[SECURITY] [DLA 423-1] krb5 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 423-1] krb5 security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Mon, 22 Feb 2016 21:43:38 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1602222140120.17530@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : krb5
Version        : 1.8.3+dfsg-4squeeze11
CVE ID         : CVE-2015-8629 CVE-2015-8631
Debian Bug     : 813126 813296

CVE-2015-8629

    It was discovered that an authenticated attacker can cause kadmind
    to read beyond the end of allocated memory by sending a string
    without a terminating zero byte. Information leakage may be possible
    for an attacker with permission to modify the database.

CVE-2015-8631

    It was discovered that an authenticated attacker can cause kadmind
    to leak memory by supplying a null principal name in a request which
    uses one. Repeating these requests will eventually cause kadmind to
    exhaust all available memory.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJWy3L6XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH7FkQAMGLBTunTGjpxEiosDsHbrbM
HdrVui6KUi4DqqBolX9/HISbgW6eQpqmLIbeadiYSZCJ4zlLqFeraO0dVUTwAvCJ
Hp9AiWozqIaQSlhYfOUqMGnh1e9NSFMCSMbtD5rsBPbefI7SpcAtO4snp1i0WC3I
RAJ/DURjhsDKzIT9YoiJEqzJKRVZD/ByyF6gwr4Bo8Lf5w9C48k+M82Pt/jNrN3a
5dxMAPo3jmm+yrK2aHZiguE99ioR1L7YulWSy8g2C2ZoYzVhhvNKNNLlLygC6EcU
5LEv9YK9T13ka7DXhytWy+I0C7AinXmM5Y/3jpJB/Nt+Eye0TuaaKMnkcnOD9AX1
AFMqUyHHMFMK3NDMhHKBYz82uCW0UlXaWFQMABjCyNEHKaZRLnERv7na2HjhU+y7
A7+nGkoY8jGSn1zbAX1bl/RON7cjD7njaEfe3/I5J2g1k8TTT2rk4Ooin20nJSJQ
EAINTxqOZGxAEWeEGzUQLA2gKX+9/N6RJoztohIQVC6BlYnr+m8g/nF5EevLRpR/
3K8ovBVC044yGiezEB4Hvq6jskYY6JlKkQAl1lTclRtV+Kka/U3HzJz/yKkw6pec
y2OEHRESLGwSBPpvyF25oOazIU3zeHXsGvGZZT+75vux/E4laTEwWubUjOtgbDfA
zirOd4isQbAi258RLnsC
=1zSt
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 424-1] didiwiki security update
Next by Date: [SECURITY] [DLA 425-1] libssh security update
Previous by thread: [SECURITY] [DLA 424-1] didiwiki security update
Next by thread: [SECURITY] [DLA 425-1] libssh security update
Index(es):
- Date
- Thread