SUSE-SU-2015:0257-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:0257-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2015:0257-1
- Related
- Published
- 2015-02-06T09:35:09Z
- Modified
- 2015-02-06T09:35:09Z
- Summary
- Security update for krb5
- Details
-
krb5 has been updated to fix four security issues:
* CVE-2014-5352: gss_process_context_token() incorrectly frees context (bsc#912002) * CVE-2014-9421: kadmind doubly frees partial deserialization results (bsc#912002) * CVE-2014-9422: kadmind incorrectly validates server principal name (bsc#912002) * CVE-2014-9423: libgssrpc server applications leak uninitialized bytes (bsc#912002)Additionally, these non-security issues have been fixed:
* Winbind process hangs indefinitely without DC. (bsc#872912) * Hanging winbind processes. (bsc#906557)Security Issues:
* CVE-2014-5352 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352> * CVE-2014-9421 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421> * CVE-2014-9422 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422> * CVE-2014-9423 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423> - References
-
- https://www.suse.com/support/update/announcement/2015/suse-su-20150257-1/
- https://bugzilla.suse.com/872912
- https://bugzilla.suse.com/906557
- https://bugzilla.suse.com/912002
- https://www.suse.com/security/cve/CVE-2014-5352
- https://www.suse.com/security/cve/CVE-2014-9421
- https://www.suse.com/security/cve/CVE-2014-9422
- https://www.suse.com/security/cve/CVE-2014-9423