Advisories ยป MGASA-2014-0345

Updated krb5 package fixes security vulnerabilities

Publication date: 22 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-4341 , CVE-2014-4342 , CVE-2014-4343 , CVE-2014-4344 , CVE-2014-4345

Description

MIT Kerberos 5 allows attackers to cause a denial of service via a buffer
over-read or NULL pointer dereference, by injecting invalid tokens into a
GSSAPI application session (CVE-2014-4341, CVE-2014-4342).

MIT Kerberos 5 allows attackers to cause a denial of service via a
double-free flaw or NULL pointer dereference, while processing invalid
SPNEGO tokens (CVE-2014-4343, CVE-2014-4344).

In MIT Kerberos 5, when kadmind is configured to use LDAP for the KDC
database, an authenticated remote attacker can cause it to perform an
out-of-bounds write (buffer overflow) (CVE-2014-4345).
                

References

SRPMS

4/core

3/core