UbuntuUpdates.org

Bugs fixes in "krb5"

Origin Bug number Title Date fixed
CVE CVE-2015-5355 Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via t 2015-11-12
CVE CVE-2014-5355 MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' charac 2015-11-12
CVE CVE-2002-2443 schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, 2015-11-12
CVE CVE-2015-2698 memory corruption caused due to original patch for CVE-2015-2696 2015-11-12
CVE CVE-2015-2697 The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a den 2015-11-12
CVE CVE-2015-2696 lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a 2015-11-12
CVE CVE-2015-2695 lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to 2015-11-12
CVE CVE-2015-5355 Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via t 2015-11-12
CVE CVE-2014-5355 MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' charac 2015-11-12
CVE CVE-2002-2443 schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, 2015-11-12
CVE CVE-2015-2698 memory corruption caused due to original patch for CVE-2015-2696 2015-11-12
CVE CVE-2015-2697 The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a den 2015-11-12
CVE CVE-2015-2696 lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a 2015-11-12
CVE CVE-2015-2695 lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to 2015-11-12
CVE CVE-2015-2694 The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validat 2015-11-12
CVE CVE-2015-5355 Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via t 2015-11-12
CVE CVE-2014-5355 MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' charac 2015-11-12
CVE CVE-2015-2698 memory corruption caused due to original patch for CVE-2015-2696 2015-11-12
CVE CVE-2015-2697 The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a den 2015-11-12
CVE CVE-2015-2696 lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a 2015-11-12



About   -   Send Feedback to @ubuntu_updates