[ubuntu/xenial-proposed] krb5 1.13.2+dfsg-5 (Accepted)
Sam Hartman
hartmans at debian.org
Sat Feb 27 00:56:15 UTC 2016
krb5 (1.13.2+dfsg-5) unstable; urgency=high
* Security Update
* Verify decoded kadmin C strings [CVE-2015-8629]
CVE-2015-8629: An authenticated attacker can cause kadmind to read
beyond the end of allocated memory by sending a string without a
terminating zero byte. Information leakage may be possible for an
attacker with permission to modify the database. (Closes: #813296)
* Check for null kadm5 policy name [CVE-2015-8630]
CVE-2015-8630: An authenticated attacker with permission to modify a
principal entry can cause kadmind to dereference a null pointer by
supplying a null policy value but including KADM5_POLICY in the mask.
(Closes: #813127)
* Fix leaks in kadmin server stubs [CVE-2015-8631]
CVE-2015-8631: An authenticated attacker can cause kadmind to leak
memory by supplying a null principal name in a request which uses one.
Repeating these requests will eventually cause kadmind to exhaust all
available memory. (Closes: #813126)
Date: 2016-02-23 22:16:43.612192+00:00
Changed-By: Sam Hartman <hartmans at debian.org>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list