krb5 security update

🗓️ 20 Oct 2014 18:09:24Reported by CentOS ProjectType

Kerberos network authentication system has multiple vulnerabilities including NULL pointer dereference, buffer overflow, and double-free flaws. Update to patched packages.

Reporter	Title	Published	Views	Family All 247
IBM Security Bulletins	Security Bulletin: IBM Security Network Intrusion Prevention System is affected by krb5 vulnerabilities (CVE-2014-4341, CVE-2013-1418 )	23 Feb 202219:48	–	ibm
IBM Security Bulletins	Security Bulletin: Power Hardware Management Console is affected by security vulnerabilities in Kerberos (CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423)	23 Sep 202101:31	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities affect IBM's Advanced Management Module (AMM)	14 Apr 202314:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DataPower Gateway affected by vulnerabilities in Kerberos	2 Jun 202213:24	–	ibm
Tenable Nessus	AIX NAS Advisory : nas_advisory1.asc	4 Sep 201400:00	–	nessus
Tenable Nessus	Amazon Linux AMI : krb5 (ALAS-2014-443)	18 Nov 201400:00	–	nessus
Tenable Nessus	CentOS 5 : krb5 (CESA-2014:1245)	1 Oct 201400:00	–	nessus
Tenable Nessus	CentOS 5 : krb5 (CESA-2014:1255)	14 Oct 201400:00	–	nessus
Tenable Nessus	CentOS 6 : krb5 (CESA-2014:1389)	12 Nov 201400:00	–	nessus
Tenable Nessus	CentOS 7 : krb5 (CESA-2015:0439)	18 Mar 201500:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
CentOS	6	i686	krb5-devel	1.10.3-33.el6	krb5-devel-1.10.3-33.el6.i686.rpm
CentOS	6	i686	krb5-libs	1.10.3-33.el6	krb5-libs-1.10.3-33.el6.i686.rpm
CentOS	6	i686	krb5-pkinit-openssl	1.10.3-33.el6	krb5-pkinit-openssl-1.10.3-33.el6.i686.rpm
CentOS	6	i686	krb5-server	1.10.3-33.el6	krb5-server-1.10.3-33.el6.i686.rpm
CentOS	6	i686	krb5-server-ldap	1.10.3-33.el6	krb5-server-ldap-1.10.3-33.el6.i686.rpm
CentOS	6	i686	krb5-workstation	1.10.3-33.el6	krb5-workstation-1.10.3-33.el6.i686.rpm
CentOS	6	i686	krb5-devel	1.10.3-33.el6	krb5-devel-1.10.3-33.el6.i686.rpm
CentOS	6	x86_64	krb5-devel	1.10.3-33.el6	krb5-devel-1.10.3-33.el6.x86_64.rpm
CentOS	6	i686	krb5-libs	1.10.3-33.el6	krb5-libs-1.10.3-33.el6.i686.rpm
CentOS	6	x86_64	krb5-libs	1.10.3-33.el6	krb5-libs-1.10.3-33.el6.x86_64.rpm

Source	Link
twitter	www.twitter.com/centos
steadfast	www.steadfast.net/
rhn	www.rhn.redhat.com/errata/RHSA-2014-1389.html
linkedin	www.linkedin.com/groups/22405
youtube	www.youtube.com/TheCentOSProject
facebook	www.facebook.com/groups/centosproject/
reddit	www.reddit.com/r/CentOS/

20 Oct 2014 18:09Current

6.9Medium risk

Vulners AI Score6.9

CVSS 28.5

EPSS0.14451