Security update for krb5 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:2055-1 Final 1 1 2015-11-11T07:46:00Z current 2015-11-11T07:46:00Z 2015-11-11T07:46:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for krb5 The krb5 package was update to fix the following security issue: - CVE-2015-2698: Fixed a memory corruption regression introduced by resolution of CVE-2015-2698 (bsc#954204). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-11/msg00116.html E-Mail link for openSUSE-SU-2015:2055-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings krb5-1.11.3-3.24.1 krb5-32bit-1.11.3-3.24.1 krb5-client-1.11.3-3.24.1 krb5-devel-1.11.3-3.24.1 krb5-devel-32bit-1.11.3-3.24.1 krb5-doc-1.11.3-3.24.1 krb5-mini-1.11.3-3.24.1 krb5-mini-devel-1.11.3-3.24.1 krb5-plugin-kdb-ldap-1.11.3-3.24.1 krb5-plugin-preauth-pkinit-1.11.3-3.24.1 krb5-server-1.11.3-3.24.1 The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696. CVE-2015-2698 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00116.html https://www.suse.com/security/cve/CVE-2015-2698.html CVE-2015-2698 https://bugzilla.suse.com/770172 SUSE Bug 770172 https://bugzilla.suse.com/954204 SUSE Bug 954204