Updated krb5 packages fix security vulnerabilities
Publication date: 15 Feb 2015Type: security
Affected Mageia releases : 4
CVE: CVE-2014-5352 , CVE-2014-9421 , CVE-2014-9422 , CVE-2014-9423
Description
Updated krb5 packages fix security vulnerabilities:
Incorrect memory management in the libgssapi_krb5 library might result in
denial of service or the execution of arbitrary code (CVE-2014-5352).
Incorrect memory management in kadmind's processing of XDR data might result
in denial of service or the execution of arbitrary code (CVE-2014-9421).
Incorrect processing of two-component server principals might result in
impersonation attacks (CVE-2014-9422).
An information leak in the libgssrpc library (CVE-2014-9423).
References
- https://bugs.mageia.org/show_bug.cgi?id=15202
- http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt
- https://www.debian.org/security/2015/dsa-3153
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423
SRPMS
4/core
- krb5-1.11.4-1.4.mga4