Описание
Security update for krb5
This update for krb5 fixes the following issues:
- CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968)
- CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975)
Список пакетов
SUSE Linux Enterprise Desktop 11 SP4
krb5-1.6.3-133.49.106.1
krb5-32bit-1.6.3-133.49.106.1
krb5-client-1.6.3-133.49.106.1
SUSE Linux Enterprise Server 11 SP4
krb5-1.6.3-133.49.106.1
krb5-32bit-1.6.3-133.49.106.1
krb5-apps-clients-1.6.3-133.49.106.1
krb5-apps-servers-1.6.3-133.49.106.1
krb5-client-1.6.3-133.49.106.1
krb5-server-1.6.3-133.49.106.1
krb5-x86-1.6.3-133.49.106.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
krb5-1.6.3-133.49.106.1
krb5-32bit-1.6.3-133.49.106.1
krb5-apps-clients-1.6.3-133.49.106.1
krb5-apps-servers-1.6.3-133.49.106.1
krb5-client-1.6.3-133.49.106.1
krb5-server-1.6.3-133.49.106.1
krb5-x86-1.6.3-133.49.106.1
SUSE Linux Enterprise Software Development Kit 11 SP4
krb5-devel-1.6.3-133.49.106.1
krb5-devel-32bit-1.6.3-133.49.106.1
krb5-server-1.6.3-133.49.106.1
Ссылки
- Link for SUSE-SU-2016:0430-1
- E-Mail link for SUSE-SU-2016:0430-1
- SUSE Security Ratings
- SUSE Bug 963968
- SUSE Bug 963975
- SUSE CVE CVE-2015-8629 page
- SUSE CVE CVE-2015-8631 page
Описание
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP4:krb5-1.6.3-133.49.106.1
SUSE Linux Enterprise Desktop 11 SP4:krb5-32bit-1.6.3-133.49.106.1
SUSE Linux Enterprise Desktop 11 SP4:krb5-client-1.6.3-133.49.106.1
SUSE Linux Enterprise Server 11 SP4:krb5-1.6.3-133.49.106.1
Ссылки
- CVE-2015-8629
- SUSE Bug 770172
- SUSE Bug 963968
Описание
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP4:krb5-1.6.3-133.49.106.1
SUSE Linux Enterprise Desktop 11 SP4:krb5-32bit-1.6.3-133.49.106.1
SUSE Linux Enterprise Desktop 11 SP4:krb5-client-1.6.3-133.49.106.1
SUSE Linux Enterprise Server 11 SP4:krb5-1.6.3-133.49.106.1
Ссылки
- CVE-2015-8631
- SUSE Bug 963975