Package krb5 updated to version 1.12-alt2 for branch sisyphus in task 118640.

Published: 2013-12-16

BDU:2015-09675

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (9.3)

References:

CVE-2002-2443
CVE-2012-1014
CVE-2012-1015
CVE-2013-1416
CVE-2013-1417
CVE-2013-1418
CVE-2013-6800
GLSA-201312-12

Published: 2013-11-20
Modified: 2024-11-21

CVE-2013-1417

do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.

Severity: LOW (3.5)

References:

openSUSE-SU-2013:1833
openSUSE-SU-2013:1833
http://web.mit.edu/kerberos/krb5-1.11/README-1.11.4.txt
http://web.mit.edu/kerberos/krb5-1.11/README-1.11.4.txt
https://bugzilla.redhat.com/show_bug.cgi?id=1030743
https://bugzilla.redhat.com/show_bug.cgi?id=1030743
https://github.com/krb5/krb5/commit/4c023ba43c16396f0d199e2df1cfa59b88b62acc
https://github.com/krb5/krb5/commit/4c023ba43c16396f0d199e2df1cfa59b88b62acc

Version: 2.1.0

Package krb5 update in sisyphus on 2014-04-24

ALT-PU-2014-1539-1

Closed vulnerabilities

BDU:2015-09675

CVE-2013-1417