File _patchinfo of Package patchinfo

<patchinfo incident="3616">
  <packager>varkoly</packager>
  <issue tracker="bnc" id="910457">VUL-1: CVE-2014-5353: brb5: NULL pointer dereference when using a ticket policy name as a password policy name</issue>
  <issue tracker="bnc" id="910458">VUL-1: CVE-2014-5354: krb5: NULL pointer dereference when using keyless entries</issue>
  <issue tracker="cve" id="CVE-2014-5353"></issue>
  <issue tracker="cve" id="CVE-2014-5354"></issue>
  <issue tracker="cve" id="CVE-2014-5355"></issue>
  <issue tracker="bnc" id="918595">VUL-0: CVE-2014-5355: krb5: denial of service in krb5_read_message</issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>Security update for krb5</summary>
  <description>krb5 was updated to fix three security issues.

Remote authenticated users could cause denial of service.

On openSUSE 13.1 and 13.2 krb5 was updated to fix the following vulnerabilities:
- bnc#910457: CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name
- bnc#918595: CVE-2014-5355: krb5: denial of service in krb5_read_message
On openSUSE 13.1 krb5 was updated to fix the following vulnerability:
- bnc#910458: CVE-2014-5354: NULL pointer dereference when using keyless entries
</description>
</patchinfo>