SUSE Linux Enterprise Desktop 11 SP3, SUSE Linux Enterprise Server 11 SP3 for VMware, SUSE Linux Enterprise Server 11 SP3, SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Security Update: Security update for krb5 ______________________________________________________________________________
Announcement ID: SUSE-SU-2015:0257-1 Rating: important References: #872912 #906557 #912002 Cross-References: CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
krb5 has been updated to fix four security issues:
* CVE-2014-5352: gss_process_context_token() incorrectly frees context (bsc#912002) * CVE-2014-9421: kadmind doubly frees partial deserialization results (bsc#912002) * CVE-2014-9422: kadmind incorrectly validates server principal name (bsc#912002) * CVE-2014-9423: libgssrpc server applications leak uninitialized bytes (bsc#912002)
Additionally, these non-security issues have been fixed:
* Winbind process hangs indefinitely without DC. (bsc#872912) * Hanging winbind processes. (bsc#906557)