[ubuntu/oracular-security] krb5 1.21.3-3ubuntu0.1 (Accepted)

Wed Feb 5 03:22:18 UTC 2025

krb5 (1.21.3-3ubuntu0.1) oracular-security; urgency=medium

  * SECURITY UPDATE: Use of MD5-based message authentication over plaintext
    communications could lead to forgery attacks.                          
    - debian/patches/CVE-2024-3596.patch: Secure Response Authenticator    
      by adding support for the Message-Authenticator attribute in non-EAP 
      authentication methods.                                              
    - CVE-2024-3596$                                                       
  * Update libk5crypto3 symbols: add k5_hmac_md5 symbol.

Date: 2025-02-04 21:38:10.692767+00:00
Changed-By: nicolas campuzano jimenez <nicolas.campuzano at canonical.com>
Signed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/krb5/1.21.3-3ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.