Synopsis:          Moderate: krb5 security update

Advisory ID:       SLSA-2016:0532-1

Issue Date:        2016-04-04

CVE Numbers:       CVE-2015-8629

                   CVE-2015-8631

                   CVE-2015-8630

--



Security Fix(es):



* A memory leak flaw was found in the krb5_unparse_name() function of the

MIT Kerberos kadmind service. An authenticated attacker could repeatedly

send specially crafted requests to the server, which could cause the

server to consume large amounts of memory resources, ultimately leading to

a denial of service due to memory exhaustion. (CVE-2015-8631)



* An out-of-bounds read flaw was found in the kadmind service of MIT

Kerberos. An authenticated attacker could send a maliciously crafted

message to force kadmind to read beyond the end of allocated memory, and

write the memory contents to the KDC database if the attacker has write

permission, leading to information disclosure. (CVE-2015-8629)



* A NULL pointer dereference flaw was found in the procedure used by the

MIT Kerberos kadmind service to store policies: the

kadm5_create_principal_3() and kadm5_modify_principal() function did not

ensure that a policy was given when KADM5_POLICY was set. An authenticated

attacker with permissions to modify the database could use this flaw to

add or modify a principal with a policy set to NULL, causing the kadmind

service to crash. (CVE-2015-8630)

--



SL7

  x86_64

    krb5-debuginfo-1.13.2-12.el7_2.i686.rpm

    krb5-debuginfo-1.13.2-12.el7_2.x86_64.rpm

    krb5-libs-1.13.2-12.el7_2.i686.rpm

    krb5-libs-1.13.2-12.el7_2.x86_64.rpm

    krb5-pkinit-1.13.2-12.el7_2.x86_64.rpm

    krb5-workstation-1.13.2-12.el7_2.x86_64.rpm

    krb5-devel-1.13.2-12.el7_2.i686.rpm

    krb5-devel-1.13.2-12.el7_2.x86_64.rpm

    krb5-server-1.13.2-12.el7_2.x86_64.rpm

    krb5-server-ldap-1.13.2-12.el7_2.x86_64.rpm



- Scientific Linux Development Team