(RHSA-2016:22677) Moderate: krb5 security update

Kerberos is a networked authentication system which allows clients and
servers to authenticate to each other with the help of a trusted third
party, the Kerberos KDC.

A memory leak flaw was found in the krb5_unparse_name() function of the MIT
Kerberos kadmind service. An authenticated attacker could repeatedly send
specially crafted requests to the server, which could cause the server to
consume large amounts of memory resources, ultimately leading to a denial
of service due to memory exhaustion. (CVE-2015-8631)

An out-of-bounds read flaw was found in the kadmind service of MIT
Kerberos. An authenticated attacker could send a maliciously crafted
message to force kadmind to read beyond the end of allocated memory, and
write the memory contents to the KDC database if the attacker has write
permission, leading to information disclosure. (CVE-2015-8629)

A NULL pointer dereference flaw was found in the procedure used by the MIT
Kerberos kadmind service to store policies: the kadm5_create_principal_3()
and kadm5_modify_principal() function did not ensure that a policy was
given when KADM5_POLICY was set. An authenticated attacker with permissions
to modify the database could use this flaw to add or modify a principal
with a policy set to NULL, causing the kadmind service to crash.
(CVE-2015-8630)

The CVE-2015-8631 issue was discovered by Simo Sorce of Red Hat.

All krb5 users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, running Kerberos services (krb5kdc, kadmin, and kprop)
will be restarted automatically.