Overview

File _patchinfo of Package patchinfo.import5303

<patchinfo incident="krb5" version="5303">
  <issue tracker="bnc" id="719393" />
  <issue tracker="CVE" id="CVE-2011-1526" />
  <issue tracker="CVE" id="CVE-2011-1528" />
  <issue tracker="CVE" id="CVE-2011-1529" />
  <category>security</category>
  <rating>low</rating>
  <summary>krb5: fixed kdc remote denial of service ( CVE-2011-1528, CVE-2011-1529) and unauthorized file access (CVE-2011-1526)</summary>
  <description>The following issues have been fixed: 

- CVE-2011-1528: In releases krb5-1.8 and later, the KDC
  can crash due  to an assertion failure. 
- CVE-2011-1529: In releases krb5-1.8 and later, the KDC
  can crash due  to a null pointer dereference. 

Both bugs could be triggered by unauthenticated remote
attackers.  Additionally CVE-2011-1526 was fixed that
allowed authenticated users to  access files via krb5 ftpd
they should not have access to.
</description>
  <packager>adrianSuSE</packager>
</patchinfo>
openSUSE Build Service is sponsored by
Places