Lucene search
DebianDEBIAN:DLA-423-1:273DCHistoryFeb 22, 2016 - 8:43 p.m.
[SECURITY] [DLA 423-1] krb5 security update
2016-02-2220:43:38
lists.debian.org
16
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
6.1
Confidence
High
EPSS
0.064
Percentile
93.7%
Package : krb5
Version : 1.8.3+dfsg-4squeeze11
CVE ID : CVE-2015-8629 CVE-2015-8631
Debian Bug : 813126 813296
CVE-2015-8629
It was discovered that an authenticated attacker can cause kadmind
to read beyond the end of allocated memory by sending a string
without a terminating zero byte. Information leakage may be possible
for an attacker with permission to modify the database.
CVE-2015-8631
It was discovered that an authenticated attacker can cause kadmind
to leak memory by supplying a null principal name in a request which
uses one. Repeating these requests will eventually cause kadmind to
exhaust all available memory.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 8 | arm64 | krb5-user | < 1.12.1+dfsg-19+deb8u2 | krb5-user_1.12.1+dfsg-19+deb8u2_arm64.deb |
| Debian | 8 | amd64 | libkadm5srv-mit9 | < 1.12.1+dfsg-19+deb8u2 | libkadm5srv-mit9_1.12.1+dfsg-19+deb8u2_amd64.deb |
| Debian | 8 | mipsel | krb5-kdc | < 1.12.1+dfsg-19+deb8u2 | krb5-kdc_1.12.1+dfsg-19+deb8u2_mipsel.deb |
| Debian | 8 | kfreebsd-amd64 | libk5crypto3 | < 1.12.1+dfsg-19+deb8u2 | libk5crypto3_1.12.1+dfsg-19+deb8u2_kfreebsd-amd64.deb |
| Debian | 8 | ppc64el | krb5-admin-server | < 1.12.1+dfsg-19+deb8u2 | krb5-admin-server_1.12.1+dfsg-19+deb8u2_ppc64el.deb |
| Debian | 8 | armhf | krb5-user | < 1.12.1+dfsg-19+deb8u2 | krb5-user_1.12.1+dfsg-19+deb8u2_armhf.deb |
| Debian | 8 | mips | libkadm5clnt-mit9 | < 1.12.1+dfsg-19+deb8u2 | libkadm5clnt-mit9_1.12.1+dfsg-19+deb8u2_mips.deb |
| Debian | 7 | s390 | libkrb5-dev | < 1.10.1+dfsg-5+deb7u7 | libkrb5-dev_1.10.1+dfsg-5+deb7u7_s390.deb |
| Debian | 8 | ppc64el | libkdb5-7 | < 1.12.1+dfsg-19+deb8u2 | libkdb5-7_1.12.1+dfsg-19+deb8u2_ppc64el.deb |
| Debian | 7 | sparc | libkrb5-dbg | < 1.10.1+dfsg-5+deb7u7 | libkrb5-dbg_1.10.1+dfsg-5+deb7u7_sparc.deb |
Related
nessus
nessus
Scientific Linux Security Update : krb5 on SL6.x i386/x86_64 (20160323)
2016-03-24 00:00:00
SUSE SLED11 / SLES11 Security Update : krb5 (SUSE-SU-2016:0430-1)
2016-02-12 00:00:00
Oracle Linux 6 : krb5 (ELSA-2016-0493)
2016-03-23 00:00:00
osv
osv
krb5 - security update
2016-02-22 00:00:00
krb5 - security update
2016-02-04 00:00:00
CVE-2015-8631
2016-02-13 02:59:00
openvas
openvas
RedHat Update for krb5 RHSA-2016:0493-01
2016-03-23 00:00:00
Oracle: Security Advisory (ELSA-2016-0493)
2016-03-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:0430-1)
2021-06-09 00:00:00
centos
centos
krb5 security update
2016-03-23 13:10:27
krb5 security update
2016-03-31 20:56:46
ibm
ibm
redhat
redhat
(RHSA-2016:22678) Moderate: krb5 security update
2016-02-12 05:00:00
(RHSA-2016:0493) Moderate: krb5 security update
2016-03-22 00:00:00
(RHSA-2016:0532) Moderate: krb5 security update
2016-03-31 14:15:36
oraclelinux
oraclelinux
krb5 security update
2016-03-22 00:00:00
krb5 security update
2016-03-31 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:28:07
Denial Of Service (DoS)
2019-01-15 09:11:07
mageia
mageia
Updated krb5 packages fix security vulnerability
2016-02-05 20:26:09
debian
debian
[SECURITY] [DSA 3466-1] krb5 security update
2016-02-04 21:03:40
[SECURITY] [DSA 3466-1] krb5 security update
2016-02-04 21:03:40
amazon
amazon
Medium: krb5
2016-04-21 16:00:00
f5
f5
K38310742 : Kerberos vulnerability CVE-2015-8629
2016-10-20 00:00:00
SOL38310742 - Kerberos vulnerability CVE-2015-8629
2016-10-20 00:00:00
cvelist
cvelist
CVE-2015-8629
2016-02-13 02:00:00
CVE-2015-8631
2016-02-13 02:00:00
debiancve
debiancve
CVE-2015-8629
2016-02-13 02:59:00
CVE-2015-8631
2016-02-13 02:59:02
ubuntucve
ubuntucve
CVE-2015-8629
2016-02-13 00:00:00
CVE-2015-8631
2016-02-13 00:00:00
alpinelinux
alpinelinux
CVE-2015-8629
2016-02-13 02:59:00
CVE-2015-8631
2016-02-13 02:59:02
prion
prion
Out-of-bounds
2016-02-13 02:59:00
Null pointer dereference
2016-02-13 02:59:00
nvd
nvd
CVE-2015-8629
2016-02-13 02:59:00
CVE-2015-8631
2016-02-13 02:59:02
cve
cve
CVE-2015-8629
2016-02-13 02:59:00
CVE-2015-8631
2016-02-13 02:59:02
fedora
fedora
[SECURITY] Fedora 23 Update: krb5-1.14-7.fc23
2016-01-31 06:51:20
[SECURITY] Fedora 22 Update: krb5-1.13.2-13.fc22
2016-02-15 03:23:43
[SECURITY] Fedora 23 Update: krb5-1.14-7.fc23
2016-01-31 05:50:16
altlinux
altlinux
Security fix for the ALT Linux 8 package krb5 version 1.14.2-alt1
2016-04-26 00:00:00
Security fix for the ALT Linux 9 package krb5 version 1.14.2-alt1
2016-04-25 00:00:00
Security fix for the ALT Linux 7 package krb5 version 1.13.7-alt0.M70P.1
2017-04-13 00:00:00
photon
photon
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
6.1
Confidence
High
EPSS
0.064
Percentile
93.7%
Related for DEBIAN:DLA-423-1:273DC