UbuntuUpdates.org

Package "libkrb5-3"

Name: libkrb5-3

Description:

MIT Kerberos runtime libraries

Latest version: 1.12+dfsg-2ubuntu5.4
Release: trusty (14.04)
Level: updates
Repository: main
Head package: krb5
Homepage: http://web.mit.edu/kerberos/

Links

Save this URL for the latest version of "libkrb5-3": https://www.ubuntuupdates.org/libkrb5-3


Download "libkrb5-3"


Other versions of "libkrb5-3" in Trusty

Repository Area Version
base main 1.12+dfsg-2ubuntu4
security main 1.12+dfsg-2ubuntu5.4

Changelog

Version: 1.12+dfsg-2ubuntu4.2 2014-08-11 15:06:33 UTC

  krb5 (1.12+dfsg-2ubuntu4.2) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via invalid tokens
    - debian/patches/CVE-2014-4341-4342.patch: handle invalid tokens in
      src/lib/gssapi/krb5/k5unseal.c, src/lib/gssapi/krb5/k5unsealiov.c.
    - CVE-2014-4341
    - CVE-2014-4342
  * SECURITY UPDATE: denial of service via double-free in SPNEGO
    - debian/patches/CVE-2014-4343.patch: fix double-free in
      src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2014-4343
  * SECURITY UPDATE: denial of service via null deref in SPNEGO acceptor
    - debian/patches/CVE-2014-4344.patch: validate REMAIN in
      src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2014-4344
  * SECURITY UPDATE: denial of service and possible code execution in
    kadmind with LDAP backend
    - debian/patches/CVE-2014-4345.patch: fix off-by-one in
      src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
    - CVE-2014-4345
 -- Marc Deslauriers <email address hidden> Fri, 08 Aug 2014 14:58:49 -0400

CVE-2014-4341 MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to ...
CVE-2014-4342 MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows ...
CVE-2014-4343 double-free in SPNEGO initiators
CVE-2014-4344 NULL dereference in GSSAPI servers
CVE-2014-4345 buffer overrun in kadmind



About   -   Send Feedback to @ubuntu_updates