Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2011-1528
Vulnerability from cvelistv5
Published
2011-10-20 21:00
Modified
2024-08-06 22:28
Severity ?
EPSS score ?
Summary
The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:28:41.827Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MDVSA-2011:159", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:159", }, { name: "MDVSA-2011:160", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:160", }, { name: "openSUSE-SU-2011:1169", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715579", }, { name: "VU#659251", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/659251", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt", }, { name: "RHSA-2011:1379", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1379.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-10-18T00:00:00", descriptions: [ { lang: "en", value: "The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2011-10-26T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "MDVSA-2011:159", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:159", }, { name: "MDVSA-2011:160", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:160", }, { name: "openSUSE-SU-2011:1169", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715579", }, { name: "VU#659251", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/659251", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt", }, { name: "RHSA-2011:1379", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1379.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2011-1528", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MDVSA-2011:159", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:159", }, { name: "MDVSA-2011:160", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:160", }, { name: "openSUSE-SU-2011:1169", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html", }, { name: "https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715579", refsource: "CONFIRM", url: "https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715579", }, { name: "VU#659251", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/659251", }, { name: "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt", refsource: "CONFIRM", url: "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt", }, { name: "RHSA-2011:1379", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2011-1379.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2011-1528", datePublished: "2011-10-20T21:00:00", dateReserved: "2011-03-29T00:00:00", dateUpdated: "2024-08-06T22:28:41.827Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2011-1528\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-10-20T21:55:00.920\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.\"},{\"lang\":\"es\",\"value\":\"La función krb5_ldap_lockout_audit en el Key Distribution Center (KDC) en MIT Kerberos 5 (también se conoce como krb5) versión 1.8 hasta 1.8.4 y versión 1.9 hasta 1.9.1, cuando se utiliza el back-end LDAP, permite a los atacantes remotos causar una denegación de servicio (fallo de aserción y salida de demonio) por medio de vectores no especificados, relacionados con la función locked_check_p. NOTA: El vector Berkeley DB está cubierto por CVE-2011-4151.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36823B2B-5C72-4FF3-9301-FB263EB8CE09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59AFA33E-FEBC-45F5-9EC6-8AA363163FB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04D83332-B2FD-4E86-A76C-C3F1CD3B3A31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"758A0011-20ED-414A-9DF3-50A161DF8BC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mit:kerberos_5:1.8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7768AED0-AE4C-4D4E-8D5D-5B618AB82966\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86738633-C081-4440-9F75-A775D6DF2228\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mit:kerberos_5:1.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7BCFFEE-EA7A-4F26-97AA-31128A179745\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/659251\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:159\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:160\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1379.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715579\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/659251\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:159\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:160\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1379.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715579\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
opensuse-su-2024:10004-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
krb5-1.15-1.1 on GA media
Notes
Title of the patch
krb5-1.15-1.1 on GA media
Description of the patch
These are all security issues fixed in the krb5-1.15-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10004
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "krb5-1.15-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the krb5-1.15-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-10004", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10004-1.json", }, { category: "self", summary: "SUSE CVE CVE-2002-2443 page", url: "https://www.suse.com/security/cve/CVE-2002-2443/", }, { category: "self", summary: "SUSE CVE CVE-2009-0844 page", url: "https://www.suse.com/security/cve/CVE-2009-0844/", }, { category: "self", summary: "SUSE CVE CVE-2009-0845 page", url: "https://www.suse.com/security/cve/CVE-2009-0845/", }, { category: "self", summary: "SUSE CVE CVE-2009-0846 page", url: "https://www.suse.com/security/cve/CVE-2009-0846/", }, { category: "self", summary: "SUSE CVE CVE-2009-0847 page", url: "https://www.suse.com/security/cve/CVE-2009-0847/", }, { category: "self", summary: "SUSE CVE CVE-2009-3295 page", url: "https://www.suse.com/security/cve/CVE-2009-3295/", }, { category: "self", summary: "SUSE CVE CVE-2009-4212 page", url: "https://www.suse.com/security/cve/CVE-2009-4212/", }, { category: "self", summary: "SUSE CVE CVE-2010-0283 page", url: "https://www.suse.com/security/cve/CVE-2010-0283/", }, { category: "self", summary: "SUSE CVE CVE-2010-0628 page", url: "https://www.suse.com/security/cve/CVE-2010-0628/", }, { category: "self", summary: "SUSE CVE CVE-2010-1320 page", url: "https://www.suse.com/security/cve/CVE-2010-1320/", }, { category: "self", summary: "SUSE CVE CVE-2010-1321 page", url: "https://www.suse.com/security/cve/CVE-2010-1321/", }, { category: "self", summary: "SUSE CVE CVE-2010-1322 page", url: "https://www.suse.com/security/cve/CVE-2010-1322/", }, { category: "self", summary: "SUSE CVE CVE-2010-1323 page", url: "https://www.suse.com/security/cve/CVE-2010-1323/", }, { category: "self", summary: "SUSE CVE CVE-2010-1324 page", url: "https://www.suse.com/security/cve/CVE-2010-1324/", }, { category: "self", summary: "SUSE CVE CVE-2010-4020 page", url: "https://www.suse.com/security/cve/CVE-2010-4020/", }, { category: "self", summary: "SUSE CVE CVE-2010-4021 page", url: "https://www.suse.com/security/cve/CVE-2010-4021/", }, { category: "self", summary: "SUSE CVE CVE-2010-4022 page", url: "https://www.suse.com/security/cve/CVE-2010-4022/", }, { category: "self", summary: "SUSE CVE CVE-2011-0281 page", url: "https://www.suse.com/security/cve/CVE-2011-0281/", }, { category: "self", summary: "SUSE CVE CVE-2011-0282 page", url: "https://www.suse.com/security/cve/CVE-2011-0282/", }, { category: "self", summary: "SUSE CVE CVE-2011-0284 page", url: "https://www.suse.com/security/cve/CVE-2011-0284/", }, { category: "self", summary: "SUSE CVE CVE-2011-0285 page", url: "https://www.suse.com/security/cve/CVE-2011-0285/", }, { category: "self", summary: "SUSE CVE CVE-2011-1527 page", url: "https://www.suse.com/security/cve/CVE-2011-1527/", }, { category: "self", summary: "SUSE CVE CVE-2011-1528 page", url: "https://www.suse.com/security/cve/CVE-2011-1528/", }, { category: "self", summary: "SUSE CVE CVE-2011-1529 page", url: "https://www.suse.com/security/cve/CVE-2011-1529/", }, { category: "self", summary: "SUSE CVE CVE-2011-1530 page", url: "https://www.suse.com/security/cve/CVE-2011-1530/", }, { category: "self", summary: "SUSE CVE CVE-2012-1012 page", url: "https://www.suse.com/security/cve/CVE-2012-1012/", }, { category: "self", summary: "SUSE CVE CVE-2012-1013 page", url: "https://www.suse.com/security/cve/CVE-2012-1013/", }, { category: "self", summary: "SUSE CVE CVE-2012-1016 page", url: "https://www.suse.com/security/cve/CVE-2012-1016/", }, { category: "self", summary: "SUSE CVE CVE-2013-1415 page", url: "https://www.suse.com/security/cve/CVE-2013-1415/", }, { category: "self", summary: "SUSE CVE CVE-2013-1417 page", url: "https://www.suse.com/security/cve/CVE-2013-1417/", }, { category: "self", summary: "SUSE CVE CVE-2013-1418 page", url: "https://www.suse.com/security/cve/CVE-2013-1418/", }, { category: "self", summary: "SUSE CVE CVE-2014-4341 page", url: "https://www.suse.com/security/cve/CVE-2014-4341/", }, { category: "self", summary: "SUSE CVE CVE-2014-4342 page", url: "https://www.suse.com/security/cve/CVE-2014-4342/", }, { category: "self", summary: "SUSE CVE CVE-2014-4343 page", url: "https://www.suse.com/security/cve/CVE-2014-4343/", }, { category: "self", summary: "SUSE CVE CVE-2014-4344 page", url: "https://www.suse.com/security/cve/CVE-2014-4344/", }, { category: "self", summary: "SUSE CVE CVE-2014-4345 page", url: "https://www.suse.com/security/cve/CVE-2014-4345/", }, { category: "self", summary: "SUSE CVE CVE-2014-5351 page", url: "https://www.suse.com/security/cve/CVE-2014-5351/", }, { category: "self", summary: "SUSE CVE CVE-2014-5352 page", url: "https://www.suse.com/security/cve/CVE-2014-5352/", }, { category: "self", summary: "SUSE CVE CVE-2014-5353 page", url: "https://www.suse.com/security/cve/CVE-2014-5353/", }, { category: "self", summary: "SUSE CVE CVE-2014-5354 page", url: "https://www.suse.com/security/cve/CVE-2014-5354/", }, { category: "self", summary: "SUSE CVE CVE-2014-5355 page", url: "https://www.suse.com/security/cve/CVE-2014-5355/", }, { category: "self", summary: "SUSE CVE CVE-2014-9421 page", url: "https://www.suse.com/security/cve/CVE-2014-9421/", }, { category: "self", summary: "SUSE CVE CVE-2014-9422 page", url: "https://www.suse.com/security/cve/CVE-2014-9422/", }, { category: "self", summary: "SUSE CVE CVE-2014-9423 page", url: "https://www.suse.com/security/cve/CVE-2014-9423/", }, { category: "self", summary: "SUSE CVE CVE-2015-2694 page", url: "https://www.suse.com/security/cve/CVE-2015-2694/", }, { category: "self", summary: "SUSE CVE CVE-2015-2695 page", url: "https://www.suse.com/security/cve/CVE-2015-2695/", }, { category: "self", summary: "SUSE CVE CVE-2015-2696 page", url: "https://www.suse.com/security/cve/CVE-2015-2696/", }, { category: "self", summary: "SUSE CVE CVE-2015-2697 page", url: "https://www.suse.com/security/cve/CVE-2015-2697/", }, { category: "self", summary: "SUSE CVE CVE-2015-2698 page", url: "https://www.suse.com/security/cve/CVE-2015-2698/", }, { category: "self", summary: "SUSE CVE CVE-2015-8629 page", url: "https://www.suse.com/security/cve/CVE-2015-8629/", }, { category: "self", summary: "SUSE CVE CVE-2015-8630 page", url: "https://www.suse.com/security/cve/CVE-2015-8630/", }, { category: "self", summary: "SUSE CVE CVE-2015-8631 page", url: "https://www.suse.com/security/cve/CVE-2015-8631/", }, { category: "self", summary: "SUSE CVE CVE-2016-3119 page", url: "https://www.suse.com/security/cve/CVE-2016-3119/", }, { category: "self", summary: "SUSE CVE CVE-2016-3120 page", url: "https://www.suse.com/security/cve/CVE-2016-3120/", }, ], title: "krb5-1.15-1.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:10004-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "krb5-1.15-1.1.aarch64", product: { name: "krb5-1.15-1.1.aarch64", product_id: "krb5-1.15-1.1.aarch64", }, }, { category: "product_version", name: "krb5-32bit-1.15-1.1.aarch64", product: { name: "krb5-32bit-1.15-1.1.aarch64", product_id: "krb5-32bit-1.15-1.1.aarch64", }, }, { category: "product_version", name: "krb5-client-1.15-1.1.aarch64", product: { name: "krb5-client-1.15-1.1.aarch64", product_id: "krb5-client-1.15-1.1.aarch64", }, }, { category: "product_version", name: "krb5-devel-1.15-1.1.aarch64", product: { name: "krb5-devel-1.15-1.1.aarch64", product_id: "krb5-devel-1.15-1.1.aarch64", }, }, { category: "product_version", name: "krb5-devel-32bit-1.15-1.1.aarch64", product: { name: "krb5-devel-32bit-1.15-1.1.aarch64", product_id: "krb5-devel-32bit-1.15-1.1.aarch64", }, }, { category: "product_version", name: "krb5-doc-1.15-1.1.aarch64", product: { name: "krb5-doc-1.15-1.1.aarch64", product_id: "krb5-doc-1.15-1.1.aarch64", }, }, { category: "product_version", name: "krb5-mini-1.15-1.1.aarch64", product: { name: "krb5-mini-1.15-1.1.aarch64", product_id: "krb5-mini-1.15-1.1.aarch64", }, }, { category: "product_version", name: "krb5-mini-devel-1.15-1.1.aarch64", product: { name: "krb5-mini-devel-1.15-1.1.aarch64", product_id: "krb5-mini-devel-1.15-1.1.aarch64", }, }, { category: "product_version", name: "krb5-plugin-kdb-ldap-1.15-1.1.aarch64", product: { name: "krb5-plugin-kdb-ldap-1.15-1.1.aarch64", product_id: "krb5-plugin-kdb-ldap-1.15-1.1.aarch64", }, }, { category: "product_version", name: "krb5-plugin-preauth-otp-1.15-1.1.aarch64", product: { name: "krb5-plugin-preauth-otp-1.15-1.1.aarch64", product_id: "krb5-plugin-preauth-otp-1.15-1.1.aarch64", }, }, { category: "product_version", name: "krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", product: { name: "krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", product_id: "krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", }, }, { category: "product_version", name: "krb5-server-1.15-1.1.aarch64", product: { name: "krb5-server-1.15-1.1.aarch64", product_id: "krb5-server-1.15-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "krb5-1.15-1.1.ppc64le", product: { name: "krb5-1.15-1.1.ppc64le", product_id: "krb5-1.15-1.1.ppc64le", }, }, { category: "product_version", name: "krb5-32bit-1.15-1.1.ppc64le", product: { name: "krb5-32bit-1.15-1.1.ppc64le", product_id: "krb5-32bit-1.15-1.1.ppc64le", }, }, { category: "product_version", name: "krb5-client-1.15-1.1.ppc64le", product: { name: "krb5-client-1.15-1.1.ppc64le", product_id: "krb5-client-1.15-1.1.ppc64le", }, }, { category: "product_version", name: "krb5-devel-1.15-1.1.ppc64le", product: { name: "krb5-devel-1.15-1.1.ppc64le", product_id: "krb5-devel-1.15-1.1.ppc64le", }, }, { category: "product_version", name: "krb5-devel-32bit-1.15-1.1.ppc64le", product: { name: "krb5-devel-32bit-1.15-1.1.ppc64le", product_id: "krb5-devel-32bit-1.15-1.1.ppc64le", }, }, { category: "product_version", name: "krb5-doc-1.15-1.1.ppc64le", product: { name: "krb5-doc-1.15-1.1.ppc64le", product_id: "krb5-doc-1.15-1.1.ppc64le", }, }, { category: "product_version", name: "krb5-mini-1.15-1.1.ppc64le", product: { name: "krb5-mini-1.15-1.1.ppc64le", product_id: "krb5-mini-1.15-1.1.ppc64le", }, }, { category: "product_version", name: "krb5-mini-devel-1.15-1.1.ppc64le", product: { name: "krb5-mini-devel-1.15-1.1.ppc64le", product_id: "krb5-mini-devel-1.15-1.1.ppc64le", }, }, { category: "product_version", name: "krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", product: { name: "krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", product_id: "krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", }, }, { category: "product_version", name: "krb5-plugin-preauth-otp-1.15-1.1.ppc64le", product: { name: "krb5-plugin-preauth-otp-1.15-1.1.ppc64le", product_id: "krb5-plugin-preauth-otp-1.15-1.1.ppc64le", }, }, { category: "product_version", name: "krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", product: { name: "krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", product_id: "krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", }, }, { category: "product_version", name: "krb5-server-1.15-1.1.ppc64le", product: { name: "krb5-server-1.15-1.1.ppc64le", product_id: "krb5-server-1.15-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "krb5-1.15-1.1.s390x", product: { name: "krb5-1.15-1.1.s390x", product_id: "krb5-1.15-1.1.s390x", }, }, { category: "product_version", name: "krb5-32bit-1.15-1.1.s390x", product: { name: "krb5-32bit-1.15-1.1.s390x", product_id: "krb5-32bit-1.15-1.1.s390x", }, }, { category: "product_version", name: "krb5-client-1.15-1.1.s390x", product: { name: "krb5-client-1.15-1.1.s390x", product_id: "krb5-client-1.15-1.1.s390x", }, }, { category: "product_version", name: "krb5-devel-1.15-1.1.s390x", product: { name: "krb5-devel-1.15-1.1.s390x", product_id: "krb5-devel-1.15-1.1.s390x", }, }, { category: "product_version", name: "krb5-devel-32bit-1.15-1.1.s390x", product: { name: "krb5-devel-32bit-1.15-1.1.s390x", product_id: "krb5-devel-32bit-1.15-1.1.s390x", }, }, { category: "product_version", name: "krb5-doc-1.15-1.1.s390x", product: { name: "krb5-doc-1.15-1.1.s390x", product_id: "krb5-doc-1.15-1.1.s390x", }, }, { category: "product_version", name: "krb5-mini-1.15-1.1.s390x", product: { name: "krb5-mini-1.15-1.1.s390x", product_id: "krb5-mini-1.15-1.1.s390x", }, }, { category: "product_version", name: "krb5-mini-devel-1.15-1.1.s390x", product: { name: "krb5-mini-devel-1.15-1.1.s390x", product_id: "krb5-mini-devel-1.15-1.1.s390x", }, }, { category: "product_version", name: "krb5-plugin-kdb-ldap-1.15-1.1.s390x", product: { name: "krb5-plugin-kdb-ldap-1.15-1.1.s390x", product_id: "krb5-plugin-kdb-ldap-1.15-1.1.s390x", }, }, { category: "product_version", name: "krb5-plugin-preauth-otp-1.15-1.1.s390x", product: { name: "krb5-plugin-preauth-otp-1.15-1.1.s390x", product_id: "krb5-plugin-preauth-otp-1.15-1.1.s390x", }, }, { category: "product_version", name: "krb5-plugin-preauth-pkinit-1.15-1.1.s390x", product: { name: "krb5-plugin-preauth-pkinit-1.15-1.1.s390x", product_id: "krb5-plugin-preauth-pkinit-1.15-1.1.s390x", }, }, { category: "product_version", name: "krb5-server-1.15-1.1.s390x", product: { name: "krb5-server-1.15-1.1.s390x", product_id: "krb5-server-1.15-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "krb5-1.15-1.1.x86_64", product: { name: "krb5-1.15-1.1.x86_64", product_id: "krb5-1.15-1.1.x86_64", }, }, { category: "product_version", name: "krb5-32bit-1.15-1.1.x86_64", product: { name: "krb5-32bit-1.15-1.1.x86_64", product_id: "krb5-32bit-1.15-1.1.x86_64", }, }, { category: "product_version", name: "krb5-client-1.15-1.1.x86_64", product: { name: "krb5-client-1.15-1.1.x86_64", product_id: "krb5-client-1.15-1.1.x86_64", }, }, { category: "product_version", name: "krb5-devel-1.15-1.1.x86_64", product: { name: "krb5-devel-1.15-1.1.x86_64", product_id: "krb5-devel-1.15-1.1.x86_64", }, }, { category: "product_version", name: "krb5-devel-32bit-1.15-1.1.x86_64", product: { name: "krb5-devel-32bit-1.15-1.1.x86_64", product_id: "krb5-devel-32bit-1.15-1.1.x86_64", }, }, { category: "product_version", name: "krb5-doc-1.15-1.1.x86_64", product: { name: "krb5-doc-1.15-1.1.x86_64", product_id: "krb5-doc-1.15-1.1.x86_64", }, }, { category: "product_version", name: "krb5-mini-1.15-1.1.x86_64", product: { name: "krb5-mini-1.15-1.1.x86_64", product_id: "krb5-mini-1.15-1.1.x86_64", }, }, { category: "product_version", name: "krb5-mini-devel-1.15-1.1.x86_64", product: { name: "krb5-mini-devel-1.15-1.1.x86_64", product_id: "krb5-mini-devel-1.15-1.1.x86_64", }, }, { category: "product_version", name: "krb5-plugin-kdb-ldap-1.15-1.1.x86_64", product: { name: "krb5-plugin-kdb-ldap-1.15-1.1.x86_64", product_id: "krb5-plugin-kdb-ldap-1.15-1.1.x86_64", }, }, { category: "product_version", name: "krb5-plugin-preauth-otp-1.15-1.1.x86_64", product: { name: "krb5-plugin-preauth-otp-1.15-1.1.x86_64", product_id: "krb5-plugin-preauth-otp-1.15-1.1.x86_64", }, }, { category: "product_version", name: "krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", product: { name: "krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", product_id: "krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", }, }, { category: "product_version", name: "krb5-server-1.15-1.1.x86_64", product: { name: "krb5-server-1.15-1.1.x86_64", product_id: "krb5-server-1.15-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "krb5-1.15-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", }, product_reference: "krb5-1.15-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-1.15-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", }, product_reference: "krb5-1.15-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-1.15-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", }, product_reference: "krb5-1.15-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-1.15-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", }, product_reference: "krb5-1.15-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-32bit-1.15-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", }, product_reference: "krb5-32bit-1.15-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-32bit-1.15-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", }, product_reference: "krb5-32bit-1.15-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-32bit-1.15-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", }, product_reference: "krb5-32bit-1.15-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-32bit-1.15-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", }, product_reference: "krb5-32bit-1.15-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-client-1.15-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", }, product_reference: "krb5-client-1.15-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-client-1.15-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", }, product_reference: "krb5-client-1.15-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-client-1.15-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", }, product_reference: "krb5-client-1.15-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-client-1.15-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", }, product_reference: "krb5-client-1.15-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-1.15-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", }, product_reference: "krb5-devel-1.15-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-1.15-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", }, product_reference: "krb5-devel-1.15-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-1.15-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", }, product_reference: "krb5-devel-1.15-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-1.15-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", }, product_reference: "krb5-devel-1.15-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-32bit-1.15-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", }, product_reference: "krb5-devel-32bit-1.15-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-32bit-1.15-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", }, product_reference: "krb5-devel-32bit-1.15-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-32bit-1.15-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", }, product_reference: "krb5-devel-32bit-1.15-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-32bit-1.15-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", }, product_reference: "krb5-devel-32bit-1.15-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-doc-1.15-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", }, product_reference: "krb5-doc-1.15-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-doc-1.15-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", }, product_reference: "krb5-doc-1.15-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-doc-1.15-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", }, product_reference: "krb5-doc-1.15-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-doc-1.15-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", }, product_reference: "krb5-doc-1.15-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-mini-1.15-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", }, product_reference: "krb5-mini-1.15-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-mini-1.15-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", }, product_reference: "krb5-mini-1.15-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-mini-1.15-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", }, product_reference: "krb5-mini-1.15-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-mini-1.15-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", }, product_reference: "krb5-mini-1.15-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-mini-devel-1.15-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", }, product_reference: "krb5-mini-devel-1.15-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-mini-devel-1.15-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", }, product_reference: "krb5-mini-devel-1.15-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-mini-devel-1.15-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", }, product_reference: "krb5-mini-devel-1.15-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-mini-devel-1.15-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", }, product_reference: "krb5-mini-devel-1.15-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-kdb-ldap-1.15-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", }, product_reference: "krb5-plugin-kdb-ldap-1.15-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-kdb-ldap-1.15-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", }, product_reference: "krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-kdb-ldap-1.15-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", }, product_reference: "krb5-plugin-kdb-ldap-1.15-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-kdb-ldap-1.15-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", }, product_reference: "krb5-plugin-kdb-ldap-1.15-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-otp-1.15-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", }, product_reference: "krb5-plugin-preauth-otp-1.15-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-otp-1.15-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", }, product_reference: "krb5-plugin-preauth-otp-1.15-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-otp-1.15-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", }, product_reference: "krb5-plugin-preauth-otp-1.15-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-otp-1.15-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", }, product_reference: "krb5-plugin-preauth-otp-1.15-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-pkinit-1.15-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", }, product_reference: "krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", }, product_reference: "krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-pkinit-1.15-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", }, product_reference: "krb5-plugin-preauth-pkinit-1.15-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-pkinit-1.15-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", }, product_reference: "krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-server-1.15-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", }, product_reference: "krb5-server-1.15-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-server-1.15-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", }, product_reference: "krb5-server-1.15-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-server-1.15-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", }, product_reference: "krb5-server-1.15-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-server-1.15-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", }, product_reference: "krb5-server-1.15-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2002-2443", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2002-2443", }, ], notes: [ { category: "general", text: "schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2002-2443", url: "https://www.suse.com/security/cve/CVE-2002-2443", }, { category: "external", summary: "SUSE Bug 825985 for CVE-2002-2443", url: "https://bugzilla.suse.com/825985", }, { category: "external", summary: "SUSE Bug 871411 for CVE-2002-2443", url: "https://bugzilla.suse.com/871411", }, { category: "external", summary: "SUSE Bug 887734 for CVE-2002-2443", url: "https://bugzilla.suse.com/887734", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2002-2443", }, { cve: "CVE-2009-0844", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-0844", }, ], notes: [ { category: "general", text: "The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-0844", url: "https://www.suse.com/security/cve/CVE-2009-0844", }, { category: "external", summary: "SUSE Bug 486722 for CVE-2009-0844", url: "https://bugzilla.suse.com/486722", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2009-0844", }, { cve: "CVE-2009-0845", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-0845", }, ], notes: [ { category: "general", text: "The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-0845", url: "https://www.suse.com/security/cve/CVE-2009-0845", }, { category: "external", summary: "SUSE Bug 485894 for CVE-2009-0845", url: "https://bugzilla.suse.com/485894", }, { category: "external", summary: "SUSE Bug 486722 for CVE-2009-0845", url: "https://bugzilla.suse.com/486722", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2009-0845", }, { cve: "CVE-2009-0846", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-0846", }, ], notes: [ { category: "general", text: "The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-0846", url: "https://www.suse.com/security/cve/CVE-2009-0846", }, { category: "external", summary: "SUSE Bug 486723 for CVE-2009-0846", url: "https://bugzilla.suse.com/486723", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2009-0846", }, { cve: "CVE-2009-0847", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-0847", }, ], notes: [ { category: "general", text: "The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-0847", url: "https://www.suse.com/security/cve/CVE-2009-0847", }, { category: "external", summary: "SUSE Bug 486722 for CVE-2009-0847", url: "https://bugzilla.suse.com/486722", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2009-0847", }, { cve: "CVE-2009-3295", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-3295", }, ], notes: [ { category: "general", text: "The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-3295", url: "https://www.suse.com/security/cve/CVE-2009-3295", }, { category: "external", summary: "SUSE Bug 561347 for CVE-2009-3295", url: "https://bugzilla.suse.com/561347", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2009-3295", }, { cve: "CVE-2009-4212", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-4212", }, ], notes: [ { category: "general", text: "Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-4212", url: "https://www.suse.com/security/cve/CVE-2009-4212", }, { category: "external", summary: "SUSE Bug 561351 for CVE-2009-4212", url: "https://bugzilla.suse.com/561351", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2009-4212", }, { cve: "CVE-2010-0283", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-0283", }, ], notes: [ { category: "general", text: "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-0283", url: "https://www.suse.com/security/cve/CVE-2010-0283", }, { category: "external", summary: "SUSE Bug 571781 for CVE-2010-0283", url: "https://bugzilla.suse.com/571781", }, { category: "external", summary: "SUSE Bug 576524 for CVE-2010-0283", url: "https://bugzilla.suse.com/576524", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2010-0283", }, { cve: "CVE-2010-0628", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-0628", }, ], notes: [ { category: "general", text: "The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-0628", url: "https://www.suse.com/security/cve/CVE-2010-0628", }, { category: "external", summary: "SUSE Bug 582557 for CVE-2010-0628", url: "https://bugzilla.suse.com/582557", }, { category: "external", summary: "SUSE Bug 586981 for CVE-2010-0628", url: "https://bugzilla.suse.com/586981", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2010-0628", }, { cve: "CVE-2010-1320", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-1320", }, ], notes: [ { category: "general", text: "Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-1320", url: "https://www.suse.com/security/cve/CVE-2010-1320", }, { category: "external", summary: "SUSE Bug 596002 for CVE-2010-1320", url: "https://bugzilla.suse.com/596002", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2010-1320", }, { cve: "CVE-2010-1321", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-1321", }, ], notes: [ { category: "general", text: "The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-1321", url: "https://www.suse.com/security/cve/CVE-2010-1321", }, { category: "external", summary: "SUSE Bug 596826 for CVE-2010-1321", url: "https://bugzilla.suse.com/596826", }, { category: "external", summary: "SUSE Bug 611090 for CVE-2010-1321", url: "https://bugzilla.suse.com/611090", }, { category: "external", summary: "SUSE Bug 646073 for CVE-2010-1321", url: "https://bugzilla.suse.com/646073", }, { category: "external", summary: "SUSE Bug 648950 for CVE-2010-1321", url: "https://bugzilla.suse.com/648950", }, { category: "external", summary: "SUSE Bug 658525 for CVE-2010-1321", url: "https://bugzilla.suse.com/658525", }, { category: "external", summary: "SUSE Bug 659926 for CVE-2010-1321", url: "https://bugzilla.suse.com/659926", }, { category: "external", summary: "SUSE Bug 663953 for CVE-2010-1321", url: "https://bugzilla.suse.com/663953", }, { category: "external", summary: "SUSE Bug 679560 for CVE-2010-1321", url: "https://bugzilla.suse.com/679560", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2010-1321", }, { cve: "CVE-2010-1322", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-1322", }, ], notes: [ { category: "general", text: "The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-1322", url: "https://www.suse.com/security/cve/CVE-2010-1322", }, { category: "external", summary: "SUSE Bug 640990 for CVE-2010-1322", url: "https://bugzilla.suse.com/640990", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2010-1322", }, { cve: "CVE-2010-1323", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-1323", }, ], notes: [ { category: "general", text: "MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-1323", url: "https://www.suse.com/security/cve/CVE-2010-1323", }, { category: "external", summary: "SUSE Bug 650650 for CVE-2010-1323", url: "https://bugzilla.suse.com/650650", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2010-1323", }, { cve: "CVE-2010-1324", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-1324", }, ], notes: [ { category: "general", text: "MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-1324", url: "https://www.suse.com/security/cve/CVE-2010-1324", }, { category: "external", summary: "SUSE Bug 650650 for CVE-2010-1324", url: "https://bugzilla.suse.com/650650", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2010-1324", }, { cve: "CVE-2010-4020", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-4020", }, ], notes: [ { category: "general", text: "MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-4020", url: "https://www.suse.com/security/cve/CVE-2010-4020", }, { category: "external", summary: "SUSE Bug 650650 for CVE-2010-4020", url: "https://bugzilla.suse.com/650650", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2010-4020", }, { cve: "CVE-2010-4021", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-4021", }, ], notes: [ { category: "general", text: "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a \"KrbFastReq forgery issue.\"", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-4021", url: "https://www.suse.com/security/cve/CVE-2010-4021", }, { category: "external", summary: "SUSE Bug 650650 for CVE-2010-4021", url: "https://bugzilla.suse.com/650650", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2010-4021", }, { cve: "CVE-2010-4022", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-4022", }, ], notes: [ { category: "general", text: "The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process \"exits abnormally,\" which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-4022", url: "https://www.suse.com/security/cve/CVE-2010-4022", }, { category: "external", summary: "SUSE Bug 662665 for CVE-2010-4022", url: "https://bugzilla.suse.com/662665", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2010-4022", }, { cve: "CVE-2011-0281", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2011-0281", }, ], notes: [ { category: "general", text: "The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \\n sequence.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2011-0281", url: "https://www.suse.com/security/cve/CVE-2011-0281", }, { category: "external", summary: "SUSE Bug 663619 for CVE-2011-0281", url: "https://bugzilla.suse.com/663619", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2011-0281", }, { cve: "CVE-2011-0282", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2011-0282", }, ], notes: [ { category: "general", text: "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2011-0282", url: "https://www.suse.com/security/cve/CVE-2011-0282", }, { category: "external", summary: "SUSE Bug 663619 for CVE-2011-0282", url: "https://bugzilla.suse.com/663619", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2011-0282", }, { cve: "CVE-2011-0284", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2011-0284", }, ], notes: [ { category: "general", text: "Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2011-0284", url: "https://www.suse.com/security/cve/CVE-2011-0284", }, { category: "external", summary: "SUSE Bug 671717 for CVE-2011-0284", url: "https://bugzilla.suse.com/671717", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2011-0284", }, { cve: "CVE-2011-0285", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2011-0285", }, ], notes: [ { category: "general", text: "The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2011-0285", url: "https://www.suse.com/security/cve/CVE-2011-0285", }, { category: "external", summary: "SUSE Bug 687469 for CVE-2011-0285", url: "https://bugzilla.suse.com/687469", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2011-0285", }, { cve: "CVE-2011-1527", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2011-1527", }, ], notes: [ { category: "general", text: "The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2011-1527", url: "https://www.suse.com/security/cve/CVE-2011-1527", }, { category: "external", summary: "SUSE Bug 719393 for CVE-2011-1527", url: "https://bugzilla.suse.com/719393", }, { category: "external", summary: "SUSE Bug 743742 for CVE-2011-1527", url: "https://bugzilla.suse.com/743742", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2011-1527", }, { cve: "CVE-2011-1528", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2011-1528", }, ], notes: [ { category: "general", text: "The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2011-1528", url: "https://www.suse.com/security/cve/CVE-2011-1528", }, { category: "external", summary: "SUSE Bug 719393 for CVE-2011-1528", url: "https://bugzilla.suse.com/719393", }, { category: "external", summary: "SUSE Bug 743742 for CVE-2011-1528", url: "https://bugzilla.suse.com/743742", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2011-1528", }, { cve: "CVE-2011-1529", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2011-1529", }, ], notes: [ { category: "general", text: "The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2011-1529", url: "https://www.suse.com/security/cve/CVE-2011-1529", }, { category: "external", summary: "SUSE Bug 719393 for CVE-2011-1529", url: "https://bugzilla.suse.com/719393", }, { category: "external", summary: "SUSE Bug 743742 for CVE-2011-1529", url: "https://bugzilla.suse.com/743742", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2011-1529", }, { cve: "CVE-2011-1530", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2011-1530", }, ], notes: [ { category: "general", text: "The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2011-1530", url: "https://www.suse.com/security/cve/CVE-2011-1530", }, { category: "external", summary: "SUSE Bug 730393 for CVE-2011-1530", url: "https://bugzilla.suse.com/730393", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2011-1530", }, { cve: "CVE-2012-1012", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-1012", }, ], notes: [ { category: "general", text: "server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-1012", url: "https://www.suse.com/security/cve/CVE-2012-1012", }, { category: "external", summary: "SUSE Bug 766109 for CVE-2012-1012", url: "https://bugzilla.suse.com/766109", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2012-1012", }, { cve: "CVE-2012-1013", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-1013", }, ], notes: [ { category: "general", text: "The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-1013", url: "https://www.suse.com/security/cve/CVE-2012-1013", }, { category: "external", summary: "SUSE Bug 765485 for CVE-2012-1013", url: "https://bugzilla.suse.com/765485", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2012-1013", }, { cve: "CVE-2012-1016", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-1016", }, ], notes: [ { category: "general", text: "The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-1016", url: "https://www.suse.com/security/cve/CVE-2012-1016", }, { category: "external", summary: "SUSE Bug 807556 for CVE-2012-1016", url: "https://bugzilla.suse.com/807556", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2012-1016", }, { cve: "CVE-2013-1415", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-1415", }, ], notes: [ { category: "general", text: "The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-1415", url: "https://www.suse.com/security/cve/CVE-2013-1415", }, { category: "external", summary: "SUSE Bug 806715 for CVE-2013-1415", url: "https://bugzilla.suse.com/806715", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2013-1415", }, { cve: "CVE-2013-1417", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-1417", }, ], notes: [ { category: "general", text: "do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-1417", url: "https://www.suse.com/security/cve/CVE-2013-1417", }, { category: "external", summary: "SUSE Bug 850660 for CVE-2013-1417", url: "https://bugzilla.suse.com/850660", }, { category: "external", summary: "SUSE Bug 879587 for CVE-2013-1417", url: "https://bugzilla.suse.com/879587", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2013-1417", }, { cve: "CVE-2013-1418", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-1418", }, ], notes: [ { category: "general", text: "The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-1418", url: "https://www.suse.com/security/cve/CVE-2013-1418", }, { category: "external", summary: "SUSE Bug 849240 for CVE-2013-1418", url: "https://bugzilla.suse.com/849240", }, { category: "external", summary: "SUSE Bug 866059 for CVE-2013-1418", url: "https://bugzilla.suse.com/866059", }, { category: "external", summary: "SUSE Bug 879587 for CVE-2013-1418", url: "https://bugzilla.suse.com/879587", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2013-1418", }, { cve: "CVE-2014-4341", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-4341", }, ], notes: [ { category: "general", text: "MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-4341", url: "https://www.suse.com/security/cve/CVE-2014-4341", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2014-4341", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 886016 for CVE-2014-4341", url: "https://bugzilla.suse.com/886016", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-4341", }, { cve: "CVE-2014-4342", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-4342", }, ], notes: [ { category: "general", text: "MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-4342", url: "https://www.suse.com/security/cve/CVE-2014-4342", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2014-4342", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 886016 for CVE-2014-4342", url: "https://bugzilla.suse.com/886016", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-4342", }, { cve: "CVE-2014-4343", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-4343", }, ], notes: [ { category: "general", text: "Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-4343", url: "https://www.suse.com/security/cve/CVE-2014-4343", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2014-4343", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 888697 for CVE-2014-4343", url: "https://bugzilla.suse.com/888697", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2014-4343", }, { cve: "CVE-2014-4344", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-4344", }, ], notes: [ { category: "general", text: "The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-4344", url: "https://www.suse.com/security/cve/CVE-2014-4344", }, { category: "external", summary: "SUSE Bug 888697 for CVE-2014-4344", url: "https://bugzilla.suse.com/888697", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2014-4344", }, { cve: "CVE-2014-4345", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-4345", }, ], notes: [ { category: "general", text: "Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of \"cpw -keepold\" commands.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-4345", url: "https://www.suse.com/security/cve/CVE-2014-4345", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2014-4345", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 891082 for CVE-2014-4345", url: "https://bugzilla.suse.com/891082", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-4345", }, { cve: "CVE-2014-5351", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-5351", }, ], notes: [ { category: "general", text: "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-5351", url: "https://www.suse.com/security/cve/CVE-2014-5351", }, { category: "external", summary: "SUSE Bug 897874 for CVE-2014-5351", url: "https://bugzilla.suse.com/897874", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-5351", }, { cve: "CVE-2014-5352", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-5352", }, ], notes: [ { category: "general", text: "The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-5352", url: "https://www.suse.com/security/cve/CVE-2014-5352", }, { category: "external", summary: "SUSE Bug 1005509 for CVE-2014-5352", url: "https://bugzilla.suse.com/1005509", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2014-5352", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 912002 for CVE-2014-5352", url: "https://bugzilla.suse.com/912002", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-5352", }, { cve: "CVE-2014-5353", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-5353", }, ], notes: [ { category: "general", text: "The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-5353", url: "https://www.suse.com/security/cve/CVE-2014-5353", }, { category: "external", summary: "SUSE Bug 910457 for CVE-2014-5353", url: "https://bugzilla.suse.com/910457", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2014-5353", }, { cve: "CVE-2014-5354", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-5354", }, ], notes: [ { category: "general", text: "plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin \"add_principal -nokey\" or \"purgekeys -all\" command.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-5354", url: "https://www.suse.com/security/cve/CVE-2014-5354", }, { category: "external", summary: "SUSE Bug 910458 for CVE-2014-5354", url: "https://bugzilla.suse.com/910458", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2014-5354", }, { cve: "CVE-2014-5355", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-5355", }, ], notes: [ { category: "general", text: "MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-5355", url: "https://www.suse.com/security/cve/CVE-2014-5355", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2014-5355", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 918595 for CVE-2014-5355", url: "https://bugzilla.suse.com/918595", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-5355", }, { cve: "CVE-2014-9421", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-9421", }, ], notes: [ { category: "general", text: "The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-9421", url: "https://www.suse.com/security/cve/CVE-2014-9421", }, { category: "external", summary: "SUSE Bug 1005509 for CVE-2014-9421", url: "https://bugzilla.suse.com/1005509", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2014-9421", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 912002 for CVE-2014-9421", url: "https://bugzilla.suse.com/912002", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-9421", }, { cve: "CVE-2014-9422", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-9422", }, ], notes: [ { category: "general", text: "The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial \"kadmind\" substring, as demonstrated by a \"ka/x\" principal.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-9422", url: "https://www.suse.com/security/cve/CVE-2014-9422", }, { category: "external", summary: "SUSE Bug 1005509 for CVE-2014-9422", url: "https://bugzilla.suse.com/1005509", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2014-9422", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 912002 for CVE-2014-9422", url: "https://bugzilla.suse.com/912002", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-9422", }, { cve: "CVE-2014-9423", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-9423", }, ], notes: [ { category: "general", text: "The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-9423", url: "https://www.suse.com/security/cve/CVE-2014-9423", }, { category: "external", summary: "SUSE Bug 1005509 for CVE-2014-9423", url: "https://bugzilla.suse.com/1005509", }, { category: "external", summary: "SUSE Bug 912002 for CVE-2014-9423", url: "https://bugzilla.suse.com/912002", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-9423", }, { cve: "CVE-2015-2694", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-2694", }, ], notes: [ { category: "general", text: "The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-2694", url: "https://www.suse.com/security/cve/CVE-2015-2694", }, { category: "external", summary: "SUSE Bug 928978 for CVE-2015-2694", url: "https://bugzilla.suse.com/928978", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-2694", }, { cve: "CVE-2015-2695", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-2695", }, ], notes: [ { category: "general", text: "lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-2695", url: "https://www.suse.com/security/cve/CVE-2015-2695", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2015-2695", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 952188 for CVE-2015-2695", url: "https://bugzilla.suse.com/952188", }, { category: "external", summary: "SUSE Bug 969771 for CVE-2015-2695", url: "https://bugzilla.suse.com/969771", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-2695", }, { cve: "CVE-2015-2696", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-2696", }, ], notes: [ { category: "general", text: "lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-2696", url: "https://www.suse.com/security/cve/CVE-2015-2696", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2015-2696", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 952189 for CVE-2015-2696", url: "https://bugzilla.suse.com/952189", }, { category: "external", summary: "SUSE Bug 954204 for CVE-2015-2696", url: "https://bugzilla.suse.com/954204", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-2696", }, { cve: "CVE-2015-2697", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-2697", }, ], notes: [ { category: "general", text: "The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\\0' character in a long realm field within a TGS request.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-2697", url: "https://www.suse.com/security/cve/CVE-2015-2697", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2015-2697", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 952190 for CVE-2015-2697", url: "https://bugzilla.suse.com/952190", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-2697", }, { cve: "CVE-2015-2698", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-2698", }, ], notes: [ { category: "general", text: "The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-2698", url: "https://www.suse.com/security/cve/CVE-2015-2698", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2015-2698", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 954204 for CVE-2015-2698", url: "https://bugzilla.suse.com/954204", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-2698", }, { cve: "CVE-2015-8629", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8629", }, ], notes: [ { category: "general", text: "The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8629", url: "https://www.suse.com/security/cve/CVE-2015-8629", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2015-8629", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 963968 for CVE-2015-8629", url: "https://bugzilla.suse.com/963968", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-8629", }, { cve: "CVE-2015-8630", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8630", }, ], notes: [ { category: "general", text: "The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8630", url: "https://www.suse.com/security/cve/CVE-2015-8630", }, { category: "external", summary: "SUSE Bug 963964 for CVE-2015-8630", url: "https://bugzilla.suse.com/963964", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-8630", }, { cve: "CVE-2015-8631", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8631", }, ], notes: [ { category: "general", text: "Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8631", url: "https://www.suse.com/security/cve/CVE-2015-8631", }, { category: "external", summary: "SUSE Bug 963975 for CVE-2015-8631", url: "https://bugzilla.suse.com/963975", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8631", }, { cve: "CVE-2016-3119", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-3119", }, ], notes: [ { category: "general", text: "The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-3119", url: "https://www.suse.com/security/cve/CVE-2016-3119", }, { category: "external", summary: "SUSE Bug 971942 for CVE-2016-3119", url: "https://bugzilla.suse.com/971942", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-3119", }, { cve: "CVE-2016-3120", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-3120", }, ], notes: [ { category: "general", text: "The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-3120", url: "https://www.suse.com/security/cve/CVE-2016-3120", }, { category: "external", summary: "SUSE Bug 991088 for CVE-2016-3120", url: "https://bugzilla.suse.com/991088", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-3120", }, ], }
rhsa-2011:1379
Vulnerability from csaf_redhat
Published
2011-10-18 22:56
Modified
2024-11-22 04:41
Summary
Red Hat Security Advisory: krb5 security update
Notes
Topic
Updated krb5 packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Kerberos is a network authentication system which allows clients and
servers to authenticate to each other using symmetric encryption and a
trusted third-party, the Key Distribution Center (KDC).
Multiple NULL pointer dereference and assertion failure flaws were found
in the MIT Kerberos KDC when it was configured to use an LDAP (Lightweight
Directory Access Protocol) or Berkeley Database (Berkeley DB) back end. A
remote attacker could use these flaws to crash the KDC. (CVE-2011-1527,
CVE-2011-1528, CVE-2011-1529)
Red Hat would like to thank the MIT Kerberos project for reporting the
CVE-2011-1527 issue. Upstream acknowledges Andrej Ota as the original
reporter of CVE-2011-1527.
All krb5 users should upgrade to these updated packages, which contain a
backported patch to correct these issues. After installing the updated
packages, the krb5kdc daemon will be restarted automatically.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated krb5 packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", title: "Topic", }, { category: "general", text: "Kerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third-party, the Key Distribution Center (KDC).\n\nMultiple NULL pointer dereference and assertion failure flaws were found\nin the MIT Kerberos KDC when it was configured to use an LDAP (Lightweight\nDirectory Access Protocol) or Berkeley Database (Berkeley DB) back end. A\nremote attacker could use these flaws to crash the KDC. (CVE-2011-1527,\nCVE-2011-1528, CVE-2011-1529)\n\nRed Hat would like to thank the MIT Kerberos project for reporting the\nCVE-2011-1527 issue. Upstream acknowledges Andrej Ota as the original\nreporter of CVE-2011-1527.\n\nAll krb5 users should upgrade to these updated packages, which contain a\nbackported patch to correct these issues. After installing the updated\npackages, the krb5kdc daemon will be restarted automatically.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2011:1379", url: "https://access.redhat.com/errata/RHSA-2011:1379", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt", url: "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt", }, { category: "external", summary: "737711", url: "https://bugzilla.redhat.com/show_bug.cgi?id=737711", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_1379.json", }, ], title: "Red Hat Security Advisory: krb5 security update", tracking: { current_release_date: "2024-11-22T04:41:39+00:00", generator: { date: "2024-11-22T04:41:39+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2011:1379", initial_release_date: "2011-10-18T22:56:00+00:00", revision_history: [ { date: "2011-10-18T22:56:00+00:00", number: "1", summary: "Initial version", }, { date: "2011-10-18T19:05:06+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T04:41:39+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Server (v. 6)", product: { name: "Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::server", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "krb5-debuginfo-0:1.9-9.el6_1.2.i686", product: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.i686", product_id: "krb5-debuginfo-0:1.9-9.el6_1.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-debuginfo@1.9-9.el6_1.2?arch=i686", }, }, }, { category: "product_version", name: "krb5-libs-0:1.9-9.el6_1.2.i686", product: { name: "krb5-libs-0:1.9-9.el6_1.2.i686", product_id: "krb5-libs-0:1.9-9.el6_1.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-libs@1.9-9.el6_1.2?arch=i686", }, }, }, { category: "product_version", name: "krb5-devel-0:1.9-9.el6_1.2.i686", product: { name: "krb5-devel-0:1.9-9.el6_1.2.i686", product_id: "krb5-devel-0:1.9-9.el6_1.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-devel@1.9-9.el6_1.2?arch=i686", }, }, }, { category: "product_version", name: "krb5-server-ldap-0:1.9-9.el6_1.2.i686", product: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.i686", product_id: "krb5-server-ldap-0:1.9-9.el6_1.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server-ldap@1.9-9.el6_1.2?arch=i686", }, }, }, { category: "product_version", name: "krb5-server-0:1.9-9.el6_1.2.i686", product: { name: "krb5-server-0:1.9-9.el6_1.2.i686", product_id: "krb5-server-0:1.9-9.el6_1.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server@1.9-9.el6_1.2?arch=i686", }, }, }, { category: "product_version", name: "krb5-workstation-0:1.9-9.el6_1.2.i686", product: { name: "krb5-workstation-0:1.9-9.el6_1.2.i686", product_id: "krb5-workstation-0:1.9-9.el6_1.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-workstation@1.9-9.el6_1.2?arch=i686", }, }, }, { category: "product_version", name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", product: { name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", product_id: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-pkinit-openssl@1.9-9.el6_1.2?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", product: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", product_id: "krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-debuginfo@1.9-9.el6_1.2?arch=x86_64", }, }, }, { category: "product_version", name: "krb5-server-0:1.9-9.el6_1.2.x86_64", product: { name: "krb5-server-0:1.9-9.el6_1.2.x86_64", product_id: "krb5-server-0:1.9-9.el6_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server@1.9-9.el6_1.2?arch=x86_64", }, }, }, { category: "product_version", name: "krb5-libs-0:1.9-9.el6_1.2.x86_64", product: { name: "krb5-libs-0:1.9-9.el6_1.2.x86_64", product_id: "krb5-libs-0:1.9-9.el6_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-libs@1.9-9.el6_1.2?arch=x86_64", }, }, }, { category: "product_version", name: "krb5-workstation-0:1.9-9.el6_1.2.x86_64", product: { name: "krb5-workstation-0:1.9-9.el6_1.2.x86_64", product_id: "krb5-workstation-0:1.9-9.el6_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-workstation@1.9-9.el6_1.2?arch=x86_64", }, }, }, { category: "product_version", name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", product: { name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", product_id: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-pkinit-openssl@1.9-9.el6_1.2?arch=x86_64", }, }, }, { category: "product_version", name: "krb5-devel-0:1.9-9.el6_1.2.x86_64", product: { name: "krb5-devel-0:1.9-9.el6_1.2.x86_64", product_id: "krb5-devel-0:1.9-9.el6_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-devel@1.9-9.el6_1.2?arch=x86_64", }, }, }, { category: "product_version", name: "krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", product: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", product_id: "krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server-ldap@1.9-9.el6_1.2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", product: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", product_id: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-debuginfo@1.9-9.el6_1.2?arch=ppc64", }, }, }, { category: "product_version", name: "krb5-server-0:1.9-9.el6_1.2.ppc64", product: { name: "krb5-server-0:1.9-9.el6_1.2.ppc64", product_id: "krb5-server-0:1.9-9.el6_1.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server@1.9-9.el6_1.2?arch=ppc64", }, }, }, { category: "product_version", name: "krb5-libs-0:1.9-9.el6_1.2.ppc64", product: { name: "krb5-libs-0:1.9-9.el6_1.2.ppc64", product_id: "krb5-libs-0:1.9-9.el6_1.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-libs@1.9-9.el6_1.2?arch=ppc64", }, }, }, { category: "product_version", name: "krb5-workstation-0:1.9-9.el6_1.2.ppc64", product: { name: "krb5-workstation-0:1.9-9.el6_1.2.ppc64", product_id: "krb5-workstation-0:1.9-9.el6_1.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-workstation@1.9-9.el6_1.2?arch=ppc64", }, }, }, { category: "product_version", name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", product: { name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", product_id: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-pkinit-openssl@1.9-9.el6_1.2?arch=ppc64", }, }, }, { category: "product_version", name: "krb5-devel-0:1.9-9.el6_1.2.ppc64", product: { name: "krb5-devel-0:1.9-9.el6_1.2.ppc64", product_id: "krb5-devel-0:1.9-9.el6_1.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-devel@1.9-9.el6_1.2?arch=ppc64", }, }, }, { category: "product_version", name: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", product: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", product_id: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server-ldap@1.9-9.el6_1.2?arch=ppc64", }, }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc", product: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc", product_id: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-debuginfo@1.9-9.el6_1.2?arch=ppc", }, }, }, { category: "product_version", name: "krb5-libs-0:1.9-9.el6_1.2.ppc", product: { name: "krb5-libs-0:1.9-9.el6_1.2.ppc", product_id: "krb5-libs-0:1.9-9.el6_1.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-libs@1.9-9.el6_1.2?arch=ppc", }, }, }, { category: "product_version", name: "krb5-devel-0:1.9-9.el6_1.2.ppc", product: { name: "krb5-devel-0:1.9-9.el6_1.2.ppc", product_id: "krb5-devel-0:1.9-9.el6_1.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-devel@1.9-9.el6_1.2?arch=ppc", }, }, }, { category: "product_version", name: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc", product: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc", product_id: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server-ldap@1.9-9.el6_1.2?arch=ppc", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "krb5-debuginfo-0:1.9-9.el6_1.2.s390x", product: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.s390x", product_id: "krb5-debuginfo-0:1.9-9.el6_1.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-debuginfo@1.9-9.el6_1.2?arch=s390x", }, }, }, { category: "product_version", name: "krb5-server-0:1.9-9.el6_1.2.s390x", product: { name: "krb5-server-0:1.9-9.el6_1.2.s390x", product_id: "krb5-server-0:1.9-9.el6_1.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server@1.9-9.el6_1.2?arch=s390x", }, }, }, { category: "product_version", name: "krb5-libs-0:1.9-9.el6_1.2.s390x", product: { name: "krb5-libs-0:1.9-9.el6_1.2.s390x", product_id: "krb5-libs-0:1.9-9.el6_1.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-libs@1.9-9.el6_1.2?arch=s390x", }, }, }, { category: "product_version", name: "krb5-workstation-0:1.9-9.el6_1.2.s390x", product: { name: "krb5-workstation-0:1.9-9.el6_1.2.s390x", product_id: "krb5-workstation-0:1.9-9.el6_1.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-workstation@1.9-9.el6_1.2?arch=s390x", }, }, }, { category: "product_version", name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", product: { name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", product_id: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-pkinit-openssl@1.9-9.el6_1.2?arch=s390x", }, }, }, { category: "product_version", name: "krb5-devel-0:1.9-9.el6_1.2.s390x", product: { name: "krb5-devel-0:1.9-9.el6_1.2.s390x", product_id: "krb5-devel-0:1.9-9.el6_1.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-devel@1.9-9.el6_1.2?arch=s390x", }, }, }, { category: "product_version", name: "krb5-server-ldap-0:1.9-9.el6_1.2.s390x", product: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.s390x", product_id: "krb5-server-ldap-0:1.9-9.el6_1.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server-ldap@1.9-9.el6_1.2?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "krb5-debuginfo-0:1.9-9.el6_1.2.s390", product: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.s390", product_id: "krb5-debuginfo-0:1.9-9.el6_1.2.s390", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-debuginfo@1.9-9.el6_1.2?arch=s390", }, }, }, { category: "product_version", name: "krb5-libs-0:1.9-9.el6_1.2.s390", product: { name: "krb5-libs-0:1.9-9.el6_1.2.s390", product_id: "krb5-libs-0:1.9-9.el6_1.2.s390", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-libs@1.9-9.el6_1.2?arch=s390", }, }, }, { category: "product_version", name: "krb5-devel-0:1.9-9.el6_1.2.s390", product: { name: "krb5-devel-0:1.9-9.el6_1.2.s390", product_id: "krb5-devel-0:1.9-9.el6_1.2.s390", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-devel@1.9-9.el6_1.2?arch=s390", }, }, }, { category: "product_version", name: "krb5-server-ldap-0:1.9-9.el6_1.2.s390", product: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.s390", product_id: "krb5-server-ldap-0:1.9-9.el6_1.2.s390", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server-ldap@1.9-9.el6_1.2?arch=s390", }, }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "krb5-0:1.9-9.el6_1.2.src", product: { name: "krb5-0:1.9-9.el6_1.2.src", product_id: "krb5-0:1.9-9.el6_1.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/krb5@1.9-9.el6_1.2?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "krb5-0:1.9-9.el6_1.2.src as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", }, product_reference: "krb5-0:1.9-9.el6_1.2.src", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", }, product_reference: "krb5-debuginfo-0:1.9-9.el6_1.2.i686", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", }, product_reference: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", }, product_reference: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", }, product_reference: "krb5-debuginfo-0:1.9-9.el6_1.2.s390", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", }, product_reference: "krb5-debuginfo-0:1.9-9.el6_1.2.s390x", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", }, product_reference: "krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-0:1.9-9.el6_1.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", }, product_reference: "krb5-devel-0:1.9-9.el6_1.2.i686", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-0:1.9-9.el6_1.2.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", }, product_reference: "krb5-devel-0:1.9-9.el6_1.2.ppc", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-0:1.9-9.el6_1.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", }, product_reference: "krb5-devel-0:1.9-9.el6_1.2.ppc64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-0:1.9-9.el6_1.2.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", }, product_reference: "krb5-devel-0:1.9-9.el6_1.2.s390", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-0:1.9-9.el6_1.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", }, product_reference: "krb5-devel-0:1.9-9.el6_1.2.s390x", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-0:1.9-9.el6_1.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", }, product_reference: "krb5-devel-0:1.9-9.el6_1.2.x86_64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-libs-0:1.9-9.el6_1.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", }, product_reference: "krb5-libs-0:1.9-9.el6_1.2.i686", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-libs-0:1.9-9.el6_1.2.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", }, product_reference: "krb5-libs-0:1.9-9.el6_1.2.ppc", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-libs-0:1.9-9.el6_1.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", }, product_reference: "krb5-libs-0:1.9-9.el6_1.2.ppc64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-libs-0:1.9-9.el6_1.2.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", }, product_reference: "krb5-libs-0:1.9-9.el6_1.2.s390", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-libs-0:1.9-9.el6_1.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", }, product_reference: "krb5-libs-0:1.9-9.el6_1.2.s390x", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-libs-0:1.9-9.el6_1.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", }, product_reference: "krb5-libs-0:1.9-9.el6_1.2.x86_64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", }, product_reference: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", }, product_reference: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", }, product_reference: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", }, product_reference: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-0:1.9-9.el6_1.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", }, product_reference: "krb5-server-0:1.9-9.el6_1.2.i686", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-0:1.9-9.el6_1.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", }, product_reference: "krb5-server-0:1.9-9.el6_1.2.ppc64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-0:1.9-9.el6_1.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", }, product_reference: "krb5-server-0:1.9-9.el6_1.2.s390x", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-0:1.9-9.el6_1.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", }, product_reference: "krb5-server-0:1.9-9.el6_1.2.x86_64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", }, product_reference: "krb5-server-ldap-0:1.9-9.el6_1.2.i686", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", }, product_reference: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", }, product_reference: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", }, product_reference: "krb5-server-ldap-0:1.9-9.el6_1.2.s390", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", }, product_reference: "krb5-server-ldap-0:1.9-9.el6_1.2.s390x", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", }, product_reference: "krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-workstation-0:1.9-9.el6_1.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", }, product_reference: "krb5-workstation-0:1.9-9.el6_1.2.i686", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-workstation-0:1.9-9.el6_1.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", }, product_reference: "krb5-workstation-0:1.9-9.el6_1.2.ppc64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-workstation-0:1.9-9.el6_1.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", }, product_reference: "krb5-workstation-0:1.9-9.el6_1.2.s390x", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-workstation-0:1.9-9.el6_1.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", }, product_reference: "krb5-workstation-0:1.9-9.el6_1.2.x86_64", relates_to_product_reference: "6Server-6.1.z", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "MIT Kerberos project", ], }, { names: [ "Andrej Ota", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2011-1527", discovery_date: "2011-06-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "737711", }, ], notes: [ { category: "description", text: "The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions.", title: "Vulnerability description", }, { category: "summary", text: "krb5: KDC denial of service vulnerabilities (MITKRB5-SA-2011-006)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-1527", }, { category: "external", summary: "RHBZ#737711", url: "https://bugzilla.redhat.com/show_bug.cgi?id=737711", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-1527", url: "https://www.cve.org/CVERecord?id=CVE-2011-1527", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-1527", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-1527", }, ], release_date: "2011-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2011-10-18T22:56:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", product_ids: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2011:1379", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "krb5: KDC denial of service vulnerabilities (MITKRB5-SA-2011-006)", }, { acknowledgments: [ { names: [ "MIT Kerberos project", ], }, { names: [ "Andrej Ota", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2011-1528", discovery_date: "2011-06-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "737711", }, ], notes: [ { category: "description", text: "The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.", title: "Vulnerability description", }, { category: "summary", text: "krb5: KDC denial of service vulnerabilities (MITKRB5-SA-2011-006)", title: "Vulnerability summary", }, { category: "other", text: "Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 or 5.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-1528", }, { category: "external", summary: "RHBZ#737711", url: "https://bugzilla.redhat.com/show_bug.cgi?id=737711", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-1528", url: "https://www.cve.org/CVERecord?id=CVE-2011-1528", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-1528", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-1528", }, ], release_date: "2011-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2011-10-18T22:56:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", product_ids: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2011:1379", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "krb5: KDC denial of service vulnerabilities (MITKRB5-SA-2011-006)", }, { acknowledgments: [ { names: [ "MIT Kerberos project", ], }, { names: [ "Andrej Ota", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2011-1529", discovery_date: "2011-06-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "737711", }, ], notes: [ { category: "description", text: "The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors.", title: "Vulnerability description", }, { category: "summary", text: "krb5: KDC denial of service vulnerabilities (MITKRB5-SA-2011-006)", title: "Vulnerability summary", }, { category: "other", text: "Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 or 5.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-1529", }, { category: "external", summary: "RHBZ#737711", url: "https://bugzilla.redhat.com/show_bug.cgi?id=737711", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-1529", url: "https://www.cve.org/CVERecord?id=CVE-2011-1529", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-1529", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-1529", }, ], release_date: "2011-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2011-10-18T22:56:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", product_ids: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2011:1379", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "krb5: KDC denial of service vulnerabilities (MITKRB5-SA-2011-006)", }, ], }
RHSA-2011:1379
Vulnerability from csaf_redhat
Published
2011-10-18 22:56
Modified
2024-11-22 04:41
Summary
Red Hat Security Advisory: krb5 security update
Notes
Topic
Updated krb5 packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Kerberos is a network authentication system which allows clients and
servers to authenticate to each other using symmetric encryption and a
trusted third-party, the Key Distribution Center (KDC).
Multiple NULL pointer dereference and assertion failure flaws were found
in the MIT Kerberos KDC when it was configured to use an LDAP (Lightweight
Directory Access Protocol) or Berkeley Database (Berkeley DB) back end. A
remote attacker could use these flaws to crash the KDC. (CVE-2011-1527,
CVE-2011-1528, CVE-2011-1529)
Red Hat would like to thank the MIT Kerberos project for reporting the
CVE-2011-1527 issue. Upstream acknowledges Andrej Ota as the original
reporter of CVE-2011-1527.
All krb5 users should upgrade to these updated packages, which contain a
backported patch to correct these issues. After installing the updated
packages, the krb5kdc daemon will be restarted automatically.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated krb5 packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", title: "Topic", }, { category: "general", text: "Kerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third-party, the Key Distribution Center (KDC).\n\nMultiple NULL pointer dereference and assertion failure flaws were found\nin the MIT Kerberos KDC when it was configured to use an LDAP (Lightweight\nDirectory Access Protocol) or Berkeley Database (Berkeley DB) back end. A\nremote attacker could use these flaws to crash the KDC. (CVE-2011-1527,\nCVE-2011-1528, CVE-2011-1529)\n\nRed Hat would like to thank the MIT Kerberos project for reporting the\nCVE-2011-1527 issue. Upstream acknowledges Andrej Ota as the original\nreporter of CVE-2011-1527.\n\nAll krb5 users should upgrade to these updated packages, which contain a\nbackported patch to correct these issues. After installing the updated\npackages, the krb5kdc daemon will be restarted automatically.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2011:1379", url: "https://access.redhat.com/errata/RHSA-2011:1379", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt", url: "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt", }, { category: "external", summary: "737711", url: "https://bugzilla.redhat.com/show_bug.cgi?id=737711", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_1379.json", }, ], title: "Red Hat Security Advisory: krb5 security update", tracking: { current_release_date: "2024-11-22T04:41:39+00:00", generator: { date: "2024-11-22T04:41:39+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2011:1379", initial_release_date: "2011-10-18T22:56:00+00:00", revision_history: [ { date: "2011-10-18T22:56:00+00:00", number: "1", summary: "Initial version", }, { date: "2011-10-18T19:05:06+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T04:41:39+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Server (v. 6)", product: { name: "Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::server", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "krb5-debuginfo-0:1.9-9.el6_1.2.i686", product: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.i686", product_id: "krb5-debuginfo-0:1.9-9.el6_1.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-debuginfo@1.9-9.el6_1.2?arch=i686", }, }, }, { category: "product_version", name: "krb5-libs-0:1.9-9.el6_1.2.i686", product: { name: "krb5-libs-0:1.9-9.el6_1.2.i686", product_id: "krb5-libs-0:1.9-9.el6_1.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-libs@1.9-9.el6_1.2?arch=i686", }, }, }, { category: "product_version", name: "krb5-devel-0:1.9-9.el6_1.2.i686", product: { name: "krb5-devel-0:1.9-9.el6_1.2.i686", product_id: "krb5-devel-0:1.9-9.el6_1.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-devel@1.9-9.el6_1.2?arch=i686", }, }, }, { category: "product_version", name: "krb5-server-ldap-0:1.9-9.el6_1.2.i686", product: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.i686", product_id: "krb5-server-ldap-0:1.9-9.el6_1.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server-ldap@1.9-9.el6_1.2?arch=i686", }, }, }, { category: "product_version", name: "krb5-server-0:1.9-9.el6_1.2.i686", product: { name: "krb5-server-0:1.9-9.el6_1.2.i686", product_id: "krb5-server-0:1.9-9.el6_1.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server@1.9-9.el6_1.2?arch=i686", }, }, }, { category: "product_version", name: "krb5-workstation-0:1.9-9.el6_1.2.i686", product: { name: "krb5-workstation-0:1.9-9.el6_1.2.i686", product_id: "krb5-workstation-0:1.9-9.el6_1.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-workstation@1.9-9.el6_1.2?arch=i686", }, }, }, { category: "product_version", name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", product: { name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", product_id: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-pkinit-openssl@1.9-9.el6_1.2?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", product: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", product_id: "krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-debuginfo@1.9-9.el6_1.2?arch=x86_64", }, }, }, { category: "product_version", name: "krb5-server-0:1.9-9.el6_1.2.x86_64", product: { name: "krb5-server-0:1.9-9.el6_1.2.x86_64", product_id: "krb5-server-0:1.9-9.el6_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server@1.9-9.el6_1.2?arch=x86_64", }, }, }, { category: "product_version", name: "krb5-libs-0:1.9-9.el6_1.2.x86_64", product: { name: "krb5-libs-0:1.9-9.el6_1.2.x86_64", product_id: "krb5-libs-0:1.9-9.el6_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-libs@1.9-9.el6_1.2?arch=x86_64", }, }, }, { category: "product_version", name: "krb5-workstation-0:1.9-9.el6_1.2.x86_64", product: { name: "krb5-workstation-0:1.9-9.el6_1.2.x86_64", product_id: "krb5-workstation-0:1.9-9.el6_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-workstation@1.9-9.el6_1.2?arch=x86_64", }, }, }, { category: "product_version", name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", product: { name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", product_id: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-pkinit-openssl@1.9-9.el6_1.2?arch=x86_64", }, }, }, { category: "product_version", name: "krb5-devel-0:1.9-9.el6_1.2.x86_64", product: { name: "krb5-devel-0:1.9-9.el6_1.2.x86_64", product_id: "krb5-devel-0:1.9-9.el6_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-devel@1.9-9.el6_1.2?arch=x86_64", }, }, }, { category: "product_version", name: "krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", product: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", product_id: "krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server-ldap@1.9-9.el6_1.2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", product: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", product_id: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-debuginfo@1.9-9.el6_1.2?arch=ppc64", }, }, }, { category: "product_version", name: "krb5-server-0:1.9-9.el6_1.2.ppc64", product: { name: "krb5-server-0:1.9-9.el6_1.2.ppc64", product_id: "krb5-server-0:1.9-9.el6_1.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server@1.9-9.el6_1.2?arch=ppc64", }, }, }, { category: "product_version", name: "krb5-libs-0:1.9-9.el6_1.2.ppc64", product: { name: "krb5-libs-0:1.9-9.el6_1.2.ppc64", product_id: "krb5-libs-0:1.9-9.el6_1.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-libs@1.9-9.el6_1.2?arch=ppc64", }, }, }, { category: "product_version", name: "krb5-workstation-0:1.9-9.el6_1.2.ppc64", product: { name: "krb5-workstation-0:1.9-9.el6_1.2.ppc64", product_id: "krb5-workstation-0:1.9-9.el6_1.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-workstation@1.9-9.el6_1.2?arch=ppc64", }, }, }, { category: "product_version", name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", product: { name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", product_id: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-pkinit-openssl@1.9-9.el6_1.2?arch=ppc64", }, }, }, { category: "product_version", name: "krb5-devel-0:1.9-9.el6_1.2.ppc64", product: { name: "krb5-devel-0:1.9-9.el6_1.2.ppc64", product_id: "krb5-devel-0:1.9-9.el6_1.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-devel@1.9-9.el6_1.2?arch=ppc64", }, }, }, { category: "product_version", name: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", product: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", product_id: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server-ldap@1.9-9.el6_1.2?arch=ppc64", }, }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc", product: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc", product_id: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-debuginfo@1.9-9.el6_1.2?arch=ppc", }, }, }, { category: "product_version", name: "krb5-libs-0:1.9-9.el6_1.2.ppc", product: { name: "krb5-libs-0:1.9-9.el6_1.2.ppc", product_id: "krb5-libs-0:1.9-9.el6_1.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-libs@1.9-9.el6_1.2?arch=ppc", }, }, }, { category: "product_version", name: "krb5-devel-0:1.9-9.el6_1.2.ppc", product: { name: "krb5-devel-0:1.9-9.el6_1.2.ppc", product_id: "krb5-devel-0:1.9-9.el6_1.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-devel@1.9-9.el6_1.2?arch=ppc", }, }, }, { category: "product_version", name: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc", product: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc", product_id: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server-ldap@1.9-9.el6_1.2?arch=ppc", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "krb5-debuginfo-0:1.9-9.el6_1.2.s390x", product: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.s390x", product_id: "krb5-debuginfo-0:1.9-9.el6_1.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-debuginfo@1.9-9.el6_1.2?arch=s390x", }, }, }, { category: "product_version", name: "krb5-server-0:1.9-9.el6_1.2.s390x", product: { name: "krb5-server-0:1.9-9.el6_1.2.s390x", product_id: "krb5-server-0:1.9-9.el6_1.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server@1.9-9.el6_1.2?arch=s390x", }, }, }, { category: "product_version", name: "krb5-libs-0:1.9-9.el6_1.2.s390x", product: { name: "krb5-libs-0:1.9-9.el6_1.2.s390x", product_id: "krb5-libs-0:1.9-9.el6_1.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-libs@1.9-9.el6_1.2?arch=s390x", }, }, }, { category: "product_version", name: "krb5-workstation-0:1.9-9.el6_1.2.s390x", product: { name: "krb5-workstation-0:1.9-9.el6_1.2.s390x", product_id: "krb5-workstation-0:1.9-9.el6_1.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-workstation@1.9-9.el6_1.2?arch=s390x", }, }, }, { category: "product_version", name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", product: { name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", product_id: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-pkinit-openssl@1.9-9.el6_1.2?arch=s390x", }, }, }, { category: "product_version", name: "krb5-devel-0:1.9-9.el6_1.2.s390x", product: { name: "krb5-devel-0:1.9-9.el6_1.2.s390x", product_id: "krb5-devel-0:1.9-9.el6_1.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-devel@1.9-9.el6_1.2?arch=s390x", }, }, }, { category: "product_version", name: "krb5-server-ldap-0:1.9-9.el6_1.2.s390x", product: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.s390x", product_id: "krb5-server-ldap-0:1.9-9.el6_1.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server-ldap@1.9-9.el6_1.2?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "krb5-debuginfo-0:1.9-9.el6_1.2.s390", product: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.s390", product_id: "krb5-debuginfo-0:1.9-9.el6_1.2.s390", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-debuginfo@1.9-9.el6_1.2?arch=s390", }, }, }, { category: "product_version", name: "krb5-libs-0:1.9-9.el6_1.2.s390", product: { name: "krb5-libs-0:1.9-9.el6_1.2.s390", product_id: "krb5-libs-0:1.9-9.el6_1.2.s390", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-libs@1.9-9.el6_1.2?arch=s390", }, }, }, { category: "product_version", name: "krb5-devel-0:1.9-9.el6_1.2.s390", product: { name: "krb5-devel-0:1.9-9.el6_1.2.s390", product_id: "krb5-devel-0:1.9-9.el6_1.2.s390", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-devel@1.9-9.el6_1.2?arch=s390", }, }, }, { category: "product_version", name: "krb5-server-ldap-0:1.9-9.el6_1.2.s390", product: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.s390", product_id: "krb5-server-ldap-0:1.9-9.el6_1.2.s390", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server-ldap@1.9-9.el6_1.2?arch=s390", }, }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "krb5-0:1.9-9.el6_1.2.src", product: { name: "krb5-0:1.9-9.el6_1.2.src", product_id: "krb5-0:1.9-9.el6_1.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/krb5@1.9-9.el6_1.2?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "krb5-0:1.9-9.el6_1.2.src as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", }, product_reference: "krb5-0:1.9-9.el6_1.2.src", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", }, product_reference: "krb5-debuginfo-0:1.9-9.el6_1.2.i686", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", }, product_reference: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", }, product_reference: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", }, product_reference: "krb5-debuginfo-0:1.9-9.el6_1.2.s390", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", }, product_reference: "krb5-debuginfo-0:1.9-9.el6_1.2.s390x", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", }, product_reference: "krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-0:1.9-9.el6_1.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", }, product_reference: "krb5-devel-0:1.9-9.el6_1.2.i686", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-0:1.9-9.el6_1.2.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", }, product_reference: "krb5-devel-0:1.9-9.el6_1.2.ppc", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-0:1.9-9.el6_1.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", }, product_reference: "krb5-devel-0:1.9-9.el6_1.2.ppc64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-0:1.9-9.el6_1.2.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", }, product_reference: "krb5-devel-0:1.9-9.el6_1.2.s390", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-0:1.9-9.el6_1.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", }, product_reference: "krb5-devel-0:1.9-9.el6_1.2.s390x", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-0:1.9-9.el6_1.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", }, product_reference: "krb5-devel-0:1.9-9.el6_1.2.x86_64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-libs-0:1.9-9.el6_1.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", }, product_reference: "krb5-libs-0:1.9-9.el6_1.2.i686", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-libs-0:1.9-9.el6_1.2.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", }, product_reference: "krb5-libs-0:1.9-9.el6_1.2.ppc", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-libs-0:1.9-9.el6_1.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", }, product_reference: "krb5-libs-0:1.9-9.el6_1.2.ppc64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-libs-0:1.9-9.el6_1.2.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", }, product_reference: "krb5-libs-0:1.9-9.el6_1.2.s390", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-libs-0:1.9-9.el6_1.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", }, product_reference: "krb5-libs-0:1.9-9.el6_1.2.s390x", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-libs-0:1.9-9.el6_1.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", }, product_reference: "krb5-libs-0:1.9-9.el6_1.2.x86_64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", }, product_reference: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", }, product_reference: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", }, product_reference: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", }, product_reference: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-0:1.9-9.el6_1.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", }, product_reference: "krb5-server-0:1.9-9.el6_1.2.i686", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-0:1.9-9.el6_1.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", }, product_reference: "krb5-server-0:1.9-9.el6_1.2.ppc64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-0:1.9-9.el6_1.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", }, product_reference: "krb5-server-0:1.9-9.el6_1.2.s390x", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-0:1.9-9.el6_1.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", }, product_reference: "krb5-server-0:1.9-9.el6_1.2.x86_64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", }, product_reference: "krb5-server-ldap-0:1.9-9.el6_1.2.i686", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", }, product_reference: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", }, product_reference: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", }, product_reference: "krb5-server-ldap-0:1.9-9.el6_1.2.s390", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", }, product_reference: "krb5-server-ldap-0:1.9-9.el6_1.2.s390x", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", }, product_reference: "krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-workstation-0:1.9-9.el6_1.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", }, product_reference: "krb5-workstation-0:1.9-9.el6_1.2.i686", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-workstation-0:1.9-9.el6_1.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", }, product_reference: "krb5-workstation-0:1.9-9.el6_1.2.ppc64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-workstation-0:1.9-9.el6_1.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", }, product_reference: "krb5-workstation-0:1.9-9.el6_1.2.s390x", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-workstation-0:1.9-9.el6_1.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", }, product_reference: "krb5-workstation-0:1.9-9.el6_1.2.x86_64", relates_to_product_reference: "6Server-6.1.z", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "MIT Kerberos project", ], }, { names: [ "Andrej Ota", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2011-1527", discovery_date: "2011-06-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "737711", }, ], notes: [ { category: "description", text: "The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions.", title: "Vulnerability description", }, { category: "summary", text: "krb5: KDC denial of service vulnerabilities (MITKRB5-SA-2011-006)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-1527", }, { category: "external", summary: "RHBZ#737711", url: "https://bugzilla.redhat.com/show_bug.cgi?id=737711", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-1527", url: "https://www.cve.org/CVERecord?id=CVE-2011-1527", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-1527", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-1527", }, ], release_date: "2011-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2011-10-18T22:56:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", product_ids: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2011:1379", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "krb5: KDC denial of service vulnerabilities (MITKRB5-SA-2011-006)", }, { acknowledgments: [ { names: [ "MIT Kerberos project", ], }, { names: [ "Andrej Ota", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2011-1528", discovery_date: "2011-06-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "737711", }, ], notes: [ { category: "description", text: "The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.", title: "Vulnerability description", }, { category: "summary", text: "krb5: KDC denial of service vulnerabilities (MITKRB5-SA-2011-006)", title: "Vulnerability summary", }, { category: "other", text: "Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 or 5.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-1528", }, { category: "external", summary: "RHBZ#737711", url: "https://bugzilla.redhat.com/show_bug.cgi?id=737711", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-1528", url: "https://www.cve.org/CVERecord?id=CVE-2011-1528", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-1528", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-1528", }, ], release_date: "2011-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2011-10-18T22:56:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", product_ids: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2011:1379", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "krb5: KDC denial of service vulnerabilities (MITKRB5-SA-2011-006)", }, { acknowledgments: [ { names: [ "MIT Kerberos project", ], }, { names: [ "Andrej Ota", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2011-1529", discovery_date: "2011-06-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "737711", }, ], notes: [ { category: "description", text: "The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors.", title: "Vulnerability description", }, { category: "summary", text: "krb5: KDC denial of service vulnerabilities (MITKRB5-SA-2011-006)", title: "Vulnerability summary", }, { category: "other", text: "Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 or 5.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-1529", }, { category: "external", summary: "RHBZ#737711", url: "https://bugzilla.redhat.com/show_bug.cgi?id=737711", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-1529", url: "https://www.cve.org/CVERecord?id=CVE-2011-1529", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-1529", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-1529", }, ], release_date: "2011-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2011-10-18T22:56:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", product_ids: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2011:1379", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "krb5: KDC denial of service vulnerabilities (MITKRB5-SA-2011-006)", }, ], }
rhsa-2011_1379
Vulnerability from csaf_redhat
Published
2011-10-18 22:56
Modified
2024-11-22 04:41
Summary
Red Hat Security Advisory: krb5 security update
Notes
Topic
Updated krb5 packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Kerberos is a network authentication system which allows clients and
servers to authenticate to each other using symmetric encryption and a
trusted third-party, the Key Distribution Center (KDC).
Multiple NULL pointer dereference and assertion failure flaws were found
in the MIT Kerberos KDC when it was configured to use an LDAP (Lightweight
Directory Access Protocol) or Berkeley Database (Berkeley DB) back end. A
remote attacker could use these flaws to crash the KDC. (CVE-2011-1527,
CVE-2011-1528, CVE-2011-1529)
Red Hat would like to thank the MIT Kerberos project for reporting the
CVE-2011-1527 issue. Upstream acknowledges Andrej Ota as the original
reporter of CVE-2011-1527.
All krb5 users should upgrade to these updated packages, which contain a
backported patch to correct these issues. After installing the updated
packages, the krb5kdc daemon will be restarted automatically.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated krb5 packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", title: "Topic", }, { category: "general", text: "Kerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third-party, the Key Distribution Center (KDC).\n\nMultiple NULL pointer dereference and assertion failure flaws were found\nin the MIT Kerberos KDC when it was configured to use an LDAP (Lightweight\nDirectory Access Protocol) or Berkeley Database (Berkeley DB) back end. A\nremote attacker could use these flaws to crash the KDC. (CVE-2011-1527,\nCVE-2011-1528, CVE-2011-1529)\n\nRed Hat would like to thank the MIT Kerberos project for reporting the\nCVE-2011-1527 issue. Upstream acknowledges Andrej Ota as the original\nreporter of CVE-2011-1527.\n\nAll krb5 users should upgrade to these updated packages, which contain a\nbackported patch to correct these issues. After installing the updated\npackages, the krb5kdc daemon will be restarted automatically.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2011:1379", url: "https://access.redhat.com/errata/RHSA-2011:1379", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt", url: "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt", }, { category: "external", summary: "737711", url: "https://bugzilla.redhat.com/show_bug.cgi?id=737711", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_1379.json", }, ], title: "Red Hat Security Advisory: krb5 security update", tracking: { current_release_date: "2024-11-22T04:41:39+00:00", generator: { date: "2024-11-22T04:41:39+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2011:1379", initial_release_date: "2011-10-18T22:56:00+00:00", revision_history: [ { date: "2011-10-18T22:56:00+00:00", number: "1", summary: "Initial version", }, { date: "2011-10-18T19:05:06+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T04:41:39+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Server (v. 6)", product: { name: "Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::server", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "krb5-debuginfo-0:1.9-9.el6_1.2.i686", product: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.i686", product_id: "krb5-debuginfo-0:1.9-9.el6_1.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-debuginfo@1.9-9.el6_1.2?arch=i686", }, }, }, { category: "product_version", name: "krb5-libs-0:1.9-9.el6_1.2.i686", product: { name: "krb5-libs-0:1.9-9.el6_1.2.i686", product_id: "krb5-libs-0:1.9-9.el6_1.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-libs@1.9-9.el6_1.2?arch=i686", }, }, }, { category: "product_version", name: "krb5-devel-0:1.9-9.el6_1.2.i686", product: { name: "krb5-devel-0:1.9-9.el6_1.2.i686", product_id: "krb5-devel-0:1.9-9.el6_1.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-devel@1.9-9.el6_1.2?arch=i686", }, }, }, { category: "product_version", name: "krb5-server-ldap-0:1.9-9.el6_1.2.i686", product: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.i686", product_id: "krb5-server-ldap-0:1.9-9.el6_1.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server-ldap@1.9-9.el6_1.2?arch=i686", }, }, }, { category: "product_version", name: "krb5-server-0:1.9-9.el6_1.2.i686", product: { name: "krb5-server-0:1.9-9.el6_1.2.i686", product_id: "krb5-server-0:1.9-9.el6_1.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server@1.9-9.el6_1.2?arch=i686", }, }, }, { category: "product_version", name: "krb5-workstation-0:1.9-9.el6_1.2.i686", product: { name: "krb5-workstation-0:1.9-9.el6_1.2.i686", product_id: "krb5-workstation-0:1.9-9.el6_1.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-workstation@1.9-9.el6_1.2?arch=i686", }, }, }, { category: "product_version", name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", product: { name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", product_id: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-pkinit-openssl@1.9-9.el6_1.2?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", product: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", product_id: "krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-debuginfo@1.9-9.el6_1.2?arch=x86_64", }, }, }, { category: "product_version", name: "krb5-server-0:1.9-9.el6_1.2.x86_64", product: { name: "krb5-server-0:1.9-9.el6_1.2.x86_64", product_id: "krb5-server-0:1.9-9.el6_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server@1.9-9.el6_1.2?arch=x86_64", }, }, }, { category: "product_version", name: "krb5-libs-0:1.9-9.el6_1.2.x86_64", product: { name: "krb5-libs-0:1.9-9.el6_1.2.x86_64", product_id: "krb5-libs-0:1.9-9.el6_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-libs@1.9-9.el6_1.2?arch=x86_64", }, }, }, { category: "product_version", name: "krb5-workstation-0:1.9-9.el6_1.2.x86_64", product: { name: "krb5-workstation-0:1.9-9.el6_1.2.x86_64", product_id: "krb5-workstation-0:1.9-9.el6_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-workstation@1.9-9.el6_1.2?arch=x86_64", }, }, }, { category: "product_version", name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", product: { name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", product_id: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-pkinit-openssl@1.9-9.el6_1.2?arch=x86_64", }, }, }, { category: "product_version", name: "krb5-devel-0:1.9-9.el6_1.2.x86_64", product: { name: "krb5-devel-0:1.9-9.el6_1.2.x86_64", product_id: "krb5-devel-0:1.9-9.el6_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-devel@1.9-9.el6_1.2?arch=x86_64", }, }, }, { category: "product_version", name: "krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", product: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", product_id: "krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server-ldap@1.9-9.el6_1.2?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", product: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", product_id: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-debuginfo@1.9-9.el6_1.2?arch=ppc64", }, }, }, { category: "product_version", name: "krb5-server-0:1.9-9.el6_1.2.ppc64", product: { name: "krb5-server-0:1.9-9.el6_1.2.ppc64", product_id: "krb5-server-0:1.9-9.el6_1.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server@1.9-9.el6_1.2?arch=ppc64", }, }, }, { category: "product_version", name: "krb5-libs-0:1.9-9.el6_1.2.ppc64", product: { name: "krb5-libs-0:1.9-9.el6_1.2.ppc64", product_id: "krb5-libs-0:1.9-9.el6_1.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-libs@1.9-9.el6_1.2?arch=ppc64", }, }, }, { category: "product_version", name: "krb5-workstation-0:1.9-9.el6_1.2.ppc64", product: { name: "krb5-workstation-0:1.9-9.el6_1.2.ppc64", product_id: "krb5-workstation-0:1.9-9.el6_1.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-workstation@1.9-9.el6_1.2?arch=ppc64", }, }, }, { category: "product_version", name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", product: { name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", product_id: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-pkinit-openssl@1.9-9.el6_1.2?arch=ppc64", }, }, }, { category: "product_version", name: "krb5-devel-0:1.9-9.el6_1.2.ppc64", product: { name: "krb5-devel-0:1.9-9.el6_1.2.ppc64", product_id: "krb5-devel-0:1.9-9.el6_1.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-devel@1.9-9.el6_1.2?arch=ppc64", }, }, }, { category: "product_version", name: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", product: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", product_id: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server-ldap@1.9-9.el6_1.2?arch=ppc64", }, }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc", product: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc", product_id: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-debuginfo@1.9-9.el6_1.2?arch=ppc", }, }, }, { category: "product_version", name: "krb5-libs-0:1.9-9.el6_1.2.ppc", product: { name: "krb5-libs-0:1.9-9.el6_1.2.ppc", product_id: "krb5-libs-0:1.9-9.el6_1.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-libs@1.9-9.el6_1.2?arch=ppc", }, }, }, { category: "product_version", name: "krb5-devel-0:1.9-9.el6_1.2.ppc", product: { name: "krb5-devel-0:1.9-9.el6_1.2.ppc", product_id: "krb5-devel-0:1.9-9.el6_1.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-devel@1.9-9.el6_1.2?arch=ppc", }, }, }, { category: "product_version", name: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc", product: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc", product_id: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server-ldap@1.9-9.el6_1.2?arch=ppc", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "krb5-debuginfo-0:1.9-9.el6_1.2.s390x", product: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.s390x", product_id: "krb5-debuginfo-0:1.9-9.el6_1.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-debuginfo@1.9-9.el6_1.2?arch=s390x", }, }, }, { category: "product_version", name: "krb5-server-0:1.9-9.el6_1.2.s390x", product: { name: "krb5-server-0:1.9-9.el6_1.2.s390x", product_id: "krb5-server-0:1.9-9.el6_1.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server@1.9-9.el6_1.2?arch=s390x", }, }, }, { category: "product_version", name: "krb5-libs-0:1.9-9.el6_1.2.s390x", product: { name: "krb5-libs-0:1.9-9.el6_1.2.s390x", product_id: "krb5-libs-0:1.9-9.el6_1.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-libs@1.9-9.el6_1.2?arch=s390x", }, }, }, { category: "product_version", name: "krb5-workstation-0:1.9-9.el6_1.2.s390x", product: { name: "krb5-workstation-0:1.9-9.el6_1.2.s390x", product_id: "krb5-workstation-0:1.9-9.el6_1.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-workstation@1.9-9.el6_1.2?arch=s390x", }, }, }, { category: "product_version", name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", product: { name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", product_id: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-pkinit-openssl@1.9-9.el6_1.2?arch=s390x", }, }, }, { category: "product_version", name: "krb5-devel-0:1.9-9.el6_1.2.s390x", product: { name: "krb5-devel-0:1.9-9.el6_1.2.s390x", product_id: "krb5-devel-0:1.9-9.el6_1.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-devel@1.9-9.el6_1.2?arch=s390x", }, }, }, { category: "product_version", name: "krb5-server-ldap-0:1.9-9.el6_1.2.s390x", product: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.s390x", product_id: "krb5-server-ldap-0:1.9-9.el6_1.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server-ldap@1.9-9.el6_1.2?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "krb5-debuginfo-0:1.9-9.el6_1.2.s390", product: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.s390", product_id: "krb5-debuginfo-0:1.9-9.el6_1.2.s390", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-debuginfo@1.9-9.el6_1.2?arch=s390", }, }, }, { category: "product_version", name: "krb5-libs-0:1.9-9.el6_1.2.s390", product: { name: "krb5-libs-0:1.9-9.el6_1.2.s390", product_id: "krb5-libs-0:1.9-9.el6_1.2.s390", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-libs@1.9-9.el6_1.2?arch=s390", }, }, }, { category: "product_version", name: "krb5-devel-0:1.9-9.el6_1.2.s390", product: { name: "krb5-devel-0:1.9-9.el6_1.2.s390", product_id: "krb5-devel-0:1.9-9.el6_1.2.s390", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-devel@1.9-9.el6_1.2?arch=s390", }, }, }, { category: "product_version", name: "krb5-server-ldap-0:1.9-9.el6_1.2.s390", product: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.s390", product_id: "krb5-server-ldap-0:1.9-9.el6_1.2.s390", product_identification_helper: { purl: "pkg:rpm/redhat/krb5-server-ldap@1.9-9.el6_1.2?arch=s390", }, }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "krb5-0:1.9-9.el6_1.2.src", product: { name: "krb5-0:1.9-9.el6_1.2.src", product_id: "krb5-0:1.9-9.el6_1.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/krb5@1.9-9.el6_1.2?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "krb5-0:1.9-9.el6_1.2.src as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", }, product_reference: "krb5-0:1.9-9.el6_1.2.src", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", }, product_reference: "krb5-debuginfo-0:1.9-9.el6_1.2.i686", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", }, product_reference: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", }, product_reference: "krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", }, product_reference: "krb5-debuginfo-0:1.9-9.el6_1.2.s390", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", }, product_reference: "krb5-debuginfo-0:1.9-9.el6_1.2.s390x", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-debuginfo-0:1.9-9.el6_1.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", }, product_reference: "krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-0:1.9-9.el6_1.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", }, product_reference: "krb5-devel-0:1.9-9.el6_1.2.i686", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-0:1.9-9.el6_1.2.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", }, product_reference: "krb5-devel-0:1.9-9.el6_1.2.ppc", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-0:1.9-9.el6_1.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", }, product_reference: "krb5-devel-0:1.9-9.el6_1.2.ppc64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-0:1.9-9.el6_1.2.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", }, product_reference: "krb5-devel-0:1.9-9.el6_1.2.s390", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-0:1.9-9.el6_1.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", }, product_reference: "krb5-devel-0:1.9-9.el6_1.2.s390x", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-0:1.9-9.el6_1.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", }, product_reference: "krb5-devel-0:1.9-9.el6_1.2.x86_64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-libs-0:1.9-9.el6_1.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", }, product_reference: "krb5-libs-0:1.9-9.el6_1.2.i686", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-libs-0:1.9-9.el6_1.2.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", }, product_reference: "krb5-libs-0:1.9-9.el6_1.2.ppc", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-libs-0:1.9-9.el6_1.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", }, product_reference: "krb5-libs-0:1.9-9.el6_1.2.ppc64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-libs-0:1.9-9.el6_1.2.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", }, product_reference: "krb5-libs-0:1.9-9.el6_1.2.s390", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-libs-0:1.9-9.el6_1.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", }, product_reference: "krb5-libs-0:1.9-9.el6_1.2.s390x", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-libs-0:1.9-9.el6_1.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", }, product_reference: "krb5-libs-0:1.9-9.el6_1.2.x86_64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", }, product_reference: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", }, product_reference: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", }, product_reference: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", }, product_reference: "krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-0:1.9-9.el6_1.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", }, product_reference: "krb5-server-0:1.9-9.el6_1.2.i686", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-0:1.9-9.el6_1.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", }, product_reference: "krb5-server-0:1.9-9.el6_1.2.ppc64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-0:1.9-9.el6_1.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", }, product_reference: "krb5-server-0:1.9-9.el6_1.2.s390x", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-0:1.9-9.el6_1.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", }, product_reference: "krb5-server-0:1.9-9.el6_1.2.x86_64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", }, product_reference: "krb5-server-ldap-0:1.9-9.el6_1.2.i686", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", }, product_reference: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", }, product_reference: "krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", }, product_reference: "krb5-server-ldap-0:1.9-9.el6_1.2.s390", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", }, product_reference: "krb5-server-ldap-0:1.9-9.el6_1.2.s390x", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-server-ldap-0:1.9-9.el6_1.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", }, product_reference: "krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-workstation-0:1.9-9.el6_1.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", }, product_reference: "krb5-workstation-0:1.9-9.el6_1.2.i686", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-workstation-0:1.9-9.el6_1.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", }, product_reference: "krb5-workstation-0:1.9-9.el6_1.2.ppc64", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-workstation-0:1.9-9.el6_1.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", }, product_reference: "krb5-workstation-0:1.9-9.el6_1.2.s390x", relates_to_product_reference: "6Server-6.1.z", }, { category: "default_component_of", full_product_name: { name: "krb5-workstation-0:1.9-9.el6_1.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", }, product_reference: "krb5-workstation-0:1.9-9.el6_1.2.x86_64", relates_to_product_reference: "6Server-6.1.z", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "MIT Kerberos project", ], }, { names: [ "Andrej Ota", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2011-1527", discovery_date: "2011-06-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "737711", }, ], notes: [ { category: "description", text: "The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions.", title: "Vulnerability description", }, { category: "summary", text: "krb5: KDC denial of service vulnerabilities (MITKRB5-SA-2011-006)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-1527", }, { category: "external", summary: "RHBZ#737711", url: "https://bugzilla.redhat.com/show_bug.cgi?id=737711", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-1527", url: "https://www.cve.org/CVERecord?id=CVE-2011-1527", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-1527", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-1527", }, ], release_date: "2011-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2011-10-18T22:56:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", product_ids: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2011:1379", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "krb5: KDC denial of service vulnerabilities (MITKRB5-SA-2011-006)", }, { acknowledgments: [ { names: [ "MIT Kerberos project", ], }, { names: [ "Andrej Ota", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2011-1528", discovery_date: "2011-06-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "737711", }, ], notes: [ { category: "description", text: "The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.", title: "Vulnerability description", }, { category: "summary", text: "krb5: KDC denial of service vulnerabilities (MITKRB5-SA-2011-006)", title: "Vulnerability summary", }, { category: "other", text: "Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 or 5.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-1528", }, { category: "external", summary: "RHBZ#737711", url: "https://bugzilla.redhat.com/show_bug.cgi?id=737711", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-1528", url: "https://www.cve.org/CVERecord?id=CVE-2011-1528", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-1528", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-1528", }, ], release_date: "2011-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2011-10-18T22:56:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", product_ids: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2011:1379", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "krb5: KDC denial of service vulnerabilities (MITKRB5-SA-2011-006)", }, { acknowledgments: [ { names: [ "MIT Kerberos project", ], }, { names: [ "Andrej Ota", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2011-1529", discovery_date: "2011-06-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "737711", }, ], notes: [ { category: "description", text: "The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors.", title: "Vulnerability description", }, { category: "summary", text: "krb5: KDC denial of service vulnerabilities (MITKRB5-SA-2011-006)", title: "Vulnerability summary", }, { category: "other", text: "Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 or 5.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2011-1529", }, { category: "external", summary: "RHBZ#737711", url: "https://bugzilla.redhat.com/show_bug.cgi?id=737711", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2011-1529", url: "https://www.cve.org/CVERecord?id=CVE-2011-1529", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2011-1529", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-1529", }, ], release_date: "2011-10-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2011-10-18T22:56:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", product_ids: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2011:1379", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "6Server-6.1.z:krb5-0:1.9-9.el6_1.2.src", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-debuginfo-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-devel-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-libs-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-pkinit-openssl-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-server-ldap-0:1.9-9.el6_1.2.x86_64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.i686", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.ppc64", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.s390x", "6Server-6.1.z:krb5-workstation-0:1.9-9.el6_1.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "krb5: KDC denial of service vulnerabilities (MITKRB5-SA-2011-006)", }, ], }
ghsa-hxvv-vjx9-wj2m
Vulnerability from github
Published
2022-05-13 01:28
Modified
2022-05-13 01:28
Details
The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.
{ affected: [], aliases: [ "CVE-2011-1528", ], database_specific: { cwe_ids: [ "CWE-20", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2011-10-20T21:55:00Z", severity: "HIGH", }, details: "The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.", id: "GHSA-hxvv-vjx9-wj2m", modified: "2022-05-13T01:28:52Z", published: "2022-05-13T01:28:52Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-1528", }, { type: "WEB", url: "https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715579", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html", }, { type: "WEB", url: "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt", }, { type: "WEB", url: "http://www.kb.cert.org/vuls/id/659251", }, { type: "WEB", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:159", }, { type: "WEB", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:160", }, { type: "WEB", url: "http://www.redhat.com/support/errata/RHSA-2011-1379.html", }, ], schema_version: "1.4.0", severity: [], }
fkie_cve-2011-1528
Vulnerability from fkie_nvd
Published
2011-10-20 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mit | kerberos_5 | 1.8 | |
| mit | kerberos_5 | 1.8.1 | |
| mit | kerberos_5 | 1.8.2 | |
| mit | kerberos_5 | 1.8.3 | |
| mit | kerberos_5 | 1.8.4 | |
| mit | kerberos_5 | 1.9 | |
| mit | kerberos_5 | 1.9.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*", matchCriteriaId: "36823B2B-5C72-4FF3-9301-FB263EB8CE09", vulnerable: true, }, { criteria: "cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*", matchCriteriaId: "59AFA33E-FEBC-45F5-9EC6-8AA363163FB5", vulnerable: true, }, { criteria: "cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*", matchCriteriaId: "04D83332-B2FD-4E86-A76C-C3F1CD3B3A31", vulnerable: true, }, { criteria: "cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*", matchCriteriaId: "758A0011-20ED-414A-9DF3-50A161DF8BC2", vulnerable: true, }, { criteria: "cpe:2.3:a:mit:kerberos_5:1.8.4:*:*:*:*:*:*:*", matchCriteriaId: "7768AED0-AE4C-4D4E-8D5D-5B618AB82966", vulnerable: true, }, { criteria: "cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*", matchCriteriaId: "86738633-C081-4440-9F75-A775D6DF2228", vulnerable: true, }, { criteria: "cpe:2.3:a:mit:kerberos_5:1.9.1:*:*:*:*:*:*:*", matchCriteriaId: "C7BCFFEE-EA7A-4F26-97AA-31128A179745", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.", }, { lang: "es", value: "La función krb5_ldap_lockout_audit en el Key Distribution Center (KDC) en MIT Kerberos 5 (también se conoce como krb5) versión 1.8 hasta 1.8.4 y versión 1.9 hasta 1.9.1, cuando se utiliza el back-end LDAP, permite a los atacantes remotos causar una denegación de servicio (fallo de aserción y salida de demonio) por medio de vectores no especificados, relacionados con la función locked_check_p. NOTA: El vector Berkeley DB está cubierto por CVE-2011-4151.", }, ], id: "CVE-2011-1528", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-10-20T21:55:00.920", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/659251", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:159", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:160", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1379.html", }, { source: "cve@mitre.org", url: "https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715579", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/659251", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:159", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:160", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1379.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715579", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
gsd-2011-1528
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.
Aliases
Aliases
{ GSD: { alias: "CVE-2011-1528", description: "The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.", id: "GSD-2011-1528", references: [ "https://www.suse.com/security/cve/CVE-2011-1528.html", "https://www.debian.org/security/2012/dsa-2379", "https://access.redhat.com/errata/RHSA-2011:1379", "https://linux.oracle.com/cve/CVE-2011-1528.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2011-1528", ], details: "The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.", id: "GSD-2011-1528", modified: "2023-12-13T01:19:07.660076Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2011-1528", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MDVSA-2011:159", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:159", }, { name: "MDVSA-2011:160", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:160", }, { name: "openSUSE-SU-2011:1169", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html", }, { name: "https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715579", refsource: "CONFIRM", url: "https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715579", }, { name: "VU#659251", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/659251", }, { name: "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt", refsource: "CONFIRM", url: "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt", }, { name: "RHSA-2011:1379", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2011-1379.html", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:mit:kerberos_5:1.8.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mit:kerberos_5:1.9.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2011-1528", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715579", refsource: "CONFIRM", tags: [], url: "https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715579", }, { name: "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt", }, { name: "MDVSA-2011:160", refsource: "MANDRIVA", tags: [], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:160", }, { name: "RHSA-2011:1379", refsource: "REDHAT", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1379.html", }, { name: "MDVSA-2011:159", refsource: "MANDRIVA", tags: [], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:159", }, { name: "openSUSE-SU-2011:1169", refsource: "SUSE", tags: [], url: "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html", }, { name: "VU#659251", refsource: "CERT-VN", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/659251", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", userInteractionRequired: false, }, }, lastModifiedDate: "2020-01-21T15:46Z", publishedDate: "2011-10-20T21:55Z", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.