Debian Security Advisory
DSA-3153-1 krb5 -- security update
- Date Reported:
- 03 Feb 2015
- Affected Packages:
- krb5
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423.
- More information:
-
Multiple vulnerabilities have been found in krb5, the MIT implementation of Kerberos:
- CVE-2014-5352
Incorrect memory management in the libgssapi_krb5 library might result in denial of service or the execution of arbitrary code.
- CVE-2014-9421
Incorrect memory management in kadmind's processing of XDR data might result in denial of service or the execution of arbitrary code.
- CVE-2014-9422
Incorrect processing of two-component server principals might result in impersonation attacks.
- CVE-2014-9423
An information leak in the libgssrpc library.
For the stable distribution (wheezy), these problems have been fixed in version 1.10.1+dfsg-5+deb7u3.
For the unstable distribution (sid), these problems have been fixed in version 1.12.1+dfsg-17.
We recommend that you upgrade your krb5 packages.
- CVE-2014-5352