[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 146-1] krb5 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : krb5
Version        : 1.8.3+dfsg-4squeeze9
CVE ID         : CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423

Multiples vulnerabilities have been found in krb5, the MIT
implementation of Kerberos:

CVE-2014-5352

    Incorrect memory management in the libgssapi_krb5 library might
    result in denial of service or the execution of arbitrary code.

CVE-2014-9421

    Incorrect memory management in kadmind's processing of XDR data
    might result in denial of service or the execution of arbitrary code.

CVE-2014-9422

    Incorrect processing of two-component server principals might result
    in impersonation attacks.

CVE-2014-9423

    An information leak in the libgssrpc library.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJU1e5wXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHoTUP/jLpknqCAZEN8xDZaxea3dlp
A8dvsQBQDVs8SQOzojCx2pYy5Zt0q7kp3Ug4+IyhVzlUgFwSSGTOijUsVT+qh1pO
7EpJZTT29ymZECdASztYGHbXlBRb9/5DXRbjjJP72GDbyD/xLLkILdrwizoYfr2h
k70j2qfGEmfWd9j5B2Yu4cjVCpfItbO+UOiSF0Tib8saVOkKPwkd6HgwLs3ujWOw
PujKDQdmayICImpxah+Yp4Nr1K1GxR8SKtywTM2RWypPB5Ow+NKOdJy2Db0gdocr
HNaeF9zMMNY1AxuEklDcmfIMjVd1XUYJ4mNzwkvGyq5IO9nUSHbl+RsRZqDBOQTN
esxM0W6GlLs+GVa8KTwpMp+FHeVBNk9mk3XqyY7gE8FFLTkv2VWB495Ke0SzoVfs
6pa2umYC4ypnPOtWyL5gBHVlOxyWv++BdDtJszjjy95QKJ6OlVut1c/y8wZ3i+Dg
d0oQ+jh03qPanOzJiw0CpIoNveL6x3pTjVIAQ310AYBU9uDrSK5VJCsrLeWuJFCP
jHo5oFQMXvzIYuKPNLZ3RmmACvGceaFn3gaROFwi7pcsxSEImn4iEV0AD/u8fWWt
OFkDVYZAnbXyXP4LOnustknmNW5291HwF52Y9/GYBdYo+1YXqXpCZa7h69tipJw0
yv+3Y+XF7utCpskyw6yG
=ksi5
-----END PGP SIGNATURE-----


Reply to: