| Revision Date: | 2018-03-29 | Version: | 1 |
| Title: | Security update for krb5 (Moderate) |
| Description: |
This update for krb5 provides the following fixes:
Security issues fixed:
- CVE-2018-5730: DN container check bypass by supplying special crafted data (bsc#1083927). - CVE-2018-5729: Null pointer dereference in kadmind or DN container check bypass by supplying special crafted data (bsc#1083926).
Non-security issues fixed:
- Make it possible for legacy applications (e.g. SAP Netweaver) to remain compatible with newer Kerberos. System administrators who are experiencing this kind of compatibility issues may set the environment variable GSSAPI_ASSUME_MECH_MATCH to a non-empty value, and make sure the environment variable is visible and effective to the application startup script. (bsc#1057662) - Fix a GSS failure in legacy applications by not indicating deprecated GSS mechanisms in gss_indicate_mech() list. (bsc#1081725)
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1057662
1081725
1083926
1083927
CVE-2018-5729
CVE-2018-5730
SUSE-SU-2018:0846-1
|
| Platform(s): | SUSE Linux Enterprise Desktop 12 SP2
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information
krb5-1.12.5-40.23.2 is installed
OR krb5-32bit-1.12.5-40.23.2 is installed
OR krb5-client-1.12.5-40.23.2 is installed
|