MiracleLinux 7 : krb5-1.13.2-10.el7 (AXSA:2015-622:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-622:02 advisory. Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of...

CentOS: Security Advisory for qemu-guest-agent (CESA-2015:2694)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: Vulnerabilities in MIT Kerberos 5 (krb5) affect PowerKVM (CVE-2014-5355, CVE-2015-2694)

Summary PowerKVM is affected by two vulnerabilities in MIT Kerberos 5 krb5. These vulnerabilities are now fixed. Vulnerability Details CVEID: CVE-2014-5355 DESCRIPTION: MIT Kerberos is vulnerable to a denial of service, caused by a NULL pointer dereference in the krb5recvauth function. By sending...

Security fix for the ALT Linux 7 package krb5 version 1.13.7-alt0.M70P.1

1.13.7-alt0.M70P.1 built April 13, 2017 Evgeny Sinelnikov in task 180726 March 24, 2017 Evgeny Sinelnikov - Update to supported security release Fixes: CVE-2014-5355, CVE-2015-2694, CVE-2015-2695, CVE-2015-2696, CVE-2015-2698, CVE-2015-2697, CVE-2015-8629, CVE-2015-8630, CVE-2015-8631,...

Scientific Linux Security Update : krb5 on SL7.x x86_64 (20151119)

It was found that the krb5readmessage function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request. CVE-2014-5355 A flaw was found in t...

Medium: krb5

Issue Overview: A flaw was found in the OTP kdcpreauth module of MIT Kerberos. A remote attacker could use this flaw to bypass the requirespreauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line...

CentOS 7 : krb5 (CESA-2015:2154)

Updated krb5 packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

krb5 security update

CentOS Errata and Security Advisory CESA-2015:2154 Updated krb5 packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerabili...

Oracle: Security Advisory (ELSA-2015-2154)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-2810-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2810-1: Kerberos vulnerabilities

It was discovered that the Kerberos kpasswd service incorrectly handled certain UDP packets. A remote attacker could possibly use this issue to cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. CVE-2002-2443 It was discovered that Kerberos...

Security fix for the ALT Linux 8 package krb5 version 1.13.2-alt1

Oct. 20, 2015 Alexey Shabalin 1.13.2-alt1 - 1.13.2 - fixed CVE-2014-5355, CVE-2015-2694 - add patches from fedora...

SUSE SLES12 Security Update : krb5 (SUSE-SU-2015:1276-1)

krb5 was updated to fix four security issues. These security issues were fixed : - CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name bsc910457. - CVE-2014-5354: NULL pointer dereference when using keyless entries bsc910458. - CVE-2014-5355: Denial of service...

krb5: multiple issues

CVE-2014-5355 denial of service When a server process uses the krb5recvauth function, an unauthenticated remote attacker can cause a NULL dereference by sending a zero-byte version string, or a read beyond the end of allocated storage by sending a non-null-terminated version string. The example...

Fedora Update for krb5 FEDORA-2015-7866

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 21 : krb5-1.12.2-17.fc21 (2015-7878)

Security fix for CVE-2015-2694 Security fix for CVE-2014-5353 this was fixed in an older build but the announcement was lost Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean an...

CVE-2015-2694

MIT Kerberos 5 (krb5) 1.12.x and 1.13.x prior to 1.13.2 are vulnerable due to the kdcpreauth modules (OTP and PKINIT) not tracking client validation, enabling a remote attacker to bypass requires_preauth by submitting zero bytes or an arbitrary realm name. This can lead to obtaining a ciphertext ...

Fedora 22 : krb5-1.13.1-3.fc22 (2015-7866)

Security fix for CVE-2015-2694 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...