Debian: DSA-3000-1: krb5 security update

Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems:

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3000-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/                      Salvatore Bonaccorso
August 09, 2014                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : krb5
CVE ID         : CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 
                 CVE-2014-4345
Debian Bug     : 753624 753625 755520 755521 757416

Several vulnerabilities were discovered in krb5, the MIT implementation
of Kerberos. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2014-4341

    An unauthenticated remote attacker with the ability to inject
    packets into a legitimately established GSSAPI application session
    can cause a program crash due to invalid memory references when
    attempting to read beyond the end of a buffer.

CVE-2014-4342

    An unauthenticated remote attacker with the ability to inject
    packets into a legitimately established GSSAPI application session
    can cause a program crash due to invalid memory references when
    reading beyond the end of a buffer or by causing a null pointer
    dereference.

CVE-2014-4343

    An unauthenticated remote attacker with the ability to spoof packets
    appearing to be from a GSSAPI acceptor can cause a double-free
    condition in GSSAPI initiators (clients) which are using the SPNEGO
    mechanism, by returning a different underlying mechanism than was
    proposed by the initiator. A remote attacker could exploit this flaw
    to cause an application crash or potentially execute arbitrary code.

CVE-2014-4344

    An unauthenticated or partially authenticated remote attacker can
    cause a NULL dereference and application crash during a SPNEGO
    negotiation by sending an empty token as the second or later context
    token from initiator to acceptor.

CVE-2014-4345

    When kadmind is configured to use LDAP for the KDC database, an
    authenticated remote attacker can cause it to perform an
    out-of-bounds write (buffer overflow).

For the stable distribution (wheezy), these problems have been fixed in
version 1.10.1+dfsg-5+deb7u2.

For the unstable distribution (sid), these problems have been fixed in
version 1.12.1+dfsg-7.

We recommend that you upgrade your krb5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.