OVMSA-2015-0054

OVMSA-2015-0054 - krb5 security update

Type:SECURITY
Severity:MODERATE
Release Date:2015-04-09

Description


[1.10.3-37]
- fix for CVE-2014-5355 (#1193939) 'krb5: unauthenticated
denial of service in recvauth_common() and others'

[1.10.3-36]
- fix for CVE-2014-5353 (#1174543) 'Fix LDAP misused policy
name crash'

[1.10.3-35]
- Changelog fixes to make errata subsystem happy.

[1.10.3-34]
- fix for CVE-2014-5352 (#1179856) 'gss_process_context_token()
incorrectly frees context (MITKRB5-SA-2015-001)'
- fix for CVE-2014-9421 (#1179857) 'kadmind doubly frees partial
deserialization results (MITKRB5-SA-2015-001)'
- fix for CVE-2014-9422 (#1179861) 'kadmind incorrectly
validates server principal name (MITKRB5-SA-2015-001)'


Related CVEs


CVE-2014-5352
CVE-2014-5353
CVE-2014-9421
CVE-2014-9422
CVE-2014-5355

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle VM 3.3 (x86_64) krb5-1.10.3-37.el6_6.src.rpm2bb8ea661d8eee3aba7d72fe1095be62OVMSA-2016-0039
krb5-libs-1.10.3-37.el6_6.x86_64.rpma381bd8d9e3498c8628fd81bb8b27fedOVMSA-2016-0039



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete