Debian Security Advisory

DLA-423-1 krb5 -- LTS security update

Date Reported:
22 Feb 2016
Affected Packages:
krb5
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 813126, Bug 813296.
In Mitre's CVE dictionary: CVE-2015-8629, CVE-2015-8631.
More information:
  • CVE-2015-8629

    It was discovered that an authenticated attacker can cause kadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database.

  • CVE-2015-8631

    It was discovered that an authenticated attacker can cause kadmind to leak memory by supplying a null principal name in a request which uses one. Repeating these requests will eventually cause kadmind to exhaust all available memory.