Security update for krb5
This update for krb5 fixes the following issues:
- CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968)
- CVE-2015-8630: An authenticated attacker with permission to modify a principal entry may have caused kadmind to crash (bsc#963964)
- CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975)
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Andreas Stieger (AndreasStieger)
Fixed bugs
bnc#963964
VUL-1: CVE-2015-8630: krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask
bnc#963975
VUL-0: CVE-2015-8631: krb5: Memory leak caused by supplying a null principal name in request
bnc#963968
VUL-1: CVE-2015-8629: krb5: xdr_nullstring() doesn't check for terminating null character
