Synopsis: Moderate: krb5 security update
Advisory ID: SLSA-2016:0493-1
Issue Date: 2016-03-23
CVE Numbers: CVE-2015-8629
CVE-2015-8631
—
A memory leak flaw was found in the krb5_unparse_name() function of the
MIT Kerberos kadmind service. An authenticated attacker could repeatedly
send specially crafted requests to the server, which could cause the
server to consume large amounts of memory resources, ultimately leading to
a denial of service due to memory exhaustion. (CVE-2015-8631)
An out-of-bounds read flaw was found in the kadmind service of MIT
Kerberos. An authenticated attacker could send a maliciously crafted
message to force kadmind to read beyond the end of allocated memory, and
write the memory contents to the KDC database if the attacker has write
permission, leading to information disclosure. (CVE-2015-8629)
After installing the updated packages, running Kerberos services (krb5kdc,
kadmin, and kprop) will be restarted automatically.
—
SL6
x86_64
krb5-debuginfo-1.10.3-42z1.el6_7.i686.rpm
krb5-debuginfo-1.10.3-42z1.el6_7.x86_64.rpm
krb5-libs-1.10.3-42z1.el6_7.i686.rpm
krb5-libs-1.10.3-42z1.el6_7.x86_64.rpm
krb5-pkinit-openssl-1.10.3-42z1.el6_7.x86_64.rpm
krb5-workstation-1.10.3-42z1.el6_7.x86_64.rpm
krb5-devel-1.10.3-42z1.el6_7.i686.rpm
krb5-devel-1.10.3-42z1.el6_7.x86_64.rpm
krb5-server-1.10.3-42z1.el6_7.x86_64.rpm
krb5-server-ldap-1.10.3-42z1.el6_7.i686.rpm
krb5-server-ldap-1.10.3-42z1.el6_7.x86_64.rpm
i386
krb5-debuginfo-1.10.3-42z1.el6_7.i686.rpm
krb5-libs-1.10.3-42z1.el6_7.i686.rpm
krb5-pkinit-openssl-1.10.3-42z1.el6_7.i686.rpm
krb5-workstation-1.10.3-42z1.el6_7.i686.rpm
krb5-devel-1.10.3-42z1.el6_7.i686.rpm
krb5-server-1.10.3-42z1.el6_7.i686.rpm
krb5-server-ldap-1.10.3-42z1.el6_7.i686.rpm
– Scientific Linux Development Team
