From ${URL} : If anyone missed it, there are two NULL pointer dereference issues when kadmind is used with an LDAP back end for the KDC database. Both require authentication. CVE-2014-5353 https://github.com/krb5/krb5/commit/d1f707024f1d0af6e54a18885322d70fa15ec4d3 CVE-2014-5354 https://github.com/krb5/krb5/commit/04038bf3633c4b909b5ded3072dc88c8c419bf16 References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773226 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773228 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2014-5354 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5354): plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin "add_principal -nokey" or "purgekeys -all" command. CVE-2014-5353 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5353): The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.
There's an updated ebuild in bug #538842 that resolves these issues.
+*mit-krb5-1.13-r1 (05 Feb 2015) + + 05 Feb 2015; Eray Aslan <eras@gentoo.org> +files/2015-001-patch-r113.patch, + +files/mit-krb5-CVE-2014-5353.patch, +files/mit-krb5-CVE-2014-5354.patch, + +mit-krb5-1.13-r1.ebuild: + Security bump - bugs #533734 #538842 + Stabilization request filed at bug #538842
Maintainer(s), Thank you for you for cleanup. GLSA Vote: No Maintainer(s), please drop the vulnerable version(s).
Maintainer(s), Thank you for you for cleanup.
GLSA Vote: No
