SUSE-SU-2015:0257-1

Source
https://www.suse.com/support/update/announcement/2015/suse-su-20150257-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:0257-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2015:0257-1
Related
Published
2015-02-06T09:35:09Z
Modified
2015-02-06T09:35:09Z
Summary
Security update for krb5
Details

krb5 has been updated to fix four security issues:

* CVE-2014-5352: gss_process_context_token() incorrectly frees context
  (bsc#912002)
* CVE-2014-9421: kadmind doubly frees partial deserialization results
  (bsc#912002)
* CVE-2014-9422: kadmind incorrectly validates server principal name
  (bsc#912002)
* CVE-2014-9423: libgssrpc server applications leak uninitialized bytes
  (bsc#912002)

Additionally, these non-security issues have been fixed:

* Winbind process hangs indefinitely without DC. (bsc#872912)
* Hanging winbind processes. (bsc#906557)

Security Issues:

* CVE-2014-5352
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352>
* CVE-2014-9421
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421>
* CVE-2014-9422
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422>
* CVE-2014-9423
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423>
References

Affected packages