8 matches found
Medium: krb5
Issue Overview: A use-after-free flaw was found in the way the MIT Kerberos libgssapikrb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library libgssapi could call the gssprocesscontexttoken function and use this flaw to crash that...
krb5: gss_process_context_token() incorrectly frees context (MITKRB5-SA-2015-001)
A use-after-free flaw was found in the way the MIT Kerberos libgssapikrb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library libgssapi call the gssprocesscontexttoken function could use this flaw to crash that application...
Debian DLA-146-1 : krb5 security update
Multiples vulnerabilities have been found in krb5, the MIT implementation of Kerberos : CVE-2014-5352 Incorrect memory management in the libgssapikrb5 library might result in denial of service or the execution of arbitrary code. CVE-2014-9421 Incorrect memory management in kadmind's processing of...
Updated krb5 packages fix security vulnerabilities
Updated krb5 packages fix security vulnerabilities: Incorrect memory management in the libgssapikrb5 library might result in denial of service or the execution of arbitrary code CVE-2014-5352. Incorrect memory management in kadmind's processing of XDR data might result in denial of service or the...
Ubuntu 14.04 LTS : Kerberos vulnerabilities (USN-2498-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2498-1 advisory. It was discovered that Kerberos incorrectly sent old keys in response to a -randkey -keepold request. An authenticated remote attacker could use this iss...
[SECURITY] [DLA 146-1] krb5 security update
Package : krb5 Version : 1.8.3+dfsg-4squeeze9 CVE ID : CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 Multiples vulnerabilities have been found in krb5, the MIT implementation of Kerberos: CVE-2014-5352 Incorrect memory management in the libgssapikrb5 library might result in denial of...
Fedora 20 : krb5-1.11.3-29.fc20 (2013-20687)
This update incorporates a backported fix to make libgssapikrb5's credential import routines work better, which is needed by newer versions of gssproxy, and corrects a packaging error which resulted in the /etc/gss directory not being owned by any packages. Further, it incorporates a fix for a...
Critical: krb5 security update
1.3.4-54.el46.1 - add preliminary patch to fix use of uninitialized pointer / double-free in KDC CVE-2008-0062,CVE-2008-0063 432620, 432621 - add backported patch to fix double-free in libgssapikrb5 CVE-2007-5971 415351...