Описание
Security update for krb5
The krb5 package was updated to fix the following security issue:
- CVE-2015-2698: Fixed a memory corruption regression introduced by resolving of CVE-2015-2698 (bsc#954204).
Список пакетов
SUSE Linux Enterprise Desktop 12
krb5-1.12.1-22.5
krb5-32bit-1.12.1-22.5
krb5-client-1.12.1-22.5
SUSE Linux Enterprise Desktop 12 SP1
krb5-1.12.1-22.5
krb5-32bit-1.12.1-22.5
krb5-client-1.12.1-22.5
SUSE Linux Enterprise Server 12
krb5-1.12.1-22.5
krb5-32bit-1.12.1-22.5
krb5-client-1.12.1-22.5
krb5-doc-1.12.1-22.5
krb5-plugin-kdb-ldap-1.12.1-22.5
krb5-plugin-preauth-otp-1.12.1-22.5
krb5-plugin-preauth-pkinit-1.12.1-22.5
krb5-server-1.12.1-22.5
SUSE Linux Enterprise Server 12 SP1
krb5-1.12.1-22.5
krb5-32bit-1.12.1-22.5
krb5-client-1.12.1-22.5
krb5-doc-1.12.1-22.5
krb5-plugin-kdb-ldap-1.12.1-22.5
krb5-plugin-preauth-otp-1.12.1-22.5
krb5-plugin-preauth-pkinit-1.12.1-22.5
krb5-server-1.12.1-22.5
SUSE Linux Enterprise Server for SAP Applications 12
krb5-1.12.1-22.5
krb5-32bit-1.12.1-22.5
krb5-client-1.12.1-22.5
krb5-doc-1.12.1-22.5
krb5-plugin-kdb-ldap-1.12.1-22.5
krb5-plugin-preauth-otp-1.12.1-22.5
krb5-plugin-preauth-pkinit-1.12.1-22.5
krb5-server-1.12.1-22.5
SUSE Linux Enterprise Server for SAP Applications 12 SP1
krb5-1.12.1-22.5
krb5-32bit-1.12.1-22.5
krb5-client-1.12.1-22.5
krb5-doc-1.12.1-22.5
krb5-plugin-kdb-ldap-1.12.1-22.5
krb5-plugin-preauth-otp-1.12.1-22.5
krb5-plugin-preauth-pkinit-1.12.1-22.5
krb5-server-1.12.1-22.5
SUSE Linux Enterprise Software Development Kit 12
krb5-devel-1.12.1-22.5
SUSE Linux Enterprise Software Development Kit 12 SP1
krb5-devel-1.12.1-22.5
Ссылки
- Link for SUSE-SU-2015:2302-1
- E-Mail link for SUSE-SU-2015:2302-1
- SUSE Security Ratings
- SUSE Bug 954204
- SUSE CVE CVE-2015-2698 page
Описание
The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:krb5-1.12.1-22.5
SUSE Linux Enterprise Desktop 12 SP1:krb5-32bit-1.12.1-22.5
SUSE Linux Enterprise Desktop 12 SP1:krb5-client-1.12.1-22.5
SUSE Linux Enterprise Desktop 12:krb5-1.12.1-22.5
Ссылки
- CVE-2015-2698
- SUSE Bug 770172
- SUSE Bug 954204