[ MDVSA-2015:069 ] krb5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:069
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : krb5
 Date    : March 27, 2015
 Affected: Business Server 1.0, Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in krb5:
 
 The krb5_gss_process_context_token function in
 lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library
 in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2,
 and 1.13.x before 1.13.1 does not properly maintain security-context
 handles, which allows remote authenticated users to cause a denial of
 service (use-after-free and double free, and daemon crash) or possibly
 execute arbitrary code via crafted GSSAPI tra

007 Software

[ MDVSA-2015:069 ] krb5

Leave a Reply Cancel reply

Software and Security Information