Bugzilla – Bug 963975
VUL-0: CVE-2015-8631: krb5: Memory leak caused by supplying a null principal name in request
Last modified: 2016-05-25 15:36:39 UTC
https://github.com/krb5/krb5/commit/83ed75feba32e46f736fcce0d96a0445f29b96c2 In all versions of MIT krb5, an authenticated attacker can cause kadmind to leak memory by supplying a null principal name in a request which uses one. Repeating these requests will eventually cause kadmind to exhaust all available memory. References: https://bugzilla.redhat.com/show_bug.cgi?id=1302642 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8631 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8631
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2016-02-11. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62471
bugbot adjusting priority
This is an autogenerated message for OBS integration: This bug (963975) was mentioned in https://build.opensuse.org/request/show/357307 13.2 / krb5
openSUSE-SU-2016:0406-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 963964,963968,963975 CVE References: CVE-2015-8629,CVE-2015-8630,CVE-2015-8631 Sources used: openSUSE 13.2 (src): krb5-1.12.2-21.1, krb5-mini-1.12.2-21.1
SUSE-SU-2016:0429-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 963964,963968,963975 CVE References: CVE-2015-8629,CVE-2015-8630,CVE-2015-8631 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): krb5-1.12.1-25.1 SUSE Linux Enterprise Software Development Kit 12 (src): krb5-1.12.1-25.1 SUSE Linux Enterprise Server 12-SP1 (src): krb5-1.12.1-25.1 SUSE Linux Enterprise Server 12 (src): krb5-1.12.1-25.1 SUSE Linux Enterprise Desktop 12-SP1 (src): krb5-1.12.1-25.1 SUSE Linux Enterprise Desktop 12 (src): krb5-1.12.1-25.1
SUSE-SU-2016:0430-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 963968,963975 CVE References: CVE-2015-8629,CVE-2015-8631 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): krb5-1.6.3-133.49.106.1 SUSE Linux Enterprise Server 11-SP4 (src): krb5-1.6.3-133.49.106.1 SUSE Linux Enterprise Desktop 11-SP4 (src): krb5-1.6.3-133.49.106.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): krb5-1.6.3-133.49.106.1
openSUSE-SU-2016:0501-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 963964,963968,963975 CVE References: CVE-2015-8629,CVE-2015-8630,CVE-2015-8631 Sources used: openSUSE Leap 42.1 (src): krb5-1.12.1-27.1, krb5-mini-1.12.1-27.1
done