MGASA-2015-0066

Description

Updated krb5 packages fix security vulnerabilities Updated krb5 packages fix security vulnerabilities: Incorrect memory management in the libgssapi_krb5 library might result in denial of service or the execution of arbitrary code (CVE-2014-5352). Incorrect memory management in kadmind's processing of XDR data might result in denial of service or the execution of arbitrary code (CVE-2014-9421). Incorrect processing of two-component server principals might result in impersonation attacks (CVE-2014-9422). An information leak in the libgssrpc library (CVE-2014-9423).

Affected Systems

• mageia•krb5

  < 1.11.4-1.4.mga4

References (4)

• https://advisories.mageia.org/MGASA-2015-0066.html
• https://bugs.mageia.org/show_bug.cgi?id=15202
• http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt
• https://www.debian.org/security/2015/dsa-3153