Lucene search
GoogleOSV:DLA-340-1HistoryNov 07, 2015 - 12:00 a.m.
krb5 - security update
2015-11-0700:00:00
Google
osv.dev
8
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
Several vulnerabilities were discovered in krb5, the MIT implementation
of Kerberos. The Common Vulnerabilities and Exposures project identifies
the following problems:
- CVE-2015-2695
It was discovered that applications which call gss_inquire_context()
on a partially-established SPNEGO context can cause the GSS-API
library to read from a pointer using the wrong type, leading to a
process crash. - CVE-2015-2697
It was discovered that the build_principal_va() function incorrectly
handles input strings. An authenticated attacker can take advantage
of this flaw to cause a KDC to crash using a TGS request with a
large realm field beginning with a null byte.
For the oldoldstable distribution (squeeze), these problems have been
fixed in version 1.8.3+dfsg-4squeeze10.
We recommend that you upgrade your krb5 packages.
References
Related
nessus
nessus
Debian DLA-340-1 : krb5 security update
2015-11-09 00:00:00
SUSE SLED12 / SLES12 Security Update : krb5 (SUSE-SU-2015:1897-1)
2015-11-05 00:00:00
GLSA-201611-14 : MIT Kerberos 5: Multiple vulnerabilities
2016-11-21 00:00:00
debian
debian
[SECURITY] [DLA 340-1] krb5 security update
2015-11-07 18:23:24
[SECURITY] [DSA 3395-1] krb5 security update
2015-11-06 19:49:54
[SECURITY] [DSA 3395-1] krb5 security update
2015-11-06 19:50:12
openvas
openvas
Debian: Security Advisory (DLA-340-1)
2023-03-08 00:00:00
openSUSE: Security Advisory for krb5 (openSUSE-SU-2015:1928-1)
2015-11-07 00:00:00
SUSE: Security Advisory for krb5 (SUSE-SU-2015:1897-1)
2015-11-05 00:00:00
osv
osv
krb5 - security update
2015-11-06 00:00:00
krb5 - security update
2015-11-06 00:00:00
suse
suse
Security update for krb5 (important)
2015-11-06 18:12:23
Security update for krb5 (important)
2015-11-04 10:11:32
Security update for krb5 (important)
2015-11-16 11:12:28
fedora
fedora
[SECURITY] Fedora 23 Update: krb5-1.13.2-12.fc23
2015-11-02 18:55:23
[SECURITY] Fedora 22 Update: krb5-1.13.2-10.fc22
2015-11-19 12:25:51
[SECURITY] Fedora 21 Update: krb5-1.12.2-19.fc21
2015-11-24 22:51:08
mageia
mageia
Updated krb5 packages fix security vulnerabilities
2015-11-07 23:11:27
gentoo
gentoo
MIT Kerberos 5: Multiple vulnerabilities
2016-11-20 00:00:00
cve
cve
CVE-2015-2697
2015-11-09 03:59:00
CVE-2015-2695
2015-11-09 03:59:00
ubuntucve
ubuntucve
CVE-2015-2697
2015-11-08 00:00:00
CVE-2015-2695
2015-11-08 00:00:00
debiancve
debiancve
CVE-2015-2697
2015-11-09 03:59:00
CVE-2015-2695
2015-11-09 03:59:00
prion
prion
Out-of-bounds
2015-11-09 03:59:00
Design/Logic Flaw
2015-11-09 03:59:00
ubuntu
ubuntu
Kerberos vulnerabilities
2015-11-12 00:00:00
ibm
ibm
altlinux
altlinux
Security fix for the ALT Linux 8 package krb5 version 1.14.2-alt1
2016-04-26 00:00:00
Security fix for the ALT Linux 9 package krb5 version 1.14.2-alt1
2016-04-25 00:00:00
Security fix for the ALT Linux 7 package krb5 version 1.13.7-alt0.M70P.1
2017-04-13 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related for OSV:DLA-340-1