krb5 was updated to fix three security issues.
These security issues were fixed:
- CVE-2015-2695: Applications which call gss_inquire_context() on a
partially-established SPNEGO context could have caused the GSS-API
library to read from a pointer using the wrong type, generally causing a
process crash. (bsc#952188).
- CVE-2015-2696: Applications which call gss_inquire_context() on a
partially-established IAKERB context could have caused the GSS-API
library to read from a pointer using the wrong type, generally causing a
process crash. (bsc#952189).
- CVE-2015-2697: Incorrect string handling in build_principal_va can lead
to DOS (bsc#952190).