openSUSE-SU-2016:2268-1

Опубликовано: 08 сент. 2016

Источник: suse-cvrf

Описание

Security update for krb5

This update for krb5 fixes the following issues:

CVE-2016-3120: KDC NULL Pointer Dereference Denial Of Service Vulnerability (bsc#991088)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.1

krb5-1.12.1-36.3

krb5-32bit-1.12.1-36.3

krb5-client-1.12.1-36.3

krb5-devel-1.12.1-36.3

krb5-devel-32bit-1.12.1-36.3

krb5-doc-1.12.1-36.3

krb5-mini-1.12.1-36.1

krb5-mini-devel-1.12.1-36.1

krb5-plugin-kdb-ldap-1.12.1-36.3

krb5-plugin-preauth-otp-1.12.1-36.3

krb5-plugin-preauth-pkinit-1.12.1-36.3

krb5-server-1.12.1-36.3

Ссылки

https://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html
E-Mail link for openSUSE-SU-2016:2268-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.

Затронутые продукты

openSUSE Leap 42.1:krb5-1.12.1-36.3

openSUSE Leap 42.1:krb5-32bit-1.12.1-36.3

openSUSE Leap 42.1:krb5-client-1.12.1-36.3

openSUSE Leap 42.1:krb5-devel-1.12.1-36.3

Ссылки

https://www.suse.com/security/cve/CVE-2016-3120.html
CVE-2016-3120
https://bugzilla.suse.com/991088
SUSE Bug 991088

openSUSE-SU-2016:2268-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2016-3120

Описание

Затронутые продукты

Ссылки