Debian Security Advisory DSA-3466-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
February 04, 2016 https://www.debian.org/security/faq
Package : krb5
CVE ID : CVE-2015-8629 CVE-2015-8630 CVE-2015-8631
Debian Bug : 813126 813127 813296
Several vulnerabilities were discovered in krb5, the MIT implementation
of Kerberos. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2015-8629
It was discovered that an authenticated attacker can cause kadmind
to read beyond the end of allocated memory by sending a string
without a terminating zero byte. Information leakage may be possible
for an attacker with permission to modify the database.
CVE-2015-8630
It was discovered that an authenticated attacker with permission to
modify a principal entry can cause kadmind to dereference a null
pointer by supplying a null policy value but including KADM5_POLICY
in the mask.
CVE-2015-8631
It was discovered that an authenticated attacker can cause kadmind
to leak memory by supplying a null principal name in a request which
uses one. Repeating these requests will eventually cause kadmind to
exhaust all available memory.
For the oldstable distribution (wheezy), these problems have been fixed
in version 1.10.1+dfsg-5+deb7u7. The oldstable distribution (wheezy) is
not affected by CVE-2015-8630.
For the stable distribution (jessie), these problems have been fixed in
version 1.12.1+dfsg-19+deb8u2.
We recommend that you upgrade your krb5 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | mips | krb5-multidev | < 1.12.1+dfsg-19+deb8u2 | krb5-multidev_1.12.1+dfsg-19+deb8u2_mips.deb |
Debian | 8 | armel | libgssapi-krb5-2 | < 1.12.1+dfsg-19+deb8u2 | libgssapi-krb5-2_1.12.1+dfsg-19+deb8u2_armel.deb |
Debian | 7 | s390x | libkrb5-3 | < 1.10.1+dfsg-5+deb7u7 | libkrb5-3_1.10.1+dfsg-5+deb7u7_s390x.deb |
Debian | 7 | mipsel | libgssapi-krb5-2 | < 1.10.1+dfsg-5+deb7u7 | libgssapi-krb5-2_1.10.1+dfsg-5+deb7u7_mipsel.deb |
Debian | 7 | amd64 | krb5-kdc | < 1.10.1+dfsg-5+deb7u7 | krb5-kdc_1.10.1+dfsg-5+deb7u7_amd64.deb |
Debian | 7 | i386 | krb5-kdc-ldap | < 1.10.1+dfsg-5+deb7u7 | krb5-kdc-ldap_1.10.1+dfsg-5+deb7u7_i386.deb |
Debian | 8 | armel | krb5-admin-server | < 1.12.1+dfsg-19+deb8u2 | krb5-admin-server_1.12.1+dfsg-19+deb8u2_armel.deb |
Debian | 7 | kfreebsd-i386 | libkadm5clnt-mit8 | < 1.10.1+dfsg-5+deb7u7 | libkadm5clnt-mit8_1.10.1+dfsg-5+deb7u7_kfreebsd-i386.deb |
Debian | 7 | mips | krb5-pkinit | < 1.10.1+dfsg-5+deb7u7 | krb5-pkinit_1.10.1+dfsg-5+deb7u7_mips.deb |
Debian | 7 | i386 | libk5crypto3 | < 1.10.1+dfsg-5+deb7u7 | libk5crypto3_1.10.1+dfsg-5+deb7u7_i386.deb |