[SECURITY] [DLA 423-1] krb5 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : krb5
Version : 1.8.3+dfsg-4squeeze11
CVE ID : CVE-2015-8629 CVE-2015-8631
Debian Bug : 813126 813296
CVE-2015-8629
It was discovered that an authenticated attacker can cause kadmind
to read beyond the end of allocated memory by sending a string
without a terminating zero byte. Information leakage may be possible
for an attacker with permission to modify the database.
CVE-2015-8631
It was discovered that an authenticated attacker can cause kadmind
to leak memory by supplying a null principal name in a request which
uses one. Repeating these requests will eventually cause kadmind to
exhaust all available memory.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQJ8BAEBCgBmBQJWy3L6XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH7FkQAMGLBTunTGjpxEiosDsHbrbM
HdrVui6KUi4DqqBolX9/HISbgW6eQpqmLIbeadiYSZCJ4zlLqFeraO0dVUTwAvCJ
Hp9AiWozqIaQSlhYfOUqMGnh1e9NSFMCSMbtD5rsBPbefI7SpcAtO4snp1i0WC3I
RAJ/DURjhsDKzIT9YoiJEqzJKRVZD/ByyF6gwr4Bo8Lf5w9C48k+M82Pt/jNrN3a
5dxMAPo3jmm+yrK2aHZiguE99ioR1L7YulWSy8g2C2ZoYzVhhvNKNNLlLygC6EcU
5LEv9YK9T13ka7DXhytWy+I0C7AinXmM5Y/3jpJB/Nt+Eye0TuaaKMnkcnOD9AX1
AFMqUyHHMFMK3NDMhHKBYz82uCW0UlXaWFQMABjCyNEHKaZRLnERv7na2HjhU+y7
A7+nGkoY8jGSn1zbAX1bl/RON7cjD7njaEfe3/I5J2g1k8TTT2rk4Ooin20nJSJQ
EAINTxqOZGxAEWeEGzUQLA2gKX+9/N6RJoztohIQVC6BlYnr+m8g/nF5EevLRpR/
3K8ovBVC044yGiezEB4Hvq6jskYY6JlKkQAl1lTclRtV+Kka/U3HzJz/yKkw6pec
y2OEHRESLGwSBPpvyF25oOazIU3zeHXsGvGZZT+75vux/E4laTEwWubUjOtgbDfA
zirOd4isQbAi258RLnsC
=1zSt
-----END PGP SIGNATURE-----
Reply to: