Ubuntu 2498-1: Kerberos vulnerabilities
Summary
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: krb5-admin-server 1.12.1+dfsg-10ubuntu0.1 krb5-kdc 1.12.1+dfsg-10ubuntu0.1 krb5-kdc-ldap 1.12.1+dfsg-10ubuntu0.1 krb5-otp 1.12.1+dfsg-10ubuntu0.1 krb5-pkinit 1.12.1+dfsg-10ubuntu0.1 krb5-user 1.12.1+dfsg-10ubuntu0.1 libgssapi-krb5-2 1.12.1+dfsg-10ubuntu0.1 libgssrpc4 1.12.1+dfsg-10ubuntu0.1 libk5crypto3 1.12.1+dfsg-10ubuntu0.1 libkadm5clnt-mit9 1.12.1+dfsg-10ubuntu0.1 libkadm5srv-mit9 1.12.1+dfsg-10ubuntu0.1 libkdb5-7 1.12.1+dfsg-10ubuntu0.1 libkrad0 1.12.1+dfsg-10ubuntu0.1 libkrb5-3 1.12.1+dfsg-10ubuntu0.1 libkrb5support0 1.12.1+dfsg-10ubuntu0.1 Ubuntu 14.04 LTS: krb5-admin-server 1.12+dfsg-2ubuntu5.1 krb5-kdc 1.12+dfsg-2ubuntu5.1 krb5-kdc-ldap 1.12+dfsg-2ubuntu5.1 krb5-otp 1.12+dfsg-2ubuntu5.1 krb5-pkinit 1.12+dfsg-2ubuntu5.1 krb5-user 1.12+dfsg-2ubuntu5.1 libgssapi-krb5-2 1.12+dfsg-2ubuntu5.1 libgssrpc4 1.12+dfsg-2ubuntu5.1 libk5crypto3 1.12+dfsg-2ubuntu5.1 libkadm5clnt-mit9 1.12+dfsg-2ubuntu5.1 libkadm5srv-mit8 1.12+dfsg-2ubuntu5.1 libkadm5srv-mit9 1.12+dfsg-2ubuntu5.1 libkdb5-7 1.12+dfsg-2ubuntu5.1 libkrad0 1.12+dfsg-2ubuntu5.1 libkrb5-3 1.12+dfsg-2ubuntu5.1 libkrb5support0 1.12+dfsg-2ubuntu5.1 Ubuntu 12.04 LTS: krb5-admin-server 1.10+dfsg~beta1-2ubuntu0.6 krb5-kdc 1.10+dfsg~beta1-2ubuntu0.6 krb5-kdc-ldap 1.10+dfsg~beta1-2ubuntu0.6 krb5-pkinit 1.10+dfsg~beta1-2ubuntu0.6 krb5-user 1.10+dfsg~beta1-2ubuntu0.6 libgssapi-krb5-2 1.10+dfsg~beta1-2ubuntu0.6 libgssrpc4 1.10+dfsg~beta1-2ubuntu0.6 libk5crypto3 1.10+dfsg~beta1-2ubuntu0.6 libkadm5clnt-mit8 1.10+dfsg~beta1-2ubuntu0.6 libkadm5srv-mit8 1.10+dfsg~beta1-2ubuntu0.6 libkdb5-6 1.10+dfsg~beta1-2ubuntu0.6 libkrb5-3 1.10+dfsg~beta1-2ubuntu0.6 libkrb53 1.10+dfsg~beta1-2ubuntu0.6 libkrb5support0 1.10+dfsg~beta1-2ubuntu0.6 Ubuntu 10.04 LTS: krb5-admin-server 1.8.1+dfsg-2ubuntu0.14 krb5-kdc 1.8.1+dfsg-2ubuntu0.14 krb5-kdc-ldap 1.8.1+dfsg-2ubuntu0.14 krb5-pkinit 1.8.1+dfsg-2ubuntu0.14 krb5-user 1.8.1+dfsg-2ubuntu0.14 libgssapi-krb5-2 1.8.1+dfsg-2ubuntu0.14 libgssrpc4 1.8.1+dfsg-2ubuntu0.14 libk5crypto3 1.8.1+dfsg-2ubuntu0.14 libkadm5clnt-mit7 1.8.1+dfsg-2ubuntu0.14 libkadm5srv-mit7 1.8.1+dfsg-2ubuntu0.14 libkdb5-4 1.8.1+dfsg-2ubuntu0.14 libkrb5-3 1.8.1+dfsg-2ubuntu0.14 libkrb5support0 1.8.1+dfsg-2ubuntu0.14 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-2498-1
CVE-2014-5351, CVE-2014-5352, CVE-2014-5353, CVE-2014-5354,
CVE-2014-9421, CVE-2014-9422, CVE-2014-9423
Package Information
https://launchpad.net/ubuntu/+source/krb5/1.12.1+dfsg-10ubuntu0.1 https://launchpad.net/ubuntu/+source/krb5/1.12+dfsg-2ubuntu5.1 https://launchpad.net/ubuntu/+source/krb5/1.10+dfsg~beta1-2ubuntu0.6 https://launchpad.net/ubuntu/+source/krb5/1.8.1+dfsg-2ubuntu0.14