Security update for krb5
krb5 was updated to fix three security issues.
These security issues were fixed:
- CVE-2015-2695: Applications which call gss_inquire_context() on a partially-established SPNEGO context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process crash. (bsc#952188).
- CVE-2015-2696: Applications which call gss_inquire_context() on a partially-established IAKERB context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process crash. (bsc#952189).
- CVE-2015-2697: Incorrect string handling in build_principal_va can lead to DOS (bsc#952190).
-
Submitted by
Howard Guo (guohouzuo)
Fixed bugs
bnc#952190
VUL-0: CVE-2015-2697: krb5: invalid string processing
bnc#952189
VUL-0: CVE-2015-2696: krb5: IAKERB context aliasing bugs
bnc#952188
VUL-0: CVE-2015-2695: krb5: SPNEGO context aliasing bugs
