-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 07 May 2025 19:06:22 +0200 Source: krb5 Binary: krb5-admin-server krb5-admin-server-dbgsym krb5-gss-samples krb5-gss-samples-dbgsym krb5-k5tls krb5-k5tls-dbgsym krb5-kdc krb5-kdc-dbgsym krb5-kdc-ldap krb5-kdc-ldap-dbgsym krb5-kpropd krb5-kpropd-dbgsym krb5-multidev krb5-otp krb5-otp-dbgsym krb5-pkinit krb5-pkinit-dbgsym krb5-user krb5-user-dbgsym libgssapi-krb5-2 libgssrpc4 libk5crypto3 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 libkrad-dev libkrad0 libkrb5-3 libkrb5-dbg libkrb5-dev libkrb5support0 Architecture: mipsel Version: 1.20.1-2+deb12u4 Distribution: bookworm Urgency: medium Maintainer: mipsel Build Daemon (mipsel-osuosl-05) Changed-By: Bastien Roucariès Description: krb5-admin-server - MIT Kerberos master server (kadmind) krb5-gss-samples - MIT Kerberos GSS Sample applications krb5-k5tls - TLS plugin for MIT Kerberos krb5-kdc - MIT Kerberos key server (KDC) krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin krb5-kpropd - MIT Kerberos key server (Slave KDC Support) krb5-multidev - development files for MIT Kerberos without Heimdal conflict krb5-otp - OTP plugin for MIT Kerberos krb5-pkinit - PKINIT plugin for MIT Kerberos krb5-user - basic programs to authenticate using MIT Kerberos libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library libkadm5clnt-mit12 - MIT Kerberos runtime libraries - Administration Clients libkadm5srv-mit12 - MIT Kerberos runtime libraries - KDC and Admin Server libkdb5-10 - MIT Kerberos runtime libraries - Kerberos database libkrad-dev - MIT Kerberos RADIUS Library Development libkrad0 - MIT Kerberos runtime libraries - RADIUS library libkrb5-3 - MIT Kerberos runtime libraries libkrb5-dbg - debugging files for MIT Kerberos libkrb5-dev - headers and development libraries for MIT Kerberos libkrb5support0 - MIT Kerberos runtime libraries - Support library Closes: 1103525 Changes: krb5 (1.20.1-2+deb12u4) bookworm; urgency=medium . * Non Maintainer upload by LTS team * Fix CVE-2025-3576. Closes: #1103525 A Vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. * Tickets will not be issued with RC4 or triple-DES session keys unless explicitly configured with the new allow_rc4 or allow_des3 variables respectively. * In KDC, assume all services support aes256-sha1 To facilitate negotiating session keys with acceptable security, assume that services support aes256-cts-hmac-sha1 unless a session_enctypes string attribute says otherwise. Checksums-Sha1: 6df45ce9d356db771fef3142f2d507d5ee7dda4a 212244 krb5-admin-server-dbgsym_1.20.1-2+deb12u4_mipsel.deb 32040e7dabc66b8619059ed7f031631ebbe0417d 87720 krb5-admin-server_1.20.1-2+deb12u4_mipsel.deb f8f899e1e4712263e3cbe7809fd397b7db872b38 38424 krb5-gss-samples-dbgsym_1.20.1-2+deb12u4_mipsel.deb b5aa20bcee48633034eb7a3172b8c1a85c49ef7b 28304 krb5-gss-samples_1.20.1-2+deb12u4_mipsel.deb 4b3f27402957925a3647886faac3bea035c5cb7b 20604 krb5-k5tls-dbgsym_1.20.1-2+deb12u4_mipsel.deb 64cc4cdc50ef579c51302177aa4abbe277ea0e38 19220 krb5-k5tls_1.20.1-2+deb12u4_mipsel.deb 9960c369e1f24e8ed008dd0334a110236e375f2a 465596 krb5-kdc-dbgsym_1.20.1-2+deb12u4_mipsel.deb fa945c75146c73526fb7edf6741e5ad3b05c48e8 191968 krb5-kdc-ldap-dbgsym_1.20.1-2+deb12u4_mipsel.deb a37bc8bde9c6c771a2d992e7f1b7ea2570118c70 81172 krb5-kdc-ldap_1.20.1-2+deb12u4_mipsel.deb d0b2413f5cba1f532325fe4f53c45e84fb52593a 172908 krb5-kdc_1.20.1-2+deb12u4_mipsel.deb 52c7fc9b4e1409184add7f7fcb8abc3835eab0fe 45556 krb5-kpropd-dbgsym_1.20.1-2+deb12u4_mipsel.deb d24fcd821092288c4c285e687ccdb74f4bd4012d 31172 krb5-kpropd_1.20.1-2+deb12u4_mipsel.deb 9da1927ffd5073f4b9dd1ddf928ba89f72de839a 125616 krb5-multidev_1.20.1-2+deb12u4_mipsel.deb da7429923936ad3d4710fcea879ef8ed3574d300 30020 krb5-otp-dbgsym_1.20.1-2+deb12u4_mipsel.deb a793786c1e57544ce18bfbdb0f1156668c4049d0 21544 krb5-otp_1.20.1-2+deb12u4_mipsel.deb 2a56332db0aa28bed8d3d8ae13413cb36b24dd17 156492 krb5-pkinit-dbgsym_1.20.1-2+deb12u4_mipsel.deb 77ddc8949ae16acd6792eb72892f332f9afeb606 52848 krb5-pkinit_1.20.1-2+deb12u4_mipsel.deb cd75cd69d97f79d663990b5d786f5775a2518365 200948 krb5-user-dbgsym_1.20.1-2+deb12u4_mipsel.deb 8500d33e8281e9ba49798640589649a7740ae0aa 114436 krb5-user_1.20.1-2+deb12u4_mipsel.deb ea02a8be3fcf62af2e9d5379a4a0e6788dd38b77 15877 krb5_1.20.1-2+deb12u4_mipsel-buildd.buildinfo ef92c406aaa206a974f277eee8a5c92b4c5c4ca2 118480 libgssapi-krb5-2_1.20.1-2+deb12u4_mipsel.deb 3fc3095100b20ec13765ee414967c8aa3c59d892 52892 libgssrpc4_1.20.1-2+deb12u4_mipsel.deb 77b86b6203b6824b338edf64da3741f3ea180ace 84924 libk5crypto3_1.20.1-2+deb12u4_mipsel.deb 5110c9b027bb5141d7cc9a6a28cc599c14b0e96f 37912 libkadm5clnt-mit12_1.20.1-2+deb12u4_mipsel.deb 80bf38f63e5b79f0880a3af5fbdf5b80707f5e5f 48240 libkadm5srv-mit12_1.20.1-2+deb12u4_mipsel.deb 74278a4927bc7fd62fe6032ff19c16bb9bd4b09b 37852 libkdb5-10_1.20.1-2+deb12u4_mipsel.deb 081e773406f2d34c2c81035594090a34a4cbbdda 15884 libkrad-dev_1.20.1-2+deb12u4_mipsel.deb d45c3ec815958e7bd88432b3ecb5e6ae79335fd8 23876 libkrad0_1.20.1-2+deb12u4_mipsel.deb 436665885386f79ea1caa38764c09c4fdca298c5 304180 libkrb5-3_1.20.1-2+deb12u4_mipsel.deb da6d62b8734d869bab13bd1566f0c3eb2fa03a7c 2205832 libkrb5-dbg_1.20.1-2+deb12u4_mipsel.deb 6cc733e0c5c479eef63311fa4424af153c045171 15412 libkrb5-dev_1.20.1-2+deb12u4_mipsel.deb 9c1129e3a630e89db189c18fb747e9de27536bbb 32264 libkrb5support0_1.20.1-2+deb12u4_mipsel.deb Checksums-Sha256: cb116c522d044c787873c019c368b2a51680c47ed89817d78adf39c702e0a9a8 212244 krb5-admin-server-dbgsym_1.20.1-2+deb12u4_mipsel.deb dc1c0d1b3d1f2e504f21e6554e54b0913b6e7a009b6d8ce7ffdab898c19e21ce 87720 krb5-admin-server_1.20.1-2+deb12u4_mipsel.deb 3ffb7406c8e647bf136828502051ec3d6055344433025363ea0759a77456b90d 38424 krb5-gss-samples-dbgsym_1.20.1-2+deb12u4_mipsel.deb f595113cef0a58e3a0b320bc1bf10bb5fc99c4c7c8a864762f676da68521c083 28304 krb5-gss-samples_1.20.1-2+deb12u4_mipsel.deb c8da46b5ef55bfdad72510644bd0ff32e215bcacf86ab63911c01a0e17378b9e 20604 krb5-k5tls-dbgsym_1.20.1-2+deb12u4_mipsel.deb abe55a9ca155a09a8c152d188779a05e26b698a865933b2b7a11172e044d8937 19220 krb5-k5tls_1.20.1-2+deb12u4_mipsel.deb 348822bacacbce05cdb92484cd94c4c0a9de2e73ef5fa6419d3638cb979e4cef 465596 krb5-kdc-dbgsym_1.20.1-2+deb12u4_mipsel.deb 3790f543644af85c707c7f6e5990ad2aaca9aa233fafc48f5e6b8710daf1ec0b 191968 krb5-kdc-ldap-dbgsym_1.20.1-2+deb12u4_mipsel.deb 7ef6a54f99dfcf74311a69a524f1e126517c56a43bc1abdd35fe43b0ebfde1fc 81172 krb5-kdc-ldap_1.20.1-2+deb12u4_mipsel.deb f357a0203919f5d5297f4880ea14742a0f22b5b370022995afa4847fd493de3c 172908 krb5-kdc_1.20.1-2+deb12u4_mipsel.deb 48033d081ccce7af658f2eef705714f1a8288d84c96e004cf0a08255ab5d7318 45556 krb5-kpropd-dbgsym_1.20.1-2+deb12u4_mipsel.deb 7bc09e099d6b345e2348fa192c0f1942a7f9697f5cfa2f7e81e3d863a212e027 31172 krb5-kpropd_1.20.1-2+deb12u4_mipsel.deb 819c59fc59b261dcfce2b20cbc773a017b98509d4ea96d31f3257a101180e85c 125616 krb5-multidev_1.20.1-2+deb12u4_mipsel.deb 5366facf9e86d00e2578b2cfd36d411de6b74a9d98cb5599430f7947ed26924d 30020 krb5-otp-dbgsym_1.20.1-2+deb12u4_mipsel.deb ec23d04d82cc25aed0c95814c32cf5610a70bcb64df89027ad7c080033a94d17 21544 krb5-otp_1.20.1-2+deb12u4_mipsel.deb 3affb9ebdd9264d89fcb8f5af9cb9948b9ef70c1be443ad3fdf54670bfa9705e 156492 krb5-pkinit-dbgsym_1.20.1-2+deb12u4_mipsel.deb 91e8c771db0f01433f6039da0826acedd374bc81b9954e47e997b77007e76f99 52848 krb5-pkinit_1.20.1-2+deb12u4_mipsel.deb 7a3d55f475f3b7e80e939f594d445f2cac6e65456ced9b62d19ebadca39b81e2 200948 krb5-user-dbgsym_1.20.1-2+deb12u4_mipsel.deb 454fe527adef46171289ad558c87666b646afc6657d0a5277f5a6bb20be062a6 114436 krb5-user_1.20.1-2+deb12u4_mipsel.deb 17b461b6485e7b66cdabee14d39e1eaf1026746a41643d0955b9ebcac0015473 15877 krb5_1.20.1-2+deb12u4_mipsel-buildd.buildinfo bad3a00fa82c11b60560fa41c28438bf312434d500ad1552b335158c74fee871 118480 libgssapi-krb5-2_1.20.1-2+deb12u4_mipsel.deb eef2c62d2cf640f56bf2420beb6a15043c34f8a69c943bc0826607d296b10467 52892 libgssrpc4_1.20.1-2+deb12u4_mipsel.deb fb08fa4b9d8886304a246cd992eeb9bbe4990e2910d6364e4d13959b04967bba 84924 libk5crypto3_1.20.1-2+deb12u4_mipsel.deb 5b267d3e8ffcf3c9946c24bbc91720da30282d569298e08cca9ae7f2457359bf 37912 libkadm5clnt-mit12_1.20.1-2+deb12u4_mipsel.deb e539c385210ef51330a1c4eadc6b6d18b59cbb7a845d31411fc4cb0bdbec048f 48240 libkadm5srv-mit12_1.20.1-2+deb12u4_mipsel.deb af61b17e2617bf3e07abcc39a4ea44efd79010bd81ffe1841673ce70107c78c7 37852 libkdb5-10_1.20.1-2+deb12u4_mipsel.deb 0ae4d8ce8d397255e93770db723ff4d403c9816e918fdd8e0f9bf5709f654fa8 15884 libkrad-dev_1.20.1-2+deb12u4_mipsel.deb 7d6ff9096fef98a7c13fc689a602aebee8a2a11a9fdb76605b5335453501626e 23876 libkrad0_1.20.1-2+deb12u4_mipsel.deb ed18d1a8543a8c947ce38ada36e4e5ac610fcfcbfc598584c313304014e49834 304180 libkrb5-3_1.20.1-2+deb12u4_mipsel.deb aa91ccf508be6ede574c4b91ae1aa7c9d9ad332551a224b521e81f05a82f1cfd 2205832 libkrb5-dbg_1.20.1-2+deb12u4_mipsel.deb 25cd9cd523ef9a73f56830a35a4c844ed802565ec9d792aff07a095da3e28a0a 15412 libkrb5-dev_1.20.1-2+deb12u4_mipsel.deb 67b93e22203ec872e57d5c8b59537951098b81268fac97ea137b9e2141a202b4 32264 libkrb5support0_1.20.1-2+deb12u4_mipsel.deb Files: 013089fa37f4a30933e0d53f9cf6fe2a 212244 debug optional krb5-admin-server-dbgsym_1.20.1-2+deb12u4_mipsel.deb 3fa9d9bffd49f69b92322aac87fed453 87720 net optional krb5-admin-server_1.20.1-2+deb12u4_mipsel.deb 4af8793d32452f920ce6d576899920a1 38424 debug optional krb5-gss-samples-dbgsym_1.20.1-2+deb12u4_mipsel.deb 8fe2af5251eea44d1c9e4a315948d3f5 28304 net optional krb5-gss-samples_1.20.1-2+deb12u4_mipsel.deb ed32c13f5f097d9096ad9843f4ebb8bf 20604 debug optional krb5-k5tls-dbgsym_1.20.1-2+deb12u4_mipsel.deb a964fd7d9a9b3cf36ae7023b4eb2dab6 19220 net optional krb5-k5tls_1.20.1-2+deb12u4_mipsel.deb 6ee1cbd794fcffb235f482c0cf9b420a 465596 debug optional krb5-kdc-dbgsym_1.20.1-2+deb12u4_mipsel.deb 81ffa507d8f340dc9cc17ad5d1433806 191968 debug optional krb5-kdc-ldap-dbgsym_1.20.1-2+deb12u4_mipsel.deb 0ac717ad6e2bde05a3525ea9bc217ecb 81172 net optional krb5-kdc-ldap_1.20.1-2+deb12u4_mipsel.deb d952652b34fa2f4e28f8030f55a78619 172908 net optional krb5-kdc_1.20.1-2+deb12u4_mipsel.deb c705e1ef668738dc2f85e0e6f791e1ea 45556 debug optional krb5-kpropd-dbgsym_1.20.1-2+deb12u4_mipsel.deb 16a8c97d5028e0cb2e3bfd8ce20acb10 31172 net optional krb5-kpropd_1.20.1-2+deb12u4_mipsel.deb 1fa5f394960e663e63f3a1d35dc607ba 125616 libdevel optional krb5-multidev_1.20.1-2+deb12u4_mipsel.deb d34c0ed19ef6d6eb2a4baab76632f9fe 30020 debug optional krb5-otp-dbgsym_1.20.1-2+deb12u4_mipsel.deb 2b1444a434929e63021b51bcdc8fa644 21544 net optional krb5-otp_1.20.1-2+deb12u4_mipsel.deb 1606b1b3ffdaccf70de2a421ea2dc5cb 156492 debug optional krb5-pkinit-dbgsym_1.20.1-2+deb12u4_mipsel.deb 300faaf3e03bcc040b9441b4f8dbbd1b 52848 net optional krb5-pkinit_1.20.1-2+deb12u4_mipsel.deb 49afe84cdf70cd832e3d7e279623d1dc 200948 debug optional krb5-user-dbgsym_1.20.1-2+deb12u4_mipsel.deb 91fb403a2bae4e9750845538f2ae181f 114436 net optional krb5-user_1.20.1-2+deb12u4_mipsel.deb 1e61e7f4087ee4bd326661464b710edd 15877 net optional krb5_1.20.1-2+deb12u4_mipsel-buildd.buildinfo 2ebe650c30b1763de383ac2a7b9c775e 118480 libs optional libgssapi-krb5-2_1.20.1-2+deb12u4_mipsel.deb 119ac0fa84d473b1b57a809d1b16d2de 52892 libs optional libgssrpc4_1.20.1-2+deb12u4_mipsel.deb 00d7cba5f6b630a0b57a682768b5cb01 84924 libs optional libk5crypto3_1.20.1-2+deb12u4_mipsel.deb 2598072f69213001863b50d607a94065 37912 libs optional libkadm5clnt-mit12_1.20.1-2+deb12u4_mipsel.deb 8030f727e7e5868ad39588bfd3917ff7 48240 libs optional libkadm5srv-mit12_1.20.1-2+deb12u4_mipsel.deb 1ad3d0bab5a13c9be23d9d57f4dbd118 37852 libs optional libkdb5-10_1.20.1-2+deb12u4_mipsel.deb dd4f55c74e99e420d9cfa4dedecc236b 15884 libdevel optional libkrad-dev_1.20.1-2+deb12u4_mipsel.deb 812bfc20545f7ac03f826863d05ab7d9 23876 libs optional libkrad0_1.20.1-2+deb12u4_mipsel.deb 56f4602f69faa285a14d4e843ca5ced8 304180 libs optional libkrb5-3_1.20.1-2+deb12u4_mipsel.deb bb3585066dfea19794bd745adc9bf31f 2205832 debug optional libkrb5-dbg_1.20.1-2+deb12u4_mipsel.deb b30a3078c5c12d07593b5a625749af6f 15412 libdevel optional libkrb5-dev_1.20.1-2+deb12u4_mipsel.deb 5cdfc006e94200d793961cbe624dc5ba 32264 libs optional libkrb5support0_1.20.1-2+deb12u4_mipsel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYLhEzFkGpb3yYRVHmlVdU6AM9BUFAmg7eJgACgkQmlVdU6AM 9BW7RBAAiPP8uTRlhVs9GQRDkESrMFf0rgCfUGduFaEDAdAfRtSaw3zO0oHcVxP+ jQ+o9SnP7wicZsO9vavbUCGv9S6Xa8kxsR5Fi4gKVOTj7vLfUxeeyB3bDDD0aziD s2DMbbhhR3Q0d9Ox20ZHobZFGpAFCyN8v1QUlvBZAGG61nt1V/Jb0JgXvJMbw0mS Dh47HRwIazIvxftfoMQKka+qOgCb90NTTrDPtUEO/p32Urp93ioAC+LlGfXWxYur S5iJQqISzj6j7TSlQkWkDpW/aZKgnQwfh7ZwX0VJfLKUIk/LM5hSlgMnVM5Z/I2g IAUOLBGsVFJLLbwndq7QW3X9GrAF2yxqnCcu8jCjcbov1f53Rhe+DMkuMj1uIOWt /1BtuNWP2mb0bsCKj/0OI6uOhuf1arpSGRpaPdTS+UqFXKsRTWh1RXexEKP+fzCD fcB4IO/X6XH6hsa6MyHEB6desZR6n31ciKh6KaPzLCWUiF5pQCR6WIDQleEKAzBq 7Y+082H3gaDst/lHOGAOr/A3SNBc5yel0jI4Vnu/mRRUgdTGJqGsqMU+142IIQlX eA1DKR0b90UK34Q7tCqNwLYUnTyifkosZlfSi8Ge9dEIWRN/wi9TrhWHnOJOjw4l SO9KrJiA6Ud5CeUb3JamoHpD7sq09k2rA+uq5wet9CL9KsAVRjI= =GmlC -----END PGP SIGNATURE-----