Denial of Service in krb5
ID: | FEDORA-2015-5949 |
Distribution: | Fedora |
Plattformen: | Fedora 22 |
Datum: | Do, 23. April 2015, 07:42 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5353 |
Applikationen: | MIT Kerberos |
Originalnachricht |
|
Name : krb5 Product : Fedora 22 Version : 1.13.1 Release : 2.fc22 URL : http://web.mit.edu/kerberos/www/ Summary : The Kerberos network authentication system Description : Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted form. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2014-5353 (this was fixed in an older build but the announcement was lost) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1174543 - CVE-2014-5353 krb5: NULL pointer dereference when using a ticket policy name as a password policy name https://bugzilla.redhat.com/show_bug.cgi?id=1174543 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update krb5' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce |