MiracleLinux 7 : krb5-1.13.2-10.el7 (AXSA:2015-622:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-622:02 advisory. Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of...

Linux Distros Unpatched Vulnerability : CVE-2014-5355

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MIT Kerberos 5 aka krb5 through 1.13.1 incorrectly expects that a krb5readmessage data field is represented as a string ending with a '\0' character, which allo...

SUSE: Security Advisory (SUSE-SU-2015:1282-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerabilities in MIT Kerberos 5 (krb5) affect PowerKVM (CVE-2014-5355, CVE-2015-2694)

Summary PowerKVM is affected by two vulnerabilities in MIT Kerberos 5 krb5. These vulnerabilities are now fixed. Vulnerability Details CVEID: CVE-2014-5355 DESCRIPTION: MIT Kerberos is vulnerable to a denial of service, caused by a NULL pointer dereference in the krb5recvauth function. By sending...

Security Bulletin: Vulnerabilities in Kerberos (krb5) affect IBM Security Network Protection (CVE-2014-5352, CVE-2014-5353, CVE-2014-5355, CVE-2014-9421, and CVE-2014-9422)

Summary IBM Security Network Protection uses Kerberos krb5 to provide network authentication. The Kerberos krb5 version that is shipped with IBM Security Network Protection contains multiple security vulnerabilities. Vulnerability Details CVE-ID: CVE-2014-5352 Description: MIT krb5 could allow a...

[SECURITY] [DLA 1265-1] krb5 security update

Package : krb5 Version : 1.10.1+dfsg-5+deb7u9 CVE ID : CVE-2013-1418 CVE-2014-5351 CVE-2014-5353 CVE-2014-5355 CVE-2016-3119 CVE-2016-3120 Debian Bug : 728845 762479 773226 778647 819468 832572 Kerberos, a system for authenticating users and services on a network, was affected by several...

Security fix for the ALT Linux 7 package krb5 version 1.13.7-alt0.M70P.1

1.13.7-alt0.M70P.1 built April 13, 2017 Evgeny Sinelnikov in task 180726 March 24, 2017 Evgeny Sinelnikov - Update to supported security release Fixes: CVE-2014-5355, CVE-2015-2694, CVE-2015-2695, CVE-2015-2696, CVE-2015-2698, CVE-2015-2697, CVE-2015-8629, CVE-2015-8630, CVE-2015-8631,...

Scientific Linux Security Update : krb5 on SL7.x x86_64 (20151119)

It was found that the krb5readmessage function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request. CVE-2014-5355 A flaw was found in t...

Medium: krb5

Issue Overview: A flaw was found in the OTP kdcpreauth module of MIT Kerberos. A remote attacker could use this flaw to bypass the requirespreauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line...

CentOS 7 : krb5 (CESA-2015:2154)

Updated krb5 packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

krb5 security update

CentOS Errata and Security Advisory CESA-2015:2154 Updated krb5 packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerabili...

Oracle: Security Advisory (ELSA-2015-2154)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-2810-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2810-1: Kerberos vulnerabilities

It was discovered that the Kerberos kpasswd service incorrectly handled certain UDP packets. A remote attacker could possibly use this issue to cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. CVE-2002-2443 It was discovered that Kerberos...

Security fix for the ALT Linux 8 package krb5 version 1.13.2-alt1

Oct. 20, 2015 Alexey Shabalin 1.13.2-alt1 - 1.13.2 - fixed CVE-2014-5355, CVE-2015-2694 - add patches from fedora...

Oracle: Security Advisory (ELSA-2015-0794)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED11 / SLES11 Security Update : krb5 (SUSE-SU-2015:1282-1)

krb5 was updated to fix three security issues. Remote authenticated users could cause denial of service. These security issues were fixed : - CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name bsc910457. - CVE-2014-5354: NULL pointer dereference when using...

SUSE SLES12 Security Update : krb5 (SUSE-SU-2015:1276-1)

krb5 was updated to fix four security issues. These security issues were fixed : - CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name bsc910457. - CVE-2014-5354: NULL pointer dereference when using keyless entries bsc910458. - CVE-2014-5355: Denial of service...

krb5: multiple issues

CVE-2014-5355 denial of service When a server process uses the krb5recvauth function, an unauthenticated remote attacker can cause a NULL dereference by sending a zero-byte version string, or a read beyond the end of allocated storage by sending a non-null-terminated version string. The example...

SUSE-SU-2015:1282-1 Security update for krb5

krb5 was updated to fix three security issues. Remote authenticated users could cause denial of service. These security issues were fixed: - CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name bsc910457. - CVE-2014-5354: NULL pointer dereference when using...