Fedora 21: krb5 Security Update 2015-7878
Summary
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of sending passwords over the network in unencrypted form.
Update Information:
Security fix for CVE-2015-2694 Security fix for CVE-2014-5353 (this was fixed in an older build but the announcement was lost)
Change Log
* Mon May 4 2015 Roland Mainz
References
[ 1 ] Bug #1216133 - CVE-2015-2694 krb5: issues in OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass https://bugzilla.redhat.com/show_bug.cgi?id=1216133 [ 2 ] Bug #1174543 - CVE-2014-5353 krb5: NULL pointer dereference when using a ticket policy name as a password policy name https://bugzilla.redhat.com/show_bug.cgi?id=1174543
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update krb5' at the command line. For more information, refer to "Managing Software with yum", available at .