737 matches found
krb5 security and bug fix update
1.6.1-78.el5 - gssapi: pull in upstream fix for a possible NULL dereference in spnego CVE-2014-4344, 1121509 1.6.1-77.el5 - fix what appears to be a cosmetic error in the patch for self-tests for CVE-2014-4341 1.6.1-76.el5 - run the backported self-tests, such as they are, for CVE-2014-4341...
krb5: denial of service flaws when handling padding length longer than the plaintext
A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application...
RHEL 5 : krb5 (RHSA-2014:1245)
Updated krb5 packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
AIX NAS Advisory : nas_advisory1.asc
The version of the Network Authentication Service NAS installed on the remote AIX host is affected by the following vulnerabilities related to Kerberos 5 : - An attacker can cause a denial of service buffer over-read and application crash by injecting invalid tokens into a GSSAPI application...
Updated krb5 package fixes security vulnerabilities
MIT Kerberos 5 allows attackers to cause a denial of service via a buffer over-read or NULL pointer dereference, by injecting invalid tokens into a GSSAPI application session CVE-2014-4341, CVE-2014-4342. MIT Kerberos 5 allows attackers to cause a denial of service via a double-free flaw or NULL...
[DLA 37-1] krb5 security update
Package : krb5 Version : 1.8.3+dfsg-4squeeze8 CVE ID : CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 Debian Bug : 753624 753625 755520 755521 757416 Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposure...
DLA-37-1 krb5 - security update
Bulletin has no description...
Debian DSA-3000-1 : krb5 - security update
Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-4341 An unauthenticated remote attacker with the ability to inject packets into a legitimately established GSSAPI...
[SECURITY] [DSA 3000-1] krb5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3000-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 09, 2014 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 3000-1 (krb5 - security update)
Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-4341 An unauthenticated remote attacker with the ability to inject packets into a legitimately established GSSAPI...
DSA-3000-1 krb5 - security update
Bulletin has no description...
Fedora 20 : krb5-1.11.5-10.fc20 (2014-8189)
This update incorporates backported upstream fixes for potential crashes caused by attempts to process malformed GSSAPI messages CVE-2014-4341, CVE-2014-4342. It also incorporates fexes for a possible double-free CVE-2014-4343 and a possible NULL pointer dereference CVE-2014-4344 in GSSAPI client...
Fedora 19 : krb5-1.11.3-24.fc19 (2014-8176)
This update incorporates backported upstream fixes for potential crashes caused by attempts to process malformed GSSAPI messages CVE-2014-4341, CVE-2014-4342. It also incorporates fexes for a possible double-free CVE-2014-4343 and a possible NULL pointer dereference CVE-2014-4344 in GSSAPI client...
CVE-2014-4341
MIT Kerberos 5 aka krb5 before 1.12.2 allows remote attackers to cause a denial of service buffer over-read and application crash by injecting invalid tokens into a GSSAPI application session...
CVE-2014-4342
MIT Kerberos 5 aka krb5 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service buffer over-read or NULL pointer dereference, and application crash by injecting invalid tokens into a GSSAPI application session...
DEBIAN-CVE-2014-4342
MIT Kerberos 5 aka krb5 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service buffer over-read or NULL pointer dereference, and application crash by injecting invalid tokens into a GSSAPI application session...
CVE-2014-4342
MIT Kerberos 5 aka krb5 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service buffer over-read or NULL pointer dereference, and application crash by injecting invalid tokens into a GSSAPI application session...
Design/Logic Flaw
MIT Kerberos 5 aka krb5 before 1.12.2 allows remote attackers to cause a denial of service buffer over-read and application crash by injecting invalid tokens into a GSSAPI application session...
Null pointer dereference
MIT Kerberos 5 aka krb5 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service buffer over-read or NULL pointer dereference, and application crash by injecting invalid tokens into a GSSAPI application session...
CVE-2014-4342
MIT Kerberos 5 aka krb5 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service buffer over-read or NULL pointer dereference, and application crash by injecting invalid tokens into a GSSAPI application session...