RHSA-2014:1389Medium
Red Hat Security Advisory: krb5 security and bug fix update
🔗 CVE IDs covered (7)
📋 Description
CVE-2013-1418 — krb5: multi-realm KDC null dereference leads to crash CVE-2013-6800 — krb5: KDC remote DoS (NULL pointer dereference and daemon crash) CVE-2014-4341 — krb5: denial of service flaws when handling padding length longer than the plaintext CVE-2014-4342 — krb5: denial of service flaws when handling RFC 1964 tokens CVE-2014-4343 — krb5: double-free flaw in SPNEGO initiators CVE-2014-4344 — krb5: NULL pointer dereference flaw in SPNEGO acceptor for continuation tokens CVE-2014-4345 — krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001)
🔗 References (16)
- selfhttps://access.redhat.com/errata/RHSA-2014:1389
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.6_Technical_Notes/krb5.html#RHSA-2014-1389
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1001961
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1009389
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1026942
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1031499
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1059730
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1087068
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1113652
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1116180
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1120581
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1121876
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1121877
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1128157
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_1389.json