drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in krb5
Name: |
Mehrere Probleme in krb5 |
|
ID: |
DSA-3466-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian wheezy, Debian jessie |
|
Datum: |
Do, 4. Februar 2016, 22:54 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8631
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8630 |
|
Applikationen: |
MIT Kerberos |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3466-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 04, 2016 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : krb5 CVE ID : CVE-2015-8629 CVE-2015-8630 CVE-2015-8631 Debian Bug : 813126 813127 813296
Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2015-8629
It was discovered that an authenticated attacker can cause kadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database.
CVE-2015-8630
It was discovered that an authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying a null policy value but including KADM5_POLICY in the mask.
CVE-2015-8631
It was discovered that an authenticated attacker can cause kadmind to leak memory by supplying a null principal name in a request which uses one. Repeating these requests will eventually cause kadmind to exhaust all available memory.
For the oldstable distribution (wheezy), these problems have been fixed in version 1.10.1+dfsg-5+deb7u7. The oldstable distribution (wheezy) is not affected by CVE-2015-8630.
For the stable distribution (jessie), these problems have been fixed in version 1.12.1+dfsg-19+deb8u2.
We recommend that you upgrade your krb5 packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJWs7yCAAoJEAVMuPMTQ89E6zkP/0QCDJ5v0GGvYo0wzd9Kkj8c S7jXr1N34kFZCggbVF20C7d0BYYLmrDfyfyQAhDIcnzwbe0NQpyR5sAr3qv8v/xk 4OOTlR/l0DBPwxscGbBI1dIYCFBk/w6Q0f57mbz/QQiGiY/Xnjfd9fs7Muqs4hAb /j4ToBmEUY6tmyS0PZGoyYBYM/zkVPxLT7xjPu9vEtbb2unZhghos2dtaJHVvk7U YjdA25CTWAR2ige38v8Ml+sRsU7UNMmXzhDaeBBhEOKuEBfKycwgfRHaBk7k0YXy 0j89+AZdGLs7kn7YY9QUh3Af+a3L7oiXJ0TG4F9hqhNCkG954B5LAqYmkAh7jBmP I9CoIO4+uyjQB253gIx7DdWrAel+JbQy8g8+kgHaUaY8wfIoFZ1YRgsGzRSnH8PK 2oGk1XaqVpQYqVP/Gc3FBg9r4TJIsPOlFIkQivtmbg65wSH/LLrCa0DyU5yAVZuM 0+0XfDHIDMZqe7Z6+FppHozk7AhB++kSuZF17I0IJR/edARsJPw61Q3tQF4Vormu h7rNfh7Br5bRA6//xsnWsKA26ZR238NH3YUk12Cw2B1cH4nbSba0Dss3G90jQxZn eYu3C1XeNTsaGeAPEKKYty/GxW/gQCWvLbvM6AqnIxDhwqjVVo18WjUoFQDZW6aa YHpYvqcqBRxjFizxH7D2 =X2oA -----END PGP SIGNATURE-----
|
|
|
|