Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 574604 (CVE-2015-8629, CVE-2015-8631) - <app-crypt/mit-krb5-1.14.1: Multiple vulnerabilities (CVE-2015-{8629,8631})
Summary: <app-crypt/mit-krb5-1.14.1: Multiple vulnerabilities (CVE-2015-{8629,8631})
Status: RESOLVED FIXED
Alias: CVE-2015-8629, CVE-2015-8631
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://web.nvd.nist.gov/view/vuln/de...
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-02-13 07:45 UTC by Aaron Bauman (RETIRED)
Modified: 2016-06-18 11:06 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Aaron Bauman (RETIRED) gentoo-dev 2016-02-13 07:45:11 UTC
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.

CVE:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8631

Upstream Fix:
https://github.com/krb5/krb5/commit/83ed75feba32e46f736fcce0d96a0445f29b96c2
Comment 2 Eray Aslan gentoo-dev 2016-03-02 09:51:33 UTC
app-crypt/mit-krb5-1.14.1 is in the tree.

Arches please test and mark stable
=app-crypt/mit-krb5-1.14.1

Target Keywords = alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86
Comment 3 Agostino Sarubbo gentoo-dev 2016-03-02 14:23:22 UTC
amd64 stable
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2016-03-06 08:29:58 UTC
Stable for PPC64.
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2016-03-06 15:00:21 UTC
Stable for HPPA.
Comment 6 Markus Meier gentoo-dev 2016-03-12 11:22:00 UTC
arm stable
Comment 7 Agostino Sarubbo gentoo-dev 2016-03-15 16:43:00 UTC
x86 stable
Comment 8 Tobias Klausmann (RETIRED) gentoo-dev 2016-03-16 09:22:54 UTC
Stable on alpha.
Comment 9 Agostino Sarubbo gentoo-dev 2016-03-16 12:07:03 UTC
ppc stable
Comment 10 Agostino Sarubbo gentoo-dev 2016-03-19 11:39:17 UTC
sparc stable
Comment 11 Agostino Sarubbo gentoo-dev 2016-03-20 12:02:58 UTC
ia64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 12 Aaron Bauman (RETIRED) gentoo-dev 2016-06-01 11:25:58 UTC
GLSA Vote: No