Overview

File _patchinfo of Package patchinfo.1944

<patchinfo incident="1944">
  <issue id="963964" tracker="bnc">VUL-1: CVE-2015-8630: krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask</issue>
  <issue id="963975" tracker="bnc">VUL-0: CVE-2015-8631: krb5: Memory leak caused by supplying a null principal name in request</issue>
  <issue id="963968" tracker="bnc">VUL-1: CVE-2015-8629: krb5: xdr_nullstring() doesn't check for terminating null character</issue>
  <issue id="CVE-2015-8629" tracker="cve" />
  <issue id="CVE-2015-8630" tracker="cve" />
  <issue id="CVE-2015-8631" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>AndreasStieger</packager>
  <description>
This update for krb5 fixes the following issues:

- CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968)
- CVE-2015-8630: An authenticated attacker with permission to modify a principal entry may have caused kadmind to crash (bsc#963964)
- CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975)
</description>
  <summary>Security update for krb5</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places