Debian Security Advisory
DLA-146-1 krb5 -- LTS security update
- Date Reported:
- 07 Feb 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423.
- More information:
Multiples vulnerabilities have been found in krb5, the MIT implementation of Kerberos:
Incorrect memory management in the libgssapi_krb5 library might result in denial of service or the execution of arbitrary code.
Incorrect memory management in kadmind's processing of XDR data might result in denial of service or the execution of arbitrary code.
Incorrect processing of two-component server principals might result in impersonation attacks.
An information leak in the libgssrpc library.
For Debian 6
Squeeze, these issues have been fixed in krb5 version 1.8.3+dfsg-4squeeze9