-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 07 May 2025 19:06:22 +0200 Source: krb5 Binary: krb5-admin-server krb5-admin-server-dbgsym krb5-gss-samples krb5-gss-samples-dbgsym krb5-k5tls krb5-k5tls-dbgsym krb5-kdc krb5-kdc-dbgsym krb5-kdc-ldap krb5-kdc-ldap-dbgsym krb5-kpropd krb5-kpropd-dbgsym krb5-multidev krb5-otp krb5-otp-dbgsym krb5-pkinit krb5-pkinit-dbgsym krb5-user krb5-user-dbgsym libgssapi-krb5-2 libgssrpc4 libk5crypto3 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 libkrad-dev libkrad0 libkrb5-3 libkrb5-dbg libkrb5-dev libkrb5support0 Architecture: armhf Version: 1.20.1-2+deb12u4 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-ubc-05) Changed-By: Bastien Roucariès Description: krb5-admin-server - MIT Kerberos master server (kadmind) krb5-gss-samples - MIT Kerberos GSS Sample applications krb5-k5tls - TLS plugin for MIT Kerberos krb5-kdc - MIT Kerberos key server (KDC) krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin krb5-kpropd - MIT Kerberos key server (Slave KDC Support) krb5-multidev - development files for MIT Kerberos without Heimdal conflict krb5-otp - OTP plugin for MIT Kerberos krb5-pkinit - PKINIT plugin for MIT Kerberos krb5-user - basic programs to authenticate using MIT Kerberos libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library libkadm5clnt-mit12 - MIT Kerberos runtime libraries - Administration Clients libkadm5srv-mit12 - MIT Kerberos runtime libraries - KDC and Admin Server libkdb5-10 - MIT Kerberos runtime libraries - Kerberos database libkrad-dev - MIT Kerberos RADIUS Library Development libkrad0 - MIT Kerberos runtime libraries - RADIUS library libkrb5-3 - MIT Kerberos runtime libraries libkrb5-dbg - debugging files for MIT Kerberos libkrb5-dev - headers and development libraries for MIT Kerberos libkrb5support0 - MIT Kerberos runtime libraries - Support library Closes: 1103525 Changes: krb5 (1.20.1-2+deb12u4) bookworm; urgency=medium . * Non Maintainer upload by LTS team * Fix CVE-2025-3576. Closes: #1103525 A Vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. * Tickets will not be issued with RC4 or triple-DES session keys unless explicitly configured with the new allow_rc4 or allow_des3 variables respectively. * In KDC, assume all services support aes256-sha1 To facilitate negotiating session keys with acceptable security, assume that services support aes256-cts-hmac-sha1 unless a session_enctypes string attribute says otherwise. Checksums-Sha1: b2cef06da94a5586df0ce40330ac8b9db0222a47 207200 krb5-admin-server-dbgsym_1.20.1-2+deb12u4_armhf.deb 390c90ad5ffad179f02a227895499cba592a62e4 85112 krb5-admin-server_1.20.1-2+deb12u4_armhf.deb 3fe0fe1485540b3a1adfb2ce42ff7c9a57a7f501 37748 krb5-gss-samples-dbgsym_1.20.1-2+deb12u4_armhf.deb 684aaa7f9ab2efe012a8385cb983ddbaaaed576c 27100 krb5-gss-samples_1.20.1-2+deb12u4_armhf.deb 3a991eb69a7c897450d6ebb56dd0d42861ef5cac 20276 krb5-k5tls-dbgsym_1.20.1-2+deb12u4_armhf.deb b3857b01d3d773382418bb8a259be099ac18d8ae 18596 krb5-k5tls_1.20.1-2+deb12u4_armhf.deb 86cab763333586d479d876eaf8ae01f427078c64 453320 krb5-kdc-dbgsym_1.20.1-2+deb12u4_armhf.deb 67444ee7ee39a10df8314c72bd93d7a638eef104 190280 krb5-kdc-ldap-dbgsym_1.20.1-2+deb12u4_armhf.deb 175cdfccacc4355962c09f0a22a6765be4adc13c 80804 krb5-kdc-ldap_1.20.1-2+deb12u4_armhf.deb a41bba8b77eff344d90a1a741b0956cf05b3b5bc 160152 krb5-kdc_1.20.1-2+deb12u4_armhf.deb 0c91c6a15eafc6ceea10d5abd6387ce1dfd4df7a 45300 krb5-kpropd-dbgsym_1.20.1-2+deb12u4_armhf.deb 6598d45ec32d59f31ffae5ad7341a686b1d0f9ea 31288 krb5-kpropd_1.20.1-2+deb12u4_armhf.deb 2a8308aaac55987ebd8e447bed7bab5d41a926eb 125624 krb5-multidev_1.20.1-2+deb12u4_armhf.deb beb8248bab7070aa03deb08fb29342d7bb090546 29396 krb5-otp-dbgsym_1.20.1-2+deb12u4_armhf.deb 2e743fdd0e8b254641ed00b7378e758bcce15dec 20584 krb5-otp_1.20.1-2+deb12u4_armhf.deb ef53bdd692d9ef676241a62487b1368ecb676353 152852 krb5-pkinit-dbgsym_1.20.1-2+deb12u4_armhf.deb d805e63cad9e20e10e968fa9bcf063a5585b327b 49576 krb5-pkinit_1.20.1-2+deb12u4_armhf.deb dcc3f91adde339bfb5b682e11fc03d8229ed98e1 197960 krb5-user-dbgsym_1.20.1-2+deb12u4_armhf.deb 78508979737d59f18be5995b7162c1ae5927f935 112752 krb5-user_1.20.1-2+deb12u4_armhf.deb 02e5765f7936d5068dd6a6e0c10769dea6dbb2e2 15852 krb5_1.20.1-2+deb12u4_armhf-buildd.buildinfo ef88e745b1c7879836dbfbcf40e8517980fed584 111768 libgssapi-krb5-2_1.20.1-2+deb12u4_armhf.deb 0bc8354f1a13bd32fd6f34dc67098b075f628b8a 51316 libgssrpc4_1.20.1-2+deb12u4_armhf.deb aefce70b9bcac1a84116cd064afa11cad06176d2 75268 libk5crypto3_1.20.1-2+deb12u4_armhf.deb b8ebca363993b682d80ab3f151b14f1b5edb0b71 36624 libkadm5clnt-mit12_1.20.1-2+deb12u4_armhf.deb 0a92082bda246f77850ae704b1ba8321fecb72c0 46592 libkadm5srv-mit12_1.20.1-2+deb12u4_armhf.deb b8910f4fa5bbfb8bc428b5c3b21a624ef181311e 36268 libkdb5-10_1.20.1-2+deb12u4_armhf.deb 3929390ef56d7bb922b9c69e994712633ec295ce 15888 libkrad-dev_1.20.1-2+deb12u4_armhf.deb caaee0c3f5f89855948c0b3ecbbe8fdee8d6caf5 22888 libkrad0_1.20.1-2+deb12u4_armhf.deb 800f2c6a2f0c788041479f2b349161b6b0f9da25 287936 libkrb5-3_1.20.1-2+deb12u4_armhf.deb 18ce9f0b513753ada25f05bede90ee60c5ae44c5 2155488 libkrb5-dbg_1.20.1-2+deb12u4_armhf.deb c87931a7e1e299ae6e27997e1068c0ff8e97a821 15428 libkrb5-dev_1.20.1-2+deb12u4_armhf.deb a4178ceb1bd82eef9bd74eedde6f4709ce8e39b5 30100 libkrb5support0_1.20.1-2+deb12u4_armhf.deb Checksums-Sha256: 5a6492756444610789cbf16ec04a610684ebb2d4563a7010d8dbecf8dc7eedaa 207200 krb5-admin-server-dbgsym_1.20.1-2+deb12u4_armhf.deb cb0ddb2a4a450848a855a2ddfa5b1b8237e06ba08eee9a426506a8f6f8ec9062 85112 krb5-admin-server_1.20.1-2+deb12u4_armhf.deb a7b2e6fcc31581bd069869f91175332d874a3851b28172ef74e3d54c8b6ca615 37748 krb5-gss-samples-dbgsym_1.20.1-2+deb12u4_armhf.deb dc2f9581e1d326deb5dffe359f66f42a6821b248cd053e2f5c45e4447e415ded 27100 krb5-gss-samples_1.20.1-2+deb12u4_armhf.deb 5fb7e6034a87531ff96a813bf15d7e8925ed0fb06a5349c7a2801c522d410baf 20276 krb5-k5tls-dbgsym_1.20.1-2+deb12u4_armhf.deb 18fba869e33cfee45f7aa3744bb269ab8f9e3a5664eafa5f2b3091d2ccbeeaf4 18596 krb5-k5tls_1.20.1-2+deb12u4_armhf.deb c45cfdc4b3578e861ef7bdd3deac89ece7acfa4275e49c27ce898f7ae7dec38a 453320 krb5-kdc-dbgsym_1.20.1-2+deb12u4_armhf.deb 41cd41280d591849a6d97ed82eb0257bd3b37af31d3afbe13f95dfccd3374826 190280 krb5-kdc-ldap-dbgsym_1.20.1-2+deb12u4_armhf.deb 23862041960d7d6ce5bce097941c88302b1c01924b62dafc8fc55af3b573b254 80804 krb5-kdc-ldap_1.20.1-2+deb12u4_armhf.deb 8b60bb0446415ea4423f599d5aa69d17a6b2e4edae8fbcc91df8f4dcdbd2f113 160152 krb5-kdc_1.20.1-2+deb12u4_armhf.deb a3110a460adfd1037b2c7a3212565b9215925a3d46cb401fd0cc26107f0470dc 45300 krb5-kpropd-dbgsym_1.20.1-2+deb12u4_armhf.deb 9c4adcdaf70c5324eb7c36f595221364379c878d226640e5d567737f3bbd37eb 31288 krb5-kpropd_1.20.1-2+deb12u4_armhf.deb 5ec8a339b17a722e3aad221ddfdee51706ae8bc299a7af1d90f0e74635278977 125624 krb5-multidev_1.20.1-2+deb12u4_armhf.deb f67bab206561f33cfcdc255236f39c6b78e793ce12525c1b55b2f98b23631426 29396 krb5-otp-dbgsym_1.20.1-2+deb12u4_armhf.deb 62bf174251ea9cacb710d84b9306de22c17156dfdc7ed3831755a73d0e1d3255 20584 krb5-otp_1.20.1-2+deb12u4_armhf.deb b1744ca45d4c6f09ddba3de0ad8f1501c8e2ed62579427007418048e548a9a02 152852 krb5-pkinit-dbgsym_1.20.1-2+deb12u4_armhf.deb 6a6b70a57cf8943d106a2b43f1e4c2374ac1a835e4cc8bbd5c396f44e4a098e8 49576 krb5-pkinit_1.20.1-2+deb12u4_armhf.deb b5af45ccf9cd6575e7f95b07ab32cea8d580e844e2e3a6294f8dcadc63946e51 197960 krb5-user-dbgsym_1.20.1-2+deb12u4_armhf.deb bb5fe468a4b146e323bbacebdf75d8d3ac24f2e958532679c1d8ab3b326ac613 112752 krb5-user_1.20.1-2+deb12u4_armhf.deb 39f288ec5ffd112e8a3455d666be2eebb96845ad9eb152e53652a92e082c8354 15852 krb5_1.20.1-2+deb12u4_armhf-buildd.buildinfo b362eb987f9cfb8d28fccd8dc4b3a4757b3a35a20cf89a9b7c4029a5a901b26d 111768 libgssapi-krb5-2_1.20.1-2+deb12u4_armhf.deb 9b68560e24a81de1400592d70d6c0bf1530578d01634ca368620292ec36d6390 51316 libgssrpc4_1.20.1-2+deb12u4_armhf.deb aa7a10cdc0cd8f5c381e4644f1643258428a3482d888a099327ccb9d9b3108de 75268 libk5crypto3_1.20.1-2+deb12u4_armhf.deb 0da5a868f2db519e27e9feb5ca3d65fa814d82656cf85aba503083d4b64fb59e 36624 libkadm5clnt-mit12_1.20.1-2+deb12u4_armhf.deb d23a780eeb392f1d17f111d5e13eff4c904be073d70200907908838ded173514 46592 libkadm5srv-mit12_1.20.1-2+deb12u4_armhf.deb 1995e48a55a2227035c8d4391ce93b1366985595e78156121e57fea8bb3cdb52 36268 libkdb5-10_1.20.1-2+deb12u4_armhf.deb d4b7744dcc53709542d6809e2217a96969693a2343d4ffb23b811f9074091ba5 15888 libkrad-dev_1.20.1-2+deb12u4_armhf.deb 80fba8c25a1aba8c113feb87b9e0779983fe03beb42fe1621ab9071491d9f298 22888 libkrad0_1.20.1-2+deb12u4_armhf.deb 475dc469e4251aeeb8a99fba5abe535a54869ce876584794bce5188e5526ca65 287936 libkrb5-3_1.20.1-2+deb12u4_armhf.deb b6a65d2de8d38e2fec228548ae1dd32ac66dd995e72deb2f36308b65d8f5e624 2155488 libkrb5-dbg_1.20.1-2+deb12u4_armhf.deb f88cdb58f123e271cca07982c1c88c46e7dbb483a195d13a64ca97aa1c9827f4 15428 libkrb5-dev_1.20.1-2+deb12u4_armhf.deb f33ab61b023aa14c65f084ab9721446faf7012e2e0219d7770902a078166483a 30100 libkrb5support0_1.20.1-2+deb12u4_armhf.deb Files: 5499dfa7b1046c52b4ecda28ec3565b4 207200 debug optional krb5-admin-server-dbgsym_1.20.1-2+deb12u4_armhf.deb c717b9da04d0ed307e6a8200b0d8b908 85112 net optional krb5-admin-server_1.20.1-2+deb12u4_armhf.deb 43e8b5e87dd667c7561f72b6eb7598e7 37748 debug optional krb5-gss-samples-dbgsym_1.20.1-2+deb12u4_armhf.deb e3bb4a0b9eeb8a365fe151f6392cbfbe 27100 net optional krb5-gss-samples_1.20.1-2+deb12u4_armhf.deb 6d5104fd3bf98e2088d8bec5fb022b3a 20276 debug optional krb5-k5tls-dbgsym_1.20.1-2+deb12u4_armhf.deb 5d3eab778ec82f9d4b74852433a9565c 18596 net optional krb5-k5tls_1.20.1-2+deb12u4_armhf.deb cea4eb8dab87dd6d3befee4ea0e5907a 453320 debug optional krb5-kdc-dbgsym_1.20.1-2+deb12u4_armhf.deb b36413121f1d949541d6c1a1982a9e8b 190280 debug optional krb5-kdc-ldap-dbgsym_1.20.1-2+deb12u4_armhf.deb 80d70b5b10594c8cea3d8ed44e98c440 80804 net optional krb5-kdc-ldap_1.20.1-2+deb12u4_armhf.deb d97220459921a3ca1357862aca487efe 160152 net optional krb5-kdc_1.20.1-2+deb12u4_armhf.deb 2b45ecf15bd635b4c87ae3b2def6ce79 45300 debug optional krb5-kpropd-dbgsym_1.20.1-2+deb12u4_armhf.deb 6226872141b9d5d5d6ea0e2c774e22ac 31288 net optional krb5-kpropd_1.20.1-2+deb12u4_armhf.deb fe77c2b72b3f7da1fcef344f4f892d5f 125624 libdevel optional krb5-multidev_1.20.1-2+deb12u4_armhf.deb 54f504edf4fc0503514acd0cd1b1a905 29396 debug optional krb5-otp-dbgsym_1.20.1-2+deb12u4_armhf.deb 488d68f8d0ce35f1762e2075162bb2e5 20584 net optional krb5-otp_1.20.1-2+deb12u4_armhf.deb 7f22987e92524c1ef5687440e21f9d20 152852 debug optional krb5-pkinit-dbgsym_1.20.1-2+deb12u4_armhf.deb 612f8a8d0d494cd91795f568370e2c25 49576 net optional krb5-pkinit_1.20.1-2+deb12u4_armhf.deb 5ee12dcb15d46c7d3a3f39fa54c3a6da 197960 debug optional krb5-user-dbgsym_1.20.1-2+deb12u4_armhf.deb 7a1a603de7ebdc7d273360e03a039681 112752 net optional krb5-user_1.20.1-2+deb12u4_armhf.deb f08ec048bc83bc62594a5c027ef3a0e4 15852 net optional krb5_1.20.1-2+deb12u4_armhf-buildd.buildinfo 557ef679a612e8a731875193f503ec66 111768 libs optional libgssapi-krb5-2_1.20.1-2+deb12u4_armhf.deb 8ffeb55f4b63085f36d8102f9adc87b9 51316 libs optional libgssrpc4_1.20.1-2+deb12u4_armhf.deb 3aea8c6b9005b17745188a298b625942 75268 libs optional libk5crypto3_1.20.1-2+deb12u4_armhf.deb 6fd9fd508a6dad9482da537bd8f1d761 36624 libs optional libkadm5clnt-mit12_1.20.1-2+deb12u4_armhf.deb 593d6a8df216eb0f2b8909add7c83421 46592 libs optional libkadm5srv-mit12_1.20.1-2+deb12u4_armhf.deb 73f7cd550bbba9ec0a500169e6d22bd5 36268 libs optional libkdb5-10_1.20.1-2+deb12u4_armhf.deb 833e2be9572b54d7dae29ba46e0a73d6 15888 libdevel optional libkrad-dev_1.20.1-2+deb12u4_armhf.deb 27c613e56762681724aa1c50fc7aca6e 22888 libs optional libkrad0_1.20.1-2+deb12u4_armhf.deb a93583d9c62da672c9ac4500732535a3 287936 libs optional libkrb5-3_1.20.1-2+deb12u4_armhf.deb 339c51b7346b49f18026bfff865600d7 2155488 debug optional libkrb5-dbg_1.20.1-2+deb12u4_armhf.deb 706f889df308f15b1d171caf08cc43a9 15428 libdevel optional libkrb5-dev_1.20.1-2+deb12u4_armhf.deb 750bf2cdc617e962bbc2094d6417f58e 30100 libs optional libkrb5support0_1.20.1-2+deb12u4_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEiIG3Q3DxwDgRKKeyLRECdjCZQkcFAmg7eaQACgkQLRECdjCZ QkfEOw//eX1ij608ZdvOI4qZvS0uXL61O2oiSdi1nKNw7g9pKEviO0TrtV3Obo1/ O6q65JscRRFD9/YDT/UnCY2Wh+djMGQG2npLeh1rFxvAyE4vg1tDYteLo+FMSq8U nQcBWtrVPGQzr7v39nAYp18nwsTiRN2KjgPfku4WipbuvcO6AXUi8hnnNUZxCkTQ QgdIIuDD2NlWc14yFtqQAG0z27gjBPGXSBbx/ghXDJEkua6Zx8M9H1tDei7g2BVT R6VR3Qg6ak4RLLCZ1I6i6KPrhiuaxAWjSfwlf1zO4FnOjwNEtcCXT7dZMS0uueLZ XWYkVr0Sp5tV37SY5pZ/XmVfYMeFL/lYZkOvm0T+6cmpGNq3gx3/4gQWu3zJBUzK d59uPs/hb1sBsmukudK5rc9QGH8bkETfewt+sCTRT5d9Hj4A0/gtrTVf0xgCF0bv qv9MYLYjp7kcmfSvfbcBIrKGt2/QbPwS/lmY19+923nYL5mTtmEj8M9VJICzST/g m/k0RdErtlwhf+zZ60Uc3IxnYhLDepTNa6fB2Fix04QXTENOrRmz7IxjfkGUjkL3 Nb43fS+Br5vIjZeNmbOCvFOmx2o2aL7UCzSCtljA0eU56c2w6Oi1FlJwy50cvi0I 815FKiUDy5oGscXlTIfIIFYBl2BsneMha/m1nwloPOYLbSCMz4E= =bhBQ -----END PGP SIGNATURE-----