-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 07 May 2025 19:06:22 +0200 Source: krb5 Binary: krb5-admin-server krb5-admin-server-dbgsym krb5-gss-samples krb5-gss-samples-dbgsym krb5-k5tls krb5-k5tls-dbgsym krb5-kdc krb5-kdc-dbgsym krb5-kdc-ldap krb5-kdc-ldap-dbgsym krb5-kpropd krb5-kpropd-dbgsym krb5-multidev krb5-otp krb5-otp-dbgsym krb5-pkinit krb5-pkinit-dbgsym krb5-user krb5-user-dbgsym libgssapi-krb5-2 libgssrpc4 libk5crypto3 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 libkrad-dev libkrad0 libkrb5-3 libkrb5-dbg libkrb5-dev libkrb5support0 Architecture: armel Version: 1.20.1-2+deb12u4 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-ubc-03) Changed-By: Bastien Roucariès Description: krb5-admin-server - MIT Kerberos master server (kadmind) krb5-gss-samples - MIT Kerberos GSS Sample applications krb5-k5tls - TLS plugin for MIT Kerberos krb5-kdc - MIT Kerberos key server (KDC) krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin krb5-kpropd - MIT Kerberos key server (Slave KDC Support) krb5-multidev - development files for MIT Kerberos without Heimdal conflict krb5-otp - OTP plugin for MIT Kerberos krb5-pkinit - PKINIT plugin for MIT Kerberos krb5-user - basic programs to authenticate using MIT Kerberos libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library libkadm5clnt-mit12 - MIT Kerberos runtime libraries - Administration Clients libkadm5srv-mit12 - MIT Kerberos runtime libraries - KDC and Admin Server libkdb5-10 - MIT Kerberos runtime libraries - Kerberos database libkrad-dev - MIT Kerberos RADIUS Library Development libkrad0 - MIT Kerberos runtime libraries - RADIUS library libkrb5-3 - MIT Kerberos runtime libraries libkrb5-dbg - debugging files for MIT Kerberos libkrb5-dev - headers and development libraries for MIT Kerberos libkrb5support0 - MIT Kerberos runtime libraries - Support library Closes: 1103525 Changes: krb5 (1.20.1-2+deb12u4) bookworm; urgency=medium . * Non Maintainer upload by LTS team * Fix CVE-2025-3576. Closes: #1103525 A Vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. * Tickets will not be issued with RC4 or triple-DES session keys unless explicitly configured with the new allow_rc4 or allow_des3 variables respectively. * In KDC, assume all services support aes256-sha1 To facilitate negotiating session keys with acceptable security, assume that services support aes256-cts-hmac-sha1 unless a session_enctypes string attribute says otherwise. Checksums-Sha1: 9ec75ed31e70bace5c367f6b3ac48e2dd7eeb716 204916 krb5-admin-server-dbgsym_1.20.1-2+deb12u4_armel.deb 8972b5154fbc2fef24a44a62706414899d947f52 83836 krb5-admin-server_1.20.1-2+deb12u4_armel.deb 4a005264ab9fe7e73119e53d2f073c246240d30a 37736 krb5-gss-samples-dbgsym_1.20.1-2+deb12u4_armel.deb 8a68c914f1d874b40571c224b77df56af2c8aec6 28568 krb5-gss-samples_1.20.1-2+deb12u4_armel.deb 3ef35bbb1cc8c71622dddf2909279dc75f7733ad 20156 krb5-k5tls-dbgsym_1.20.1-2+deb12u4_armel.deb 8dd4404328d098772713900609757d9c41b802f2 18600 krb5-k5tls_1.20.1-2+deb12u4_armel.deb cab6561f8de0484b8f6446aafeddb78a9d7b587e 449220 krb5-kdc-dbgsym_1.20.1-2+deb12u4_armel.deb d263379fb3827edf3f630068bfc8cc18288529b3 188200 krb5-kdc-ldap-dbgsym_1.20.1-2+deb12u4_armel.deb 37368dfc03f3710b137cc6053bee04afd47b80e8 80040 krb5-kdc-ldap_1.20.1-2+deb12u4_armel.deb 62d6f3645a5c7ea4a41026252d4672cea7898905 160316 krb5-kdc_1.20.1-2+deb12u4_armel.deb 77fcd0890695029ccd294589b8a94c48cbf40f4f 45092 krb5-kpropd-dbgsym_1.20.1-2+deb12u4_armel.deb 9612bebf5b80215d0fc8936ec53184b891070b60 31128 krb5-kpropd_1.20.1-2+deb12u4_armel.deb d2e3bbd8d4d0d5d28cd9e9459c3bf7b4c85d2e14 125600 krb5-multidev_1.20.1-2+deb12u4_armel.deb 95889e9ce5f102d221eee5d4124fe536362dd8bb 29064 krb5-otp-dbgsym_1.20.1-2+deb12u4_armel.deb 1946eb7d859c12563301d1595e5cd6fae3f70d53 20668 krb5-otp_1.20.1-2+deb12u4_armel.deb d0bc39eaa76f834d785b4ac7bad0122eac88fa26 149492 krb5-pkinit-dbgsym_1.20.1-2+deb12u4_armel.deb 43e6f6bf70e9c4c6a33bf4efc810d7c642dc6670 48932 krb5-pkinit_1.20.1-2+deb12u4_armel.deb 8fa9ed532f426365ff718d5fbdbe9b5e50c1d902 195512 krb5-user-dbgsym_1.20.1-2+deb12u4_armel.deb 7a5256a678be0538da84e093912f0e7dafd75ca3 111236 krb5-user_1.20.1-2+deb12u4_armel.deb 663fd9eac2705c464718595523e216647834fe50 15850 krb5_1.20.1-2+deb12u4_armel-buildd.buildinfo f50586dc9ba0bfa8199cb6d59f344b17b2cf3d28 110584 libgssapi-krb5-2_1.20.1-2+deb12u4_armel.deb 90183f7afbb7d03a0adbd6ca77a4c06612bec920 50936 libgssrpc4_1.20.1-2+deb12u4_armel.deb 4f45f849e40c785e9bbe4bff202c2fc4cda28219 74928 libk5crypto3_1.20.1-2+deb12u4_armel.deb 6d3a922d65ddd9d9442008cfcbd94588e6b590b2 36496 libkadm5clnt-mit12_1.20.1-2+deb12u4_armel.deb 16980d94489c73d708f0ac9f0ecad1f0a1fcefc5 45980 libkadm5srv-mit12_1.20.1-2+deb12u4_armel.deb 49d41e3878bebd0e76c6151bd8b89532f9671023 36152 libkdb5-10_1.20.1-2+deb12u4_armel.deb 0503feadc0233ae1332d0c2be881a9be1344840e 15892 libkrad-dev_1.20.1-2+deb12u4_armel.deb b590b1a07717ae7f0b52462b877a1e0507c0bbc1 22852 libkrad0_1.20.1-2+deb12u4_armel.deb 5cd5bd155251d594b945e835a9261672dd902533 285352 libkrb5-3_1.20.1-2+deb12u4_armel.deb 4b5eb05fe220c662e709d10e09751782a36b002c 2121748 libkrb5-dbg_1.20.1-2+deb12u4_armel.deb 45900b8532ab5d8febd0a5e43381b0a298d85e8e 15416 libkrb5-dev_1.20.1-2+deb12u4_armel.deb 3c9b9575b485ce39ce48d756b5281be665110e93 30032 libkrb5support0_1.20.1-2+deb12u4_armel.deb Checksums-Sha256: 6bb2b14230e371789d2cd33abf6af89c6769f5ae6bd871c000e25558abc945e4 204916 krb5-admin-server-dbgsym_1.20.1-2+deb12u4_armel.deb 9fce6baa3b6d82302771f61ce8fe10d698dde5e7d723919a184f60c9d4731676 83836 krb5-admin-server_1.20.1-2+deb12u4_armel.deb 0d8b21f73cc5fd9bed6fa901dfbb6cd316f750a978afdcb70e3eeff7f5d03a26 37736 krb5-gss-samples-dbgsym_1.20.1-2+deb12u4_armel.deb 3f77229d28c075fc6817f8cb30408d49b2e92866a2f1685bcf3c4f66062bf2e3 28568 krb5-gss-samples_1.20.1-2+deb12u4_armel.deb a9bf2c61b36a8a5fef246f46b6783893c2bd5d49eba6ac0232903e92be2749c6 20156 krb5-k5tls-dbgsym_1.20.1-2+deb12u4_armel.deb a78915b3a4c556e7c9b7b84d2a281b5ca667f7710ff59796af6ec1d9f334ebed 18600 krb5-k5tls_1.20.1-2+deb12u4_armel.deb e25bdcc74ff029d5a33782e7e0b05df0d7d563ce7f0d1fe18ca2e282697b96d2 449220 krb5-kdc-dbgsym_1.20.1-2+deb12u4_armel.deb ce5b03cfa0dcea8134bd4e26fd200d3e4c76e5eb7f152636ecd6eb819384b564 188200 krb5-kdc-ldap-dbgsym_1.20.1-2+deb12u4_armel.deb dbc1b54f5291a3c86db8b558c2eba9068f0ac316c2d4a2cbd5ce3e5207e33b85 80040 krb5-kdc-ldap_1.20.1-2+deb12u4_armel.deb fa31627e060715a8fe419b80c7ae7905e909720d5386133dd10e3b032a6b796e 160316 krb5-kdc_1.20.1-2+deb12u4_armel.deb 6ff43e457822e8b65dc7212c4dbf18b9a445a652cea9a86fedce419946e55f11 45092 krb5-kpropd-dbgsym_1.20.1-2+deb12u4_armel.deb add3814c0d3cf4cb4fd9c4dab6701eda5c407a8dc632378e4c920354135e24a7 31128 krb5-kpropd_1.20.1-2+deb12u4_armel.deb 8ba92bea6fc7f8e46a0055eb8a533bd6851c67fdcf5956f7f5f5a00be511649d 125600 krb5-multidev_1.20.1-2+deb12u4_armel.deb 5581a14ff684a44121a1ae33daa94753b20eeb101116c421a80046ddb36f2460 29064 krb5-otp-dbgsym_1.20.1-2+deb12u4_armel.deb c0d88bf85c97fd7178de64efe6f1152b451a6b264d8b94d2df6a46c3c16772b7 20668 krb5-otp_1.20.1-2+deb12u4_armel.deb 24af92b2081693061895fe2d87aee5246f94e0746b15db1b35f8287c68abc944 149492 krb5-pkinit-dbgsym_1.20.1-2+deb12u4_armel.deb 9b6be6d1caccdb44005862d9652093a1f28fe2a20825e1ee8f0153f50e0e55b1 48932 krb5-pkinit_1.20.1-2+deb12u4_armel.deb 56e426fcac535dc933b428a9096fc614c7392553a244719689a33af79742cf7c 195512 krb5-user-dbgsym_1.20.1-2+deb12u4_armel.deb 8d84bfc4ca7b3e85d7058f79eb3643566cde618aec4c29ba36865ed240243ce8 111236 krb5-user_1.20.1-2+deb12u4_armel.deb e3b594a7ae63922f2b5fec16bb4ac8c042ccfd5ea5aa11f89ad2a411e07d62c1 15850 krb5_1.20.1-2+deb12u4_armel-buildd.buildinfo cb86472b11cf5a8aa99099c18b3604c05591fb4b0dd33462f4cee675956b4165 110584 libgssapi-krb5-2_1.20.1-2+deb12u4_armel.deb 5c7f4e8b8683c0c7a5eb682365af5dc4f0fab2b70398cd128ebd1f059d5ead2e 50936 libgssrpc4_1.20.1-2+deb12u4_armel.deb 20ae35c13322d1c7a1c57d37276653177686c5060fb34802bf2ee463d8db38b9 74928 libk5crypto3_1.20.1-2+deb12u4_armel.deb 8cc616f607199ed5e905e634c9dfa1ddcbd3053813f6eaed6d2998fe8bcb1f02 36496 libkadm5clnt-mit12_1.20.1-2+deb12u4_armel.deb 7ba82a1d38c027a787751903654999dfd53adcd9c2bf65b4b4817e60e5daec54 45980 libkadm5srv-mit12_1.20.1-2+deb12u4_armel.deb fa04be9edcf182bd715984ec585c66a7c285c3bdf2430acfb8aea5f5db00e2ac 36152 libkdb5-10_1.20.1-2+deb12u4_armel.deb 6ca66aa92ac3322f0a44d2c60e28ee81892c81abf56e4044dce5c4ce4254e27d 15892 libkrad-dev_1.20.1-2+deb12u4_armel.deb 696e53bbdbb636e383e5d3ad904211ac8519b4eb77c1220937310b3db854fffc 22852 libkrad0_1.20.1-2+deb12u4_armel.deb 10b812d3c4ea7c3394fcdb9359ea88faaba7026612d3fb8a575ab5beec7230bb 285352 libkrb5-3_1.20.1-2+deb12u4_armel.deb 7a4ef91ddf6d3e1913cd5c95d3cbda79672bb1763df45503e0acc4a14957636d 2121748 libkrb5-dbg_1.20.1-2+deb12u4_armel.deb c5166ac6bacb805592bea7ac8bd7a4dc0480d9bef5eb7e1bcd1f329334946920 15416 libkrb5-dev_1.20.1-2+deb12u4_armel.deb 8874596df593c2b0b4045cdc7b6464b205f6493c0bce1a178390a748453ecff3 30032 libkrb5support0_1.20.1-2+deb12u4_armel.deb Files: 0766e12a277b4ff5a9e5f36b14f34294 204916 debug optional krb5-admin-server-dbgsym_1.20.1-2+deb12u4_armel.deb d927cb6a424991562736c5c9ea25c994 83836 net optional krb5-admin-server_1.20.1-2+deb12u4_armel.deb b357759f6d919f79b800d5e39e163a3c 37736 debug optional krb5-gss-samples-dbgsym_1.20.1-2+deb12u4_armel.deb 4981a93257dd4eed9c83a00699ac35a7 28568 net optional krb5-gss-samples_1.20.1-2+deb12u4_armel.deb b5d06f439ba6ea6fee36597e03ec8132 20156 debug optional krb5-k5tls-dbgsym_1.20.1-2+deb12u4_armel.deb 40dafe327a67fd77426faba17f504951 18600 net optional krb5-k5tls_1.20.1-2+deb12u4_armel.deb 50d7bc34df3ea7cf2bc82bab5b50d2aa 449220 debug optional krb5-kdc-dbgsym_1.20.1-2+deb12u4_armel.deb 3c905e84e15d78c5b97cdfa1b65fc158 188200 debug optional krb5-kdc-ldap-dbgsym_1.20.1-2+deb12u4_armel.deb 8571ab4c7464e673487aae648d91a88f 80040 net optional krb5-kdc-ldap_1.20.1-2+deb12u4_armel.deb 7e132e34c8e82fca1cd02396a3417fc2 160316 net optional krb5-kdc_1.20.1-2+deb12u4_armel.deb e9f89fc231c8eb170be5b9b1c7fa80b2 45092 debug optional krb5-kpropd-dbgsym_1.20.1-2+deb12u4_armel.deb a94955eb02081c4c670026d8ae0e845d 31128 net optional krb5-kpropd_1.20.1-2+deb12u4_armel.deb 428b4f1402475cd4de103daf58524a9a 125600 libdevel optional krb5-multidev_1.20.1-2+deb12u4_armel.deb 59f3f64bd706ff11fa3d1b456c17c312 29064 debug optional krb5-otp-dbgsym_1.20.1-2+deb12u4_armel.deb b0e95dc6973ec62bb324c06b73877880 20668 net optional krb5-otp_1.20.1-2+deb12u4_armel.deb ff67378a63e506ad972c21e164d357be 149492 debug optional krb5-pkinit-dbgsym_1.20.1-2+deb12u4_armel.deb c71e220a5f200f0fd7699dbebdbe0d62 48932 net optional krb5-pkinit_1.20.1-2+deb12u4_armel.deb d8893e866f3c8d121e973b8b7fe4ad58 195512 debug optional krb5-user-dbgsym_1.20.1-2+deb12u4_armel.deb ee2a7505dd48034177b77b3a7bf73afa 111236 net optional krb5-user_1.20.1-2+deb12u4_armel.deb 863e846607eee61ac0d9c6812f8aa3c0 15850 net optional krb5_1.20.1-2+deb12u4_armel-buildd.buildinfo 2fbe052404447d641b449bb36480eaa7 110584 libs optional libgssapi-krb5-2_1.20.1-2+deb12u4_armel.deb 387f40f958c183dea2c0f5090d75b1d3 50936 libs optional libgssrpc4_1.20.1-2+deb12u4_armel.deb bebf22339ee6d2bf4e0aa02f8c7c2a83 74928 libs optional libk5crypto3_1.20.1-2+deb12u4_armel.deb 9c4cf8115d974a31a861969b7602a128 36496 libs optional libkadm5clnt-mit12_1.20.1-2+deb12u4_armel.deb dd189757f1a71df38f02520559ed121e 45980 libs optional libkadm5srv-mit12_1.20.1-2+deb12u4_armel.deb 63cba9fbba63456cec6fc17e3b7f0a07 36152 libs optional libkdb5-10_1.20.1-2+deb12u4_armel.deb c004a7cd6ded47ac7c20e0106acf88c5 15892 libdevel optional libkrad-dev_1.20.1-2+deb12u4_armel.deb 1803d6072a34c81d3aecf4d46a246eb3 22852 libs optional libkrad0_1.20.1-2+deb12u4_armel.deb 3174992082a9232a728cb96c89bbd301 285352 libs optional libkrb5-3_1.20.1-2+deb12u4_armel.deb ac7d61963e9dda14afb34669b0be4ae9 2121748 debug optional libkrb5-dbg_1.20.1-2+deb12u4_armel.deb 7854d95870d0fbf793bee69db282f04d 15416 libdevel optional libkrb5-dev_1.20.1-2+deb12u4_armel.deb ae036f0ec16133a49873318bbb1cfdb6 30032 libs optional libkrb5support0_1.20.1-2+deb12u4_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEENsdrABvTD8MQ0UffVza3l394K2AFAmg7eZAACgkQVza3l394 K2Ci8w/+MJOEiti7Hil4M/iHQE1viTtvwQO61Cijq281VnqM1T7sDCi9n/0an2y9 FIOyYJu3Cpy2w4L8wLB+PXnTznpoWvj+feaJecF0hcO98bNSya9U9BllCoSJgiy4 BvKkfQN6mFZgEBRyN+wDFL/9Dt1wm2Yq36GYuZUHATF8SSeHfr/VfBWMwssTlGGz 1so6jIC4yhgTT7meB3oJh0n+NXWuHp62YvLsxXnES3Nx9wmqNdyJ/U6M+d0nTCbu QfcH46eBVgE4OxMnXvBAwZ+euiJL24CXGzsOA4Ip6Q3oCa0Mjc3H2v7otofxQ6cG 5kIEY8BwtUy9cc0xSn8xlCrCvpkgNNgrU4czBoJXJ97wssyVeqwGFckp1sL8qvRa P2p8kEjcQyHF2pj7aMkqPYdtAUCNQwj4+wTO1hPQBFriTFJ6ZBXkJ2jIPr84RQPv 6C7bEXM9LI6VKI4egkYwcIylXlN2ixhmordV+LjKXvVnKo/qWz+tb1EAU+EuNk28 6fsgdztffttWW3Q7z4k+mid/cnOptNrgi/SdOWm8WzVPcRUsp144k0H6GbtcSk+o fSDRHz1gCLbbE2pIAQUr6hj5UWFfLPvPAtCInc0o0qkuoZCoeYv9oN/zy1Qf49rG Ut8Re98qHR3yXZziduPTAE55+hqODbmgx+kHA8N0DhyjnkhCLuQ= =ewUu -----END PGP SIGNATURE-----