[ubuntu/trusty-security] krb5 1.12+dfsg-2ubuntu4.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Aug 11 12:51:30 UTC 2014
krb5 (1.12+dfsg-2ubuntu4.2) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via invalid tokens
- debian/patches/CVE-2014-4341-4342.patch: handle invalid tokens in
src/lib/gssapi/krb5/k5unseal.c, src/lib/gssapi/krb5/k5unsealiov.c.
- CVE-2014-4341
- CVE-2014-4342
* SECURITY UPDATE: denial of service via double-free in SPNEGO
- debian/patches/CVE-2014-4343.patch: fix double-free in
src/lib/gssapi/spnego/spnego_mech.c.
- CVE-2014-4343
* SECURITY UPDATE: denial of service via null deref in SPNEGO acceptor
- debian/patches/CVE-2014-4344.patch: validate REMAIN in
src/lib/gssapi/spnego/spnego_mech.c.
- CVE-2014-4344
* SECURITY UPDATE: denial of service and possible code execution in
kadmind with LDAP backend
- debian/patches/CVE-2014-4345.patch: fix off-by-one in
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
- CVE-2014-4345
Date: 2014-08-08 19:21:12.745040+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/trusty/+source/krb5/1.12+dfsg-2ubuntu4.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list