SUSE-SU-2015:1897-1
Advisory lineage Upstream: 3 Downstream: 0
Published: 30 Oct 2015, 10:30
Last modified:02 May 2025, 04:04
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
30 Oct 2015, 10:30
Published
Vulnerability first disclosed
02 May 2025, 04:04
Last Modified
Vulnerability information updated
Description
Security update for krb5 krb5 was updated to fix three security issues. These security issues were fixed: - CVE-2015-2695: Applications which call gss_inquire_context() on a partially-established SPNEGO context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process crash. (bsc#952188). - CVE-2015-2696: Applications which call gss_inquire_context() on a partially-established IAKERB context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process crash. (bsc#952189). - CVE-2015-2697: Incorrect string handling in build_principal_va can lead to DOS (bsc#952190).
Affected Systems
- suse•krb5&distro=SUSE Linux Enterprise Desktop 12
< 1.12.1-19.1
- suse•krb5&distro=SUSE Linux Enterprise Server 12
< 1.12.1-19.1
- suse•krb5&distro=SUSE Linux Enterprise Server for SAP Applications 12
< 1.12.1-19.1
- suse•krb5&distro=SUSE Linux Enterprise Software Development Kit 12
< 1.12.1-19.1
References (8)
- https://www.suse.com/support/update/announcement/2015/suse-su-20151897-1/
- https://bugzilla.suse.com/948011
- https://bugzilla.suse.com/952188
- https://bugzilla.suse.com/952189
- https://bugzilla.suse.com/952190
- https://www.suse.com/security/cve/CVE-2015-2695
- https://www.suse.com/security/cve/CVE-2015-2696
- https://www.suse.com/security/cve/CVE-2015-2697