Advisories » MGASA-2015-0446

Updated krb5 packages fix CVE-2015-2698

Publication date: 16 Nov 2015
Modification date: 16 Nov 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-2698

Description

Updated krb5 packages fix security vulnerabilities:

In any MIT krb5 release with the patches for CVE-2015-2696 applied, an
application which calls gss_export_sec_context() may experience memory
corruption if the context was established using the IAKERB mechanism.
Historically, some vulnerabilities of this nature can be translated
into remote code execution, though the necessary exploits must be
tailored to the individual application and are usually quite
complicated (CVE-2015-2698).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17116
• http://advisories.mageia.org/MGASA-2015-0436.html
• https://lists.fedoraproject.org/pipermail/package-announce/2015-November/171079.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2698

SRPMS

5/core

• krb5-1.12.2-8.2.mga5