Overview

File _patchinfo of Package patchinfo.488

<patchinfo incident="488">
  <packager>varkoly</packager>
  <issue tracker="bnc" id="910458">VUL-1: CVE-2014-5354: krb5: NULL pointer dereference when using keyless entries</issue>
  <issue tracker="bnc" id="910457">VUL-1: CVE-2014-5353: krb5: NULL pointer dereference when using a ticket policy name as a password policy name</issue>
  <issue tracker="bnc" id="918595">VUL-0: CVE-2014-5355: krb5: denial of service in krb5_read_message</issue>
  <issue id="928978" tracker="bnc"></issue>
  <issue tracker="cve" id="CVE-2014-5353"></issue>
  <issue tracker="cve" id="CVE-2014-5355"></issue>
  <issue tracker="cve" id="CVE-2014-5354"></issue>
  <issue id="CVE-2015-2694" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <summary>Security update for krb5</summary>
  <description>krb5 was updated to fix four security issues.

These security issues were fixed:
- CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name (bsc#910457).
- CVE-2014-5354: NULL pointer dereference when using keyless entries (bsc#910458).
- CVE-2014-5355: Denial of service in krb5_read_message (bsc#918595).
- CVE-2015-2694: OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass (bsc#928978).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places