Overview

File _patchinfo of Package patchinfo.1386

<patchinfo incident="1386">
  <issue id="952190" tracker="bnc">VUL-0: CVE-2015-2697: krb5: invalid string processing</issue>
  <issue id="948011" tracker="bnc">kerberos: kadmin.local manpage refers to kadmin.1 which is in different package</issue>
  <issue id="952189" tracker="bnc">VUL-0: CVE-2015-2696: krb5: IAKERB context aliasing bugs</issue>
  <issue id="952188" tracker="bnc">VUL-0: CVE-2015-2695: krb5: SPNEGO context aliasing bugs</issue>
  <issue id="CVE-2015-2695" tracker="cve" />
  <issue id="CVE-2015-2696" tracker="cve" />
  <issue id="CVE-2015-2697" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>hguo</packager>
  <description>krb5 was updated to fix three security issues.

These security issues were fixed:
- CVE-2015-2695: Applications which call gss_inquire_context() on a partially-established SPNEGO context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process crash. (bsc#952188).
- CVE-2015-2696: Applications which call gss_inquire_context() on a partially-established IAKERB context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process crash. (bsc#952189).
- CVE-2015-2697: Incorrect string handling in build_principal_va can lead to DOS (bsc#952190).
  </description>
  <summary>Security update for krb5</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places