MGASA-2016-0052

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0052.html

Import Source

https://advisories.mageia.org/MGASA-2016-0052.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2016-0052

Related

Published

2016-02-05T17:26:09Z

Modified

2016-02-05T17:17:04Z

Summary

Updated krb5 packages fix security vulnerability

Details

In all versions of MIT krb5, an authenticated attacker can cause kadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database (CVE-2015-8629).

In MIT krb5 1.12 and later, an authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying a null policy value but including KADM5_POLICY in the mask (CVE-2015-8630).

In all versions of MIT krb5, an authenticated attacker can cause kadmind to leak memory by supplying a null principal name in a request which uses one. Repeating these requests will eventually cause kadmind to exhaust all available memory (CVE-2015-8631).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / krb5

Package

Name: krb5
Purl: pkg:rpm/mageia/krb5?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.12.2-8.3.mga5

Ecosystem specific

{
    "section": "core"
}