[SECURITY] [DLA 423-1] krb5 security update

2016-02-2220:43:38

lists.debian.org

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.064 Low

EPSS

Percentile

93.6%

JSON

Package : krb5
Version : 1.8.3+dfsg-4squeeze11
CVE ID : CVE-2015-8629 CVE-2015-8631
Debian Bug : 813126 813296

CVE-2015-8629

It was discovered that an authenticated attacker can cause kadmind
to read beyond the end of allocated memory by sending a string
without a terminating zero byte. Information leakage may be possible
for an attacker with permission to modify the database.

CVE-2015-8631

It was discovered that an authenticated attacker can cause kadmind
to leak memory by supplying a null principal name in a request which
uses one. Repeating these requests will eventually cause kadmind to
exhaust all available memory.

OSVersionArchitecturePackageVersionFilename
Debian7i386krb5-gss-samples< 1.10.1+dfsg-5+deb7u7krb5-gss-samples_1.10.1+dfsg-5+deb7u7_i386.deb
Debian7kfreebsd-amd64krb5-kdc< 1.10.1+dfsg-5+deb7u7krb5-kdc_1.10.1+dfsg-5+deb7u7_kfreebsd-amd64.deb
Debian7armhflibkdb5-6< 1.10.1+dfsg-5+deb7u7libkdb5-6_1.10.1+dfsg-5+deb7u7_armhf.deb
Debian7mipsellibkrb5-dev< 1.10.1+dfsg-5+deb7u7libkrb5-dev_1.10.1+dfsg-5+deb7u7_mipsel.deb
Debian7kfreebsd-amd64libkadm5clnt-mit8< 1.10.1+dfsg-5+deb7u7libkadm5clnt-mit8_1.10.1+dfsg-5+deb7u7_kfreebsd-amd64.deb
Debian7s390libk5crypto3< 1.10.1+dfsg-5+deb7u7libk5crypto3_1.10.1+dfsg-5+deb7u7_s390.deb
Debian8arm64libkrad0< 1.12.1+dfsg-19+deb8u2libkrad0_1.12.1+dfsg-19+deb8u2_arm64.deb
Debian7kfreebsd-amd64libkrb5support0< 1.10.1+dfsg-5+deb7u7libkrb5support0_1.10.1+dfsg-5+deb7u7_kfreebsd-amd64.deb
Debian7mipskrb5-kdc< 1.10.1+dfsg-5+deb7u7krb5-kdc_1.10.1+dfsg-5+deb7u7_mips.deb
Debian8kfreebsd-amd64krb5-otp< 1.12.1+dfsg-19+deb8u2krb5-otp_1.12.1+dfsg-19+deb8u2_kfreebsd-amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	i386	krb5-gss-samples	< 1.10.1+dfsg-5+deb7u7	krb5-gss-samples_1.10.1+dfsg-5+deb7u7_i386.deb
Debian	7	kfreebsd-amd64	krb5-kdc	< 1.10.1+dfsg-5+deb7u7	krb5-kdc_1.10.1+dfsg-5+deb7u7_kfreebsd-amd64.deb
Debian	7	armhf	libkdb5-6	< 1.10.1+dfsg-5+deb7u7	libkdb5-6_1.10.1+dfsg-5+deb7u7_armhf.deb
Debian	7	mipsel	libkrb5-dev	< 1.10.1+dfsg-5+deb7u7	libkrb5-dev_1.10.1+dfsg-5+deb7u7_mipsel.deb
Debian	7	kfreebsd-amd64	libkadm5clnt-mit8	< 1.10.1+dfsg-5+deb7u7	libkadm5clnt-mit8_1.10.1+dfsg-5+deb7u7_kfreebsd-amd64.deb
Debian	7	s390	libk5crypto3	< 1.10.1+dfsg-5+deb7u7	libk5crypto3_1.10.1+dfsg-5+deb7u7_s390.deb
Debian	8	arm64	libkrad0	< 1.12.1+dfsg-19+deb8u2	libkrad0_1.12.1+dfsg-19+deb8u2_arm64.deb
Debian	7	kfreebsd-amd64	libkrb5support0	< 1.10.1+dfsg-5+deb7u7	libkrb5support0_1.10.1+dfsg-5+deb7u7_kfreebsd-amd64.deb
Debian	7	mips	krb5-kdc	< 1.10.1+dfsg-5+deb7u7	krb5-kdc_1.10.1+dfsg-5+deb7u7_mips.deb
Debian	8	kfreebsd-amd64	krb5-otp	< 1.12.1+dfsg-19+deb8u2	krb5-otp_1.12.1+dfsg-19+deb8u2_kfreebsd-amd64.deb