33 matches found
MiracleLinux 3 : krb5-1.6.1-80.AXS3 (AXSA:2014-537:02)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-537:02 advisory. Description : Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practi...
K15566: Kerberos vulnerability CVE-2014-4345
Security Advisory Description Off-by-one error in the krb5encodekrbsecretkey function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 aka krb5 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause...
Oracle: Security Advisory (ELSA-2014-1389)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux: Security Advisory (ALAS-2014-443)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for krb5 FEDORA-2015-2382
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RedHat Update for krb5 RHSA-2015:0439-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 7 : krb5 (RHSA-2015:0439)
Updated krb5 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...
FreeBSD : krb5 1.11 -- New release/fix multiple vulnerabilities (dbf9e66c-bd50-11e4-a7ba-206a8a720317)
The MIT Kerberos team announces the availability of MIT Kerberos 5 Release 1.11.6 : Handle certain invalid RFC 1964 GSS tokens correctly to avoid invalid memory reference vulnerabilities. CVE-2014-4341 Fix memory management vulnerabilities in GSSAPI SPNEGO. CVE-2014-4343 CVE-2014-4344 Fix buffer...
krb5 1.11 -- New release/fix multiple vulnerabilities
The MIT Kerberos team announces the availability of MIT Kerberos 5 Release 1.11.6: Handle certain invalid RFC 1964 GSS tokens correctly to avoid invalid memory reference vulnerabilities. CVE-2014-4341 Fix memory management vulnerabilities in GSSAPI SPNEGO. CVE-2014-4343 CVE-2014-4344 Fix buffer...
Oracle Solaris Third-Party Patch Update : kerberos (cve_2014_4345_numeric_errors)
The remote Solaris system is missing necessary patches to address security updates : - Off-by-one error in the krb5encodekrbsecretkey function in plugins/kdb/ldap/ libkdbldap/ldapprincipal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 aka krb5 1.6.x through 1.11.x before 1.11.6 and 1.12....
OracleVM 3.3 : krb5 (OVMSA-2014-0034)
The remote OracleVM system is missing necessary patches to address critical security updates : - actually apply that last patch - incorporate fix for MITKRB5-SA-2014-001 CVE-2014-4345, 1128157 - ksu: when evaluating .k5users, don't throw away data from .k5users when we're not passed a command to...
Amazon Linux AMI : krb5 (ALAS-2014-443)
It was found that if a KDC served multiple realms, certain requests could cause the setupserverrealm function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. CVE-2013-1418 , CVE-2013-6800 A NULL pointer...
Medium: krb5
Issue Overview: It was found that if a KDC served multiple realms, certain requests could cause the setupserverrealm function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. CVE-2013-1418, CVE-2013-6800 A NU...
Oracle Linux 6 : krb5 (ELSA-2014-1389)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1389 advisory. - incorporate fix for MITKRB5-SA-2014-001 CVE-2014-4345, 1128157 - gssapi: pull in upstream fix for a possible NULL dereference in spnego CVE-2014-4344...
krb5 security and bug fix update
1.10.3-33 - actually apply that last patch 1.10.3-32 - incorporate fix for MITKRB5-SA-2014-001 CVE-2014-4345, 1128157 1.10.3-31 - ksu: when evaluating .k5users, don't throw away data from .k5users when we're not passed a command to run, which implicitly means we're attempting to run the target...
CentOS 5 : krb5 (CESA-2014:1255)
Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from t...
CentOS Update for krb5-devel CESA-2014:1255 centos5
Check the version of krb5-devel SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882052";...
RHEL 6 : krb5 (RHSA-2014:1389)
Updated krb5 packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings,...
krb5 security update
CentOS Errata and Security Advisory CESA-2014:1255 Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...
krb5 security update
1.6.1-80.el5 - rebuild 1.6.1-79.el5 - incorporate fix for MITKRB5-SA-2014-001 CVE-2014-4345, 1132785...