Mandriva Linux Security Advisory : krb5 (MDVSA-2014:165)
High Nessus Plugin ID 77644
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated krb5 package fixes security vulnerabilities :
MIT Kerberos 5 allows attackers to cause a denial of service via a buffer over-read or NULL pointer dereference, by injecting invalid tokens into a GSSAPI application session (CVE-2014-4341, CVE-2014-4342).
MIT Kerberos 5 allows attackers to cause a denial of service via a double-free flaw or NULL pointer dereference, while processing invalid SPNEGO tokens (CVE-2014-4344).
In MIT Kerberos 5, when kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause it to perform an out-of-bounds write (buffer overflow) (CVE-2014-4345).
SolutionUpdate the affected packages.