Security update for krb5
krb5 was updated to fix three security issues.
Remote authenticated users could cause denial of service.
On openSUSE 13.1 and 13.2 krb5 was updated to fix the following vulnerabilities:
- bnc#910457: CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name
- bnc#918595: CVE-2014-5355: krb5: denial of service in krb5_read_message
On openSUSE 13.1 krb5 was updated to fix the following vulnerability:
- bnc#910458: CVE-2014-5354: NULL pointer dereference when using keyless entries
-
Submitted by
Peter Varkoly (varkoly)
Fixed bugs
bnc#910457
VUL-1: CVE-2014-5353: brb5: NULL pointer dereference when using a ticket policy name as a password policy name
bnc#910458
VUL-1: CVE-2014-5354: krb5: NULL pointer dereference when using keyless entries
bnc#918595
VUL-0: CVE-2014-5355: krb5: denial of service in krb5_read_message
