Debian Security Advisory
DSA-3153-1 krb5 -- security update
- Date Reported:
- 03 Feb 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423.
- More information:
Multiple vulnerabilities have been found in krb5, the MIT implementation of Kerberos:
Incorrect memory management in the libgssapi_krb5 library might result in denial of service or the execution of arbitrary code.
Incorrect memory management in kadmind's processing of XDR data might result in denial of service or the execution of arbitrary code.
Incorrect processing of two-component server principals might result in impersonation attacks.
An information leak in the libgssrpc library.
For the stable distribution (wheezy), these problems have been fixed in version 1.10.1+dfsg-5+deb7u3.
For the unstable distribution (sid), these problems have been fixed in version 1.12.1+dfsg-17.
We recommend that you upgrade your krb5 packages.