Mageia Advisory: MGASA-2015-0066 - Updated krb5 packages fix security vulnerabilities

Updated krb5 packages fix security vulnerabilities

Publication date: 15 Feb 2015
Modification date: 15 Feb 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-5352 , CVE-2014-9421 , CVE-2014-9422 , CVE-2014-9423

Description

Updated krb5 packages fix security vulnerabilities:

Incorrect memory management in the libgssapi_krb5 library might result in
denial of service or the execution of arbitrary code (CVE-2014-5352).

Incorrect memory management in kadmind's processing of XDR data might result
in denial of service or the execution of arbitrary code (CVE-2014-9421).

Incorrect processing of two-component server principals might result in
impersonation attacks (CVE-2014-9422).

An information leak in the libgssrpc library (CVE-2014-9423).

References

https://bugs.mageia.org/show_bug.cgi?id=15202
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt
https://www.debian.org/security/2015/dsa-3153
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423

SRPMS

4/core

krb5-1.11.4-1.4.mga4

Advisories » MGASA-2015-0066

Updated krb5 packages fix security vulnerabilities

Description

References

SRPMS

4/core