| Description: | Kerberos is an authentication system which allows clients and services toauthenticate to each other with the help of a trusted third party, aKerberos Key Distribution Center (KDC).It was found that if a KDC served multiple realms, certain requests couldcause the setup_server_realm() function to dereference a NULL pointer.A remote, unauthenticated attacker could use this flaw to crash the KDCusing a specially crafted request. (CVE-2013-1418, CVE-2013-6800)A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGOacceptor for continuation tokens. A remote, unauthenticated attacker coulduse this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344)A buffer over-read flaw was found in the way MIT Kerberos handled certainrequests. A man-in-the-middle attacker with a valid Kerberos ticket who isable to inject packets into a client or server application's GSSAPI sessioncould use this flaw to crash the application. (CVE-2014-4341)This update also fixes the following bugs:* Prior to this update, the libkrb5 library occasionally attempted to freealready freed memory when encrypting credentials. As a consequence, thecalling process terminated unexpectedly with a segmentation fault.With this update, libkrb5 frees memory correctly, which allows thecredentials to be encrypted appropriately and thus prevents the mentionedcrash. (BZ#1004632)* Previously, when the krb5 client library was waiting for a response froma server, the timeout variable in certain cases became a negative number.Consequently, the client could enter a loop while checking for responses.With this update, the client logic has been modified and the describederror no longer occurs. (BZ#1089732)All krb5 users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. After installing theupdated packages, the krb5kdc daemon will be restarted automatically. |