Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 574604 (CVE-2015-8629, CVE-2015-8631) - <app-crypt/mit-krb5-1.14.1: Multiple vulnerabilities (CVE-2015-{8629,8631})
Summary: <app-crypt/mit-krb5-1.14.1: Multiple vulnerabilities (CVE-2015-{8629,8631})
Alias: CVE-2015-8629, CVE-2015-8631
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa]
Depends on:
Reported: 2016-02-13 07:45 UTC by Aaron Bauman
Modified: 2016-06-18 11:06 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-02-13 07:45:11 UTC
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.


Upstream Fix:
Comment 2 Eray Aslan gentoo-dev 2016-03-02 09:51:33 UTC
app-crypt/mit-krb5-1.14.1 is in the tree.

Arches please test and mark stable

Target Keywords = alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86
Comment 3 Agostino Sarubbo gentoo-dev 2016-03-02 14:23:22 UTC
amd64 stable
Comment 4 Jeroen Roovers gentoo-dev 2016-03-06 08:29:58 UTC
Stable for PPC64.
Comment 5 Jeroen Roovers gentoo-dev 2016-03-06 15:00:21 UTC
Stable for HPPA.
Comment 6 Markus Meier gentoo-dev 2016-03-12 11:22:00 UTC
arm stable
Comment 7 Agostino Sarubbo gentoo-dev 2016-03-15 16:43:00 UTC
x86 stable
Comment 8 Tobias Klausmann gentoo-dev 2016-03-16 09:22:54 UTC
Stable on alpha.
Comment 9 Agostino Sarubbo gentoo-dev 2016-03-16 12:07:03 UTC
ppc stable
Comment 10 Agostino Sarubbo gentoo-dev 2016-03-19 11:39:17 UTC
sparc stable
Comment 11 Agostino Sarubbo gentoo-dev 2016-03-20 12:02:58 UTC
ia64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 12 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-06-01 11:25:58 UTC
GLSA Vote: No