SUSE-SU-2015:1276-1
Advisory lineage Upstream: 4 Downstream: 0
Published: 14 Jul 2015, 12:55
Last modified:04 Feb 2026, 04:05
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
14 Jul 2015, 12:55
Published
Vulnerability first disclosed
04 Feb 2026, 04:05
Last Modified
Vulnerability information updated
Description
Security update for krb5 krb5 was updated to fix four security issues. These security issues were fixed: - CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name (bsc#910457). - CVE-2014-5354: NULL pointer dereference when using keyless entries (bsc#910458). - CVE-2014-5355: Denial of service in krb5_read_message (bsc#918595). - CVE-2015-2694: OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass (bsc#928978).
Affected Systems
- suse•krb5&distro=SUSE Linux Enterprise Server 12
< 1.12.1-16.1
- suse•krb5&distro=SUSE Linux Enterprise Server for SAP Applications 12
< 1.12.1-16.1
- suse•krb5&distro=SUSE Linux Enterprise Software Development Kit 12
< 1.12.1-16.1
References (9)
- https://www.suse.com/support/update/announcement/2015/suse-su-20151276-1/
- https://bugzilla.suse.com/910457
- https://bugzilla.suse.com/910458
- https://bugzilla.suse.com/918595
- https://bugzilla.suse.com/928978
- https://www.suse.com/security/cve/CVE-2014-5353
- https://www.suse.com/security/cve/CVE-2014-5354
- https://www.suse.com/security/cve/CVE-2014-5355
- https://www.suse.com/security/cve/CVE-2015-2694