Bug#693931: Please unblock krb5 1.10.1+dfsg-3

To: submit@bugs.debian.org
Subject: Bug#693931: Please unblock krb5 1.10.1+dfsg-3
From: Sam Hartman <hartmans@debian.org>
Date: Wed, 21 Nov 2012 16:50:09 -0500
Message-id: <[🔎] tslvccywrqm.fsf@mit.edu>
Reply-to: Sam Hartman <hartmans@debian.org>, 693931@bugs.debian.org

package: release.debian.org

Hi.  This includes a fix that causes many gss-using applications to
crash on some systems and a fix requested by the security team.
Removing the call to unload gss plugins does create a bit of a leak if
libgssapi_krb5 is dlclosed and dlopened repeatedly, plugins are
involved, and the plugins do not trigger a circular reference.  That's
rare. Normally either plugins are not involved, or there is a circular
reference.  Also, I no of no application that loads and unloads
libgssapi_krb5.  I think the memory leak is better than a crash of
unrelated applications.  Upstream and I are discussing longer-term
solutions.

krb5 (1.10.1+dfsg-3) unstable; urgency=low

  * Kadmind crash only triggered by admin users, cve-2012-1013, Closes:
    #687647
  * Don't unload GSS-API plugins to avoid crashing applications that use
    GSS-API on systems with plugins installed, Closes: #693741

 -- Sam Hartman <hartmans@debian.org>  Mon, 19 Nov 2012 17:35:04 -0500

Reply to:

Follow-Ups:
- Bug#693931: marked as done (Please unblock krb5 1.10.1+dfsg-3)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#693931: Please unblock krb5 1.10.1+dfsg-3
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Bug#693882: marked as done (unblock: libssh/0.5.3-1)
Next by Date: Bug#693899: marked as done (unblock: telepathy-salut/0.8.1-1)
Previous by thread: Bug#693924: unblock: ltsp/5.4.2-4
Next by thread: Bug#693931: marked as done (Please unblock krb5 1.10.1+dfsg-3)
Index(es):
- Date
- Thread