OracleVM 3.3 : rsyslog (OVMSA-2014-0030)

The remote OracleVM system is missing necessary patches to address critical security updates : - use setsid to get a controlling session and process group Orabug: 17346261 Todd Vierling - fix CVE-2014-3634 resolves: 1149148 - drop patch 5 which introduced a regression resolves: 927405 reverts:...

OracleVM 2.1 : krb5 (OVMSA-2009-0003)

The remote OracleVM system is missing necessary patches to address critical security updates : CVE-2009-0844 The getinputtoken function in the SPNEGO implementation in MIT Kerberos 5 aka krb5 1.5 through 1.6.3 allows remote attackers to cause a denial of service daemon crash and possibly obtain...

[SECURITY] Fedora 19 Update: python-requests-kerberos-0.6-1.fc19

Requests is an HTTP library, written in Python, for human beings. This libr ary adds optional Kerberos/GSSAPI authentication support and supports mutual authentication...

[SECURITY] Fedora 20 Update: python-requests-kerberos-0.6-1.fc20

Requests is an HTTP library, written in Python, for human beings. This libr ary adds optional Kerberos/GSSAPI authentication support and supports mutual authentication...

[SECURITY] Fedora 21 Update: python-requests-kerberos-0.6-1.fc21

Requests is an HTTP library, written in Python, for human beings. This libr ary adds optional Kerberos/GSSAPI authentication support and supports mutual authentication...

Medium: krb5

Issue Overview: It was found that if a KDC served multiple realms, certain requests could cause the setupserverrealm function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. CVE-2013-1418, CVE-2013-6800 A NU...

Oracle Linux 6 : rsyslog7 (ELSA-2014-1654)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2014-1654 advisory. 7.4.10-3 - fix CVE-2014-3634 resolves: 1149150 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Oracle Linux 6 : krb5 (ELSA-2014-1389)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1389 advisory. - incorporate fix for MITKRB5-SA-2014-001 CVE-2014-4345, 1128157 - gssapi: pull in upstream fix for a possible NULL dereference in spnego CVE-2014-4344...

Scientific Linux Security Update : krb5 on SL5.x i386/x86_64 (20140916)

It was found that if a KDC served multiple realms, certain requests could cause the setupserverrealm function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. CVE-2013-1418, CVE-2013-6800 A NULL pointer...

krb5: denial of service flaws when handling padding length longer than the plaintext

A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application...

MIT Kerberos Invalid RFC 1964 Token Denial of Service (CVE-2014-4342)

A denial-of-service vulnerability exists in the MIT Kerberos 5. A remote, unauthenticated attacker can exploit this vulnerability by injecting packets into a legitimate GSSAPI session and cause the GSSAPI application to crash resulting in a denial-of-service condition...

krb5 security and bug fix update

1.6.1-78.el5 - gssapi: pull in upstream fix for a possible NULL dereference in spnego CVE-2014-4344, 1121509 1.6.1-77.el5 - fix what appears to be a cosmetic error in the patch for self-tests for CVE-2014-4341 1.6.1-76.el5 - run the backported self-tests, such as they are, for CVE-2014-4341...

krb5: denial of service flaws when handling padding length longer than the plaintext

A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application...

RHEL 5 : krb5 (RHSA-2014:1245)

Updated krb5 packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

AIX NAS Advisory : nas_advisory1.asc

The version of the Network Authentication Service NAS installed on the remote AIX host is affected by the following vulnerabilities related to Kerberos 5 : - An attacker can cause a denial of service buffer over-read and application crash by injecting invalid tokens into a GSSAPI application...

Updated krb5 package fixes security vulnerabilities

MIT Kerberos 5 allows attackers to cause a denial of service via a buffer over-read or NULL pointer dereference, by injecting invalid tokens into a GSSAPI application session CVE-2014-4341, CVE-2014-4342. MIT Kerberos 5 allows attackers to cause a denial of service via a double-free flaw or NULL...

[DLA 37-1] krb5 security update

Package : krb5 Version : 1.8.3+dfsg-4squeeze8 CVE ID : CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 Debian Bug : 753624 753625 755520 755521 757416 Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposure...

DLA-37-1 krb5 - security update

Bulletin has no description...

Debian DSA-3000-1 : krb5 - security update

Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-4341 An unauthenticated remote attacker with the ability to inject packets into a legitimately established GSSAPI...

[SECURITY] [DSA 3000-1] krb5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3000-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 09, 2014 http://www.debian.org/security/faq -...