deb12u4_arm64.deb 648451fc1feda4596da60a26d6917404 39364 debug optional krb5-gss-samples-dbgsym_1.20.1-2+deb12u4_arm64.deb f6a0dc66573430954d2656f6e5e08371 28080 net optional krb5-gss-samples_1.20.1-2+deb12u4_arm64.deb 83d8c05e8c3d0f5b66021b4cb1d7f39c 20164 debug optional krb5-k5tls-dbgsym_1.20.1-2+deb12u4_arm64.deb fd69a723f41e942696185db8b78f80aa 19672 net optional krb5-k5tls_1.20.1-2+deb12u4_arm64.deb 3d43aef626dd310b4c2c3c33b99a15e3 446984 debug optional krb5-kdc-dbgsym_1.20.1-2+deb12u4_arm64.deb adaad22311bf3c59e261ce7c1d6686b2 191288 debug optional krb5-kdc-ldap-dbgsym_1.20.1-2+deb12u4_arm64.deb 76c0914e0e7979a421055b5f91656938 85552 net optional krb5-kdc-ldap_1.20.1-2+deb12u4_arm64.deb 7fb0711009fbdf5fdfd9b48594140762 172428 net optional krb5-kdc_1.20.1-2+deb12u4_arm64.deb 4e17848ef087d2f9c4d00fabedb63a54 43936 debug optional krb5-kpropd-dbgsym_1.20.1-2+deb12u4_arm64.deb 72f8168af14b3c579913231da620e9d8 31152 net optional krb5-kpropd_1.20.1-2+deb12u4_arm64.deb 660304acf25d1738a40ee4d2c73c15c1 125604 libdevel optional krb5-multidev_1.20.1-2+deb12u4_arm64.deb c4e4a5d028923b47e773a6a5a2d412bb 29076 debug optional krb5-otp-dbgsym_1.20.1-2+deb12u4_arm64.deb 69b12f447b59a3e842fa30a2f669d638 21664 net optional krb5-otp_1.20.1-2+deb12u4_arm64.deb 241b1171787285a8cb76323ec4ccb392 156020 debug optional krb5-pkinit-dbgsym_1.20.1-2+deb12u4_arm64.deb eb70326b596187d8c877755f565d1269 54268 net optional krb5-pkinit_1.20.1-2+deb12u4_arm64.deb f883d6ecef8652fdf4e673fb0a8020f9 202364 debug optional krb5-user-dbgsym_1.20.1-2+deb12u4_arm64.deb 09e0e48946f5b075d0b1a0e27c837bb2 116164 net optional krb5-user_1.20.1-2+deb12u4_arm64.deb 1b5322a2c4995786710a9b49c08de2f9 16008 net optional krb5_1.20.1-2+deb12u4_arm64-buildd.buildinfo f1cf2ec1a824b6a5f3475ef83182f8d7 124204 libs optional libgssapi-krb5-2_1.20.1-2+deb12u4_arm64.deb f7f1e8afd834685100338f73b0244ae7 55952 libs optional libgssrpc4_1.20.1-2+deb12u4_arm64.deb 4e1024c561e8366d8e4ea132474f531e 80248 libs optional libk5crypto3_1.20.1-2+deb12u4_arm64.deb 32b98c4ce75ee47021d4c47e0f56cb57 40068 libs optional libkadm5clnt-mit12_1.20.1-2+deb12u4_arm64.deb 9f3535e65d5cf51cb0d42f5b4614bce9 51808 libs optional libkadm5srv-mit12_1.20.1-2+deb12u4_arm64.deb c079d2255325a870a0f3f3d6d89e5bb1 40268 libs optional libkdb5-10_1.20.1-2+deb12u4_arm64.deb 08d6af012ae7ad6bc27a8f81bfc99d0d 15888 libdevel optional libkrad-dev_1.20.1-2+deb12u4_arm64.deb 0e5ca26e529f55a7e170a17c23a7f027 24448 libs optional libkrad0_1.20.1-2+deb12u4_arm64.deb d2312e517499298c2eb59123f74f1965 313652 libs optional libkrb5-3_1.20.1-2+deb12u4_arm64.deb ef7d39ba873cfcc4f6cb83ca079657ad 2135872 debug optional libkrb5-dbg_1.20.1-2+deb12u4_arm64.deb bfa980695b554b98a16da332659a4822 15420 libdevel optional libkrb5-dev_1.20.1-2+deb12u4_arm64.deb de40bd533df81ea54fe748535a81a6d8 32492 libs optional libkrb5support0_1.20.1-2+deb12u4_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEVM4SKBZumztS8zr3lST9Us03ywsFAmg7eJ8ACgkQlST9Us03 ywsOVBAAynXXxXs+G/7hE/wlKBAwZskLRudrJ6tZpmRifOwB6fHjo4FJyc8C22Oy lcGAv0MUkQzv3bgQ1ek60vDBU7lOkwY/XLlZVIJX+Jd+/FCnzNaeIi9rGiBi5lJz gB6sh9ucazBACTiAG36v7cxVAUsRohQ6obVdwY4NTfXRdcwactrmcI2JWekgPqWH ZaastBRP2Jm1zcxGM9vi7qo47ovF1s4jZ6utqnVC93lNBnmw7J2jEwyiMgQ1kjmd VvwXj6SU8xq/bgCdghFnAxgQZUNrLG6HV1G6Y5qjRg/Aayoh1FneBKRcVZLMMWed rQEeIpyc+RWwr0wRC7PW86ZnrYbQqIsU7K1Hl8v1TB0LKs98PO/235GAx1TlVrZD HncL3B8hWHsZC3r1BQ7S+Awm5figNBe1+V9uMxMA+izkyHAFZxparCCjeO8bOZ8k FR4bZ3+j2aUvR6vP00TgPy79jjkCW0i57Gm/nNwU0+Y1OPdftojTqLu4o4r2Ib2J CpvtubDJ3hfJG/nYNS86Kl7gqFE7AZ9zSELgQaj9ZpNU8KZQB9PqnBSYmkxZydHe V1fvuJnb1wqJb30Ifj71kBS7BrXmhU+o3oUNthSrPpftogTC6e8T/LG+4Q4b87AQ PIX9YcsEeCVligMIA5jfOGVUybgppK5J1SVzDDZ1k+IiihsN2nI= =KdqC -----END PGP SIGNATURE-----