SUSE: 2015:0257-1 Important: Krb5 Multiple Security Issues
suse
February 11, 2015
An update that fixes four vulnerabilities is now available
Summary
krb5 has been updated to fix four security issues:
* CVE-2014-5352: gss_process_context_token() incorrectly frees context
(bsc#912002)
* CVE-2014-9421: kadmind doubly frees partial deserialization results
(bsc#912002)
* CVE-2014-9422: kadmind incorrectly validates server principal name
(bsc#912002)
* CVE-2014-9423: libgssrpc server applications leak uninitialized
bytes (bsc#912002)
Additionally, these non-security issues have been fixed:
* Winbind process hangs indefinitely without DC. (bsc#872912)
* Hanging winbind processes. (bsc#906557)
Security Issues:
* CVE-2014-5352
Topics Covered
References
#872912 #906557 #912002
Cross- CVE-2014-5352 CVE-2014-9421 CVE-2014-9422
CVE-2014-9423
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Desktop 11 SP3
https://www.suse.com/security/cve/CVE-2014-5352.html
https://www.suse.com/security/cve/CVE-2014-9421.html
https://www.suse.com/security/cve/CVE-2014-9422.html
https://www.suse.com/security/cve/CVE-2014-9423.html
https://bugzilla.suse.com/show_bug.cgi?id=872912
https://bugzilla.suse.com/show_bug.cgi?id=906557
https://bugzilla.suse.com/show_bug.cgi?id=912002
https://scc.suse.com:443/patches/
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2015:0257-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!