MGASA-2014-0345

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0345.html

Import Source

https://advisories.mageia.org/MGASA-2014-0345.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2014-0345

Related

Published

2014-08-22T10:58:14Z

Modified

2014-08-22T10:47:40Z

Summary

Updated krb5 package fixes security vulnerabilities

Details

MIT Kerberos 5 allows attackers to cause a denial of service via a buffer over-read or NULL pointer dereference, by injecting invalid tokens into a GSSAPI application session (CVE-2014-4341, CVE-2014-4342).

MIT Kerberos 5 allows attackers to cause a denial of service via a double-free flaw or NULL pointer dereference, while processing invalid SPNEGO tokens (CVE-2014-4343, CVE-2014-4344).

In MIT Kerberos 5, when kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause it to perform an out-of-bounds write (buffer overflow) (CVE-2014-4345).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:3 / krb5

Package

Name: krb5
Purl: pkg:rpm/mageia/krb5?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.11.1-1.4.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:4 / krb5

Package

Name: krb5
Purl: pkg:rpm/mageia/krb5?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.11.4-1.1.mga4

Ecosystem specific

{
    "section": "core"
}