openSUSE Security Update : krb5 (openSUSE-2015-246)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

krb5 was updated to fix three security issues.

Remote authenticated users could cause denial of service.

On openSUSE 13.1 and 13.2 krb5 was updated to fix the following
vulnerabilities :

- bnc#910457: CVE-2014-5353: NULL pointer dereference when
using a ticket policy name as password name

- bnc#918595: CVE-2014-5355: krb5: denial of service in
krb5_read_message On openSUSE 13.1 krb5 was updated to
fix the following vulnerability :

- bnc#910458: CVE-2014-5354: NULL pointer dereference when
using keyless entries

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=910457
https://bugzilla.opensuse.org/show_bug.cgi?id=910458
https://bugzilla.opensuse.org/show_bug.cgi?id=918595

Solution :

Update the affected krb5 packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 81965 ()

Bugtraq ID:

CVE ID: CVE-2014-5353
CVE-2014-5354
CVE-2014-5355

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now