Synopsis:          Moderate: krb5 security update
Advisory ID:       SLSA-2016:0493-1
Issue Date:        2016-03-23
CVE Numbers:       CVE-2015-8629
                   CVE-2015-8631
--

A memory leak flaw was found in the krb5_unparse_name() function of the
MIT Kerberos kadmind service. An authenticated attacker could repeatedly
send specially crafted requests to the server, which could cause the
server to consume large amounts of memory resources, ultimately leading to
a denial of service due to memory exhaustion. (CVE-2015-8631)

An out-of-bounds read flaw was found in the kadmind service of MIT
Kerberos. An authenticated attacker could send a maliciously crafted
message to force kadmind to read beyond the end of allocated memory, and
write the memory contents to the KDC database if the attacker has write
permission, leading to information disclosure. (CVE-2015-8629)

After installing the updated packages, running Kerberos services (krb5kdc,
kadmin, and kprop) will be restarted automatically.
--

SL6
  x86_64
    krb5-debuginfo-1.10.3-42z1.el6_7.i686.rpm
    krb5-debuginfo-1.10.3-42z1.el6_7.x86_64.rpm
    krb5-libs-1.10.3-42z1.el6_7.i686.rpm
    krb5-libs-1.10.3-42z1.el6_7.x86_64.rpm
    krb5-pkinit-openssl-1.10.3-42z1.el6_7.x86_64.rpm
    krb5-workstation-1.10.3-42z1.el6_7.x86_64.rpm
    krb5-devel-1.10.3-42z1.el6_7.i686.rpm
    krb5-devel-1.10.3-42z1.el6_7.x86_64.rpm
    krb5-server-1.10.3-42z1.el6_7.x86_64.rpm
    krb5-server-ldap-1.10.3-42z1.el6_7.i686.rpm
    krb5-server-ldap-1.10.3-42z1.el6_7.x86_64.rpm
  i386
    krb5-debuginfo-1.10.3-42z1.el6_7.i686.rpm
    krb5-libs-1.10.3-42z1.el6_7.i686.rpm
    krb5-pkinit-openssl-1.10.3-42z1.el6_7.i686.rpm
    krb5-workstation-1.10.3-42z1.el6_7.i686.rpm
    krb5-devel-1.10.3-42z1.el6_7.i686.rpm
    krb5-server-1.10.3-42z1.el6_7.i686.rpm
    krb5-server-ldap-1.10.3-42z1.el6_7.i686.rpm

- Scientific Linux Development Team