Описание
Security update for krb5
This update for krb5 fixes the following issues:
- CVE-2016-3120: KDC NULL Pointer Dereference Denial Of Service Vulnerability (bsc#991088)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
krb5-1.12.1-36.4
krb5-32bit-1.12.1-36.4
krb5-client-1.12.1-36.4
SUSE Linux Enterprise Server 12 SP1
krb5-1.12.1-36.4
krb5-32bit-1.12.1-36.4
krb5-client-1.12.1-36.4
krb5-doc-1.12.1-36.4
krb5-plugin-kdb-ldap-1.12.1-36.4
krb5-plugin-preauth-otp-1.12.1-36.4
krb5-plugin-preauth-pkinit-1.12.1-36.4
krb5-server-1.12.1-36.4
SUSE Linux Enterprise Server for SAP Applications 12 SP1
krb5-1.12.1-36.4
krb5-32bit-1.12.1-36.4
krb5-client-1.12.1-36.4
krb5-doc-1.12.1-36.4
krb5-plugin-kdb-ldap-1.12.1-36.4
krb5-plugin-preauth-otp-1.12.1-36.4
krb5-plugin-preauth-pkinit-1.12.1-36.4
krb5-server-1.12.1-36.4
SUSE Linux Enterprise Software Development Kit 12 SP1
krb5-devel-1.12.1-36.4
Ссылки
- Link for SUSE-SU-2016:2136-1
- E-Mail link for SUSE-SU-2016:2136-1
- SUSE Security Ratings
- SUSE Bug 991088
- SUSE CVE CVE-2016-3120 page
Описание
The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:krb5-1.12.1-36.4
SUSE Linux Enterprise Desktop 12 SP1:krb5-32bit-1.12.1-36.4
SUSE Linux Enterprise Desktop 12 SP1:krb5-client-1.12.1-36.4
SUSE Linux Enterprise Server 12 SP1:krb5-1.12.1-36.4
Ссылки
- CVE-2016-3120
- SUSE Bug 991088