Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2014-5351
Vulnerability from cvelistv5
Published
2014-10-10 01:00
Modified
2024-08-06 11:41
Severity ?
EPSS score ?
Summary
The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T11:41:49.184Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018", }, { name: "1031003", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1031003", }, { name: "FEDORA-2015-2382", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html", }, { name: "[debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html", }, { name: "openSUSE-SU-2015:0255", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://advisories.mageia.org/MGASA-2014-0477.html", }, { name: "SUSE-SU-2015:0290", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1145425", }, { name: "MDVSA-2014:224", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2014:224", }, { name: "GLSA-201412-53", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-201412-53.xml", }, { name: "USN-2498-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2498-1", }, { name: "70380", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/70380", }, { name: "kerberos-cve20145351-sec-bypass(97028)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/97028", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca", }, { name: "FEDORA-2014-11940", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-09-22T00:00:00", descriptions: [ { lang: "en", value: "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-02-02T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018", }, { name: "1031003", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1031003", }, { name: "FEDORA-2015-2382", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html", }, { name: "[debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html", }, { name: "openSUSE-SU-2015:0255", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://advisories.mageia.org/MGASA-2014-0477.html", }, { name: "SUSE-SU-2015:0290", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1145425", }, { name: "MDVSA-2014:224", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2014:224", }, { name: "GLSA-201412-53", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-201412-53.xml", }, { name: "USN-2498-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2498-1", }, { name: "70380", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/70380", }, { name: "kerberos-cve20145351-sec-bypass(97028)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/97028", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca", }, { name: "FEDORA-2014-11940", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-5351", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018", refsource: "CONFIRM", url: "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018", }, { name: "1031003", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1031003", }, { name: "FEDORA-2015-2382", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html", }, { name: "[debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html", }, { name: "openSUSE-SU-2015:0255", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html", }, { name: "http://advisories.mageia.org/MGASA-2014-0477.html", refsource: "CONFIRM", url: "http://advisories.mageia.org/MGASA-2014-0477.html", }, { name: "SUSE-SU-2015:0290", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1145425", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1145425", }, { name: "MDVSA-2014:224", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2014:224", }, { name: "GLSA-201412-53", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-201412-53.xml", }, { name: "USN-2498-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2498-1", }, { name: "70380", refsource: "BID", url: "http://www.securityfocus.com/bid/70380", }, { name: "kerberos-cve20145351-sec-bypass(97028)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/97028", }, { name: "https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca", refsource: "CONFIRM", url: "https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca", }, { name: "FEDORA-2014-11940", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-5351", datePublished: "2014-10-10T01:00:00", dateReserved: "2014-08-19T00:00:00", dateUpdated: "2024-08-06T11:41:49.184Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2014-5351\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-10-10T01:55:11.307\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.\"},{\"lang\":\"es\",\"value\":\"La función kadm5_randkey_principal_3 en lib/kadm5/srv/svr_principal.c en kadmind en MIT Kerberos 5 (también conocido como krb5) anterior a 1.13 envía claves viejas en respuesta a una solicitud -randkey -keepold, lo que permite a usuarios remotos autenticados falsificar tickets mediante el aprovechamiento del acceso administrativo.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:S/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-255\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mit:kerberos_5:1.12.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D0A28CB-173D-4676-B083-E3718213B840\"}]}]}],\"references\":[{\"url\":\"http://advisories.mageia.org/MGASA-2014-0477.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-201412-53.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2014:224\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/70380\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1031003\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2498-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1145425\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/97028\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://advisories.mageia.org/MGASA-2014-0477.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-201412-53.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2014:224\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/70380\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1031003\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2498-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1145425\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/97028\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
opensuse-su-2024:10004-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
krb5-1.15-1.1 on GA media
Notes
Title of the patch
krb5-1.15-1.1 on GA media
Description of the patch
These are all security issues fixed in the krb5-1.15-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10004
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "krb5-1.15-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the krb5-1.15-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-10004", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10004-1.json", }, { category: "self", summary: "SUSE CVE CVE-2002-2443 page", url: "https://www.suse.com/security/cve/CVE-2002-2443/", }, { category: "self", summary: "SUSE CVE CVE-2009-0844 page", url: "https://www.suse.com/security/cve/CVE-2009-0844/", }, { category: "self", summary: "SUSE CVE CVE-2009-0845 page", url: "https://www.suse.com/security/cve/CVE-2009-0845/", }, { category: "self", summary: "SUSE CVE CVE-2009-0846 page", url: "https://www.suse.com/security/cve/CVE-2009-0846/", }, { category: "self", summary: "SUSE CVE CVE-2009-0847 page", url: "https://www.suse.com/security/cve/CVE-2009-0847/", }, { category: "self", summary: "SUSE CVE CVE-2009-3295 page", url: "https://www.suse.com/security/cve/CVE-2009-3295/", }, { category: "self", summary: "SUSE CVE CVE-2009-4212 page", url: "https://www.suse.com/security/cve/CVE-2009-4212/", }, { category: "self", summary: "SUSE CVE CVE-2010-0283 page", url: "https://www.suse.com/security/cve/CVE-2010-0283/", }, { category: "self", summary: "SUSE CVE CVE-2010-0628 page", url: "https://www.suse.com/security/cve/CVE-2010-0628/", }, { category: "self", summary: "SUSE CVE CVE-2010-1320 page", url: "https://www.suse.com/security/cve/CVE-2010-1320/", }, { category: "self", summary: "SUSE CVE CVE-2010-1321 page", url: "https://www.suse.com/security/cve/CVE-2010-1321/", }, { category: "self", summary: "SUSE CVE CVE-2010-1322 page", url: "https://www.suse.com/security/cve/CVE-2010-1322/", }, { category: "self", summary: "SUSE CVE CVE-2010-1323 page", url: "https://www.suse.com/security/cve/CVE-2010-1323/", }, { category: "self", summary: "SUSE CVE CVE-2010-1324 page", url: "https://www.suse.com/security/cve/CVE-2010-1324/", }, { category: "self", summary: "SUSE CVE CVE-2010-4020 page", url: "https://www.suse.com/security/cve/CVE-2010-4020/", }, { category: "self", summary: "SUSE CVE CVE-2010-4021 page", url: "https://www.suse.com/security/cve/CVE-2010-4021/", }, { category: "self", summary: "SUSE CVE CVE-2010-4022 page", url: "https://www.suse.com/security/cve/CVE-2010-4022/", }, { category: "self", summary: "SUSE CVE CVE-2011-0281 page", url: "https://www.suse.com/security/cve/CVE-2011-0281/", }, { category: "self", summary: "SUSE CVE CVE-2011-0282 page", url: "https://www.suse.com/security/cve/CVE-2011-0282/", }, { category: "self", summary: "SUSE CVE CVE-2011-0284 page", url: "https://www.suse.com/security/cve/CVE-2011-0284/", }, { category: "self", summary: "SUSE CVE CVE-2011-0285 page", url: "https://www.suse.com/security/cve/CVE-2011-0285/", }, { category: "self", summary: "SUSE CVE CVE-2011-1527 page", url: "https://www.suse.com/security/cve/CVE-2011-1527/", }, { category: "self", summary: "SUSE CVE CVE-2011-1528 page", url: "https://www.suse.com/security/cve/CVE-2011-1528/", }, { category: "self", summary: "SUSE CVE CVE-2011-1529 page", url: "https://www.suse.com/security/cve/CVE-2011-1529/", }, { category: "self", summary: "SUSE CVE CVE-2011-1530 page", url: "https://www.suse.com/security/cve/CVE-2011-1530/", }, { category: "self", summary: "SUSE CVE CVE-2012-1012 page", url: "https://www.suse.com/security/cve/CVE-2012-1012/", }, { category: "self", summary: "SUSE CVE CVE-2012-1013 page", url: "https://www.suse.com/security/cve/CVE-2012-1013/", }, { category: "self", summary: "SUSE CVE CVE-2012-1016 page", url: "https://www.suse.com/security/cve/CVE-2012-1016/", }, { category: "self", summary: "SUSE CVE CVE-2013-1415 page", url: "https://www.suse.com/security/cve/CVE-2013-1415/", }, { category: "self", summary: "SUSE CVE CVE-2013-1417 page", url: "https://www.suse.com/security/cve/CVE-2013-1417/", }, { category: "self", summary: "SUSE CVE CVE-2013-1418 page", url: "https://www.suse.com/security/cve/CVE-2013-1418/", }, { category: "self", summary: "SUSE CVE CVE-2014-4341 page", url: "https://www.suse.com/security/cve/CVE-2014-4341/", }, { category: "self", summary: "SUSE CVE CVE-2014-4342 page", url: "https://www.suse.com/security/cve/CVE-2014-4342/", }, { category: "self", summary: "SUSE CVE CVE-2014-4343 page", url: "https://www.suse.com/security/cve/CVE-2014-4343/", }, { category: "self", summary: "SUSE CVE CVE-2014-4344 page", url: "https://www.suse.com/security/cve/CVE-2014-4344/", }, { category: "self", summary: "SUSE CVE CVE-2014-4345 page", url: "https://www.suse.com/security/cve/CVE-2014-4345/", }, { category: "self", summary: "SUSE CVE CVE-2014-5351 page", url: "https://www.suse.com/security/cve/CVE-2014-5351/", }, { category: "self", summary: "SUSE CVE CVE-2014-5352 page", url: "https://www.suse.com/security/cve/CVE-2014-5352/", }, { category: "self", summary: "SUSE CVE CVE-2014-5353 page", url: "https://www.suse.com/security/cve/CVE-2014-5353/", }, { category: "self", summary: "SUSE CVE CVE-2014-5354 page", url: "https://www.suse.com/security/cve/CVE-2014-5354/", }, { category: "self", summary: "SUSE CVE CVE-2014-5355 page", url: "https://www.suse.com/security/cve/CVE-2014-5355/", }, { category: "self", summary: "SUSE CVE CVE-2014-9421 page", url: "https://www.suse.com/security/cve/CVE-2014-9421/", }, { category: "self", summary: "SUSE CVE CVE-2014-9422 page", url: "https://www.suse.com/security/cve/CVE-2014-9422/", }, { category: "self", summary: "SUSE CVE CVE-2014-9423 page", url: "https://www.suse.com/security/cve/CVE-2014-9423/", }, { category: "self", summary: "SUSE CVE CVE-2015-2694 page", url: "https://www.suse.com/security/cve/CVE-2015-2694/", }, { category: "self", summary: "SUSE CVE CVE-2015-2695 page", url: "https://www.suse.com/security/cve/CVE-2015-2695/", }, { category: "self", summary: "SUSE CVE CVE-2015-2696 page", url: "https://www.suse.com/security/cve/CVE-2015-2696/", }, { category: "self", summary: "SUSE CVE CVE-2015-2697 page", url: "https://www.suse.com/security/cve/CVE-2015-2697/", }, { category: "self", summary: "SUSE CVE CVE-2015-2698 page", url: "https://www.suse.com/security/cve/CVE-2015-2698/", }, { category: "self", summary: "SUSE CVE CVE-2015-8629 page", url: "https://www.suse.com/security/cve/CVE-2015-8629/", }, { category: "self", summary: "SUSE CVE CVE-2015-8630 page", url: "https://www.suse.com/security/cve/CVE-2015-8630/", }, { category: "self", summary: "SUSE CVE CVE-2015-8631 page", url: "https://www.suse.com/security/cve/CVE-2015-8631/", }, { category: "self", summary: "SUSE CVE CVE-2016-3119 page", url: "https://www.suse.com/security/cve/CVE-2016-3119/", }, { category: "self", summary: "SUSE CVE CVE-2016-3120 page", url: "https://www.suse.com/security/cve/CVE-2016-3120/", }, ], title: "krb5-1.15-1.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:10004-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "krb5-1.15-1.1.aarch64", product: { name: "krb5-1.15-1.1.aarch64", product_id: "krb5-1.15-1.1.aarch64", }, }, { category: "product_version", name: "krb5-32bit-1.15-1.1.aarch64", product: { name: "krb5-32bit-1.15-1.1.aarch64", product_id: "krb5-32bit-1.15-1.1.aarch64", }, }, { category: "product_version", name: "krb5-client-1.15-1.1.aarch64", product: { name: "krb5-client-1.15-1.1.aarch64", product_id: "krb5-client-1.15-1.1.aarch64", }, }, { category: "product_version", name: "krb5-devel-1.15-1.1.aarch64", product: { name: "krb5-devel-1.15-1.1.aarch64", product_id: "krb5-devel-1.15-1.1.aarch64", }, }, { category: "product_version", name: "krb5-devel-32bit-1.15-1.1.aarch64", product: { name: "krb5-devel-32bit-1.15-1.1.aarch64", product_id: "krb5-devel-32bit-1.15-1.1.aarch64", }, }, { category: "product_version", name: "krb5-doc-1.15-1.1.aarch64", product: { name: "krb5-doc-1.15-1.1.aarch64", product_id: "krb5-doc-1.15-1.1.aarch64", }, }, { category: "product_version", name: "krb5-mini-1.15-1.1.aarch64", product: { name: "krb5-mini-1.15-1.1.aarch64", product_id: "krb5-mini-1.15-1.1.aarch64", }, }, { category: "product_version", name: "krb5-mini-devel-1.15-1.1.aarch64", product: { name: "krb5-mini-devel-1.15-1.1.aarch64", product_id: "krb5-mini-devel-1.15-1.1.aarch64", }, }, { category: "product_version", name: "krb5-plugin-kdb-ldap-1.15-1.1.aarch64", product: { name: "krb5-plugin-kdb-ldap-1.15-1.1.aarch64", product_id: "krb5-plugin-kdb-ldap-1.15-1.1.aarch64", }, }, { category: "product_version", name: "krb5-plugin-preauth-otp-1.15-1.1.aarch64", product: { name: "krb5-plugin-preauth-otp-1.15-1.1.aarch64", product_id: "krb5-plugin-preauth-otp-1.15-1.1.aarch64", }, }, { category: "product_version", name: "krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", product: { name: "krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", product_id: "krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", }, }, { category: "product_version", name: "krb5-server-1.15-1.1.aarch64", product: { name: "krb5-server-1.15-1.1.aarch64", product_id: "krb5-server-1.15-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "krb5-1.15-1.1.ppc64le", product: { name: "krb5-1.15-1.1.ppc64le", product_id: "krb5-1.15-1.1.ppc64le", }, }, { category: "product_version", name: "krb5-32bit-1.15-1.1.ppc64le", product: { name: "krb5-32bit-1.15-1.1.ppc64le", product_id: "krb5-32bit-1.15-1.1.ppc64le", }, }, { category: "product_version", name: "krb5-client-1.15-1.1.ppc64le", product: { name: "krb5-client-1.15-1.1.ppc64le", product_id: "krb5-client-1.15-1.1.ppc64le", }, }, { category: "product_version", name: "krb5-devel-1.15-1.1.ppc64le", product: { name: "krb5-devel-1.15-1.1.ppc64le", product_id: "krb5-devel-1.15-1.1.ppc64le", }, }, { category: "product_version", name: "krb5-devel-32bit-1.15-1.1.ppc64le", product: { name: "krb5-devel-32bit-1.15-1.1.ppc64le", product_id: "krb5-devel-32bit-1.15-1.1.ppc64le", }, }, { category: "product_version", name: "krb5-doc-1.15-1.1.ppc64le", product: { name: "krb5-doc-1.15-1.1.ppc64le", product_id: "krb5-doc-1.15-1.1.ppc64le", }, }, { category: "product_version", name: "krb5-mini-1.15-1.1.ppc64le", product: { name: "krb5-mini-1.15-1.1.ppc64le", product_id: "krb5-mini-1.15-1.1.ppc64le", }, }, { category: "product_version", name: "krb5-mini-devel-1.15-1.1.ppc64le", product: { name: "krb5-mini-devel-1.15-1.1.ppc64le", product_id: "krb5-mini-devel-1.15-1.1.ppc64le", }, }, { category: "product_version", name: "krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", product: { name: "krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", product_id: "krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", }, }, { category: "product_version", name: "krb5-plugin-preauth-otp-1.15-1.1.ppc64le", product: { name: "krb5-plugin-preauth-otp-1.15-1.1.ppc64le", product_id: "krb5-plugin-preauth-otp-1.15-1.1.ppc64le", }, }, { category: "product_version", name: "krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", product: { name: "krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", product_id: "krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", }, }, { category: "product_version", name: "krb5-server-1.15-1.1.ppc64le", product: { name: "krb5-server-1.15-1.1.ppc64le", product_id: "krb5-server-1.15-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "krb5-1.15-1.1.s390x", product: { name: "krb5-1.15-1.1.s390x", product_id: "krb5-1.15-1.1.s390x", }, }, { category: "product_version", name: "krb5-32bit-1.15-1.1.s390x", product: { name: "krb5-32bit-1.15-1.1.s390x", product_id: "krb5-32bit-1.15-1.1.s390x", }, }, { category: "product_version", name: "krb5-client-1.15-1.1.s390x", product: { name: "krb5-client-1.15-1.1.s390x", product_id: "krb5-client-1.15-1.1.s390x", }, }, { category: "product_version", name: "krb5-devel-1.15-1.1.s390x", product: { name: "krb5-devel-1.15-1.1.s390x", product_id: "krb5-devel-1.15-1.1.s390x", }, }, { category: "product_version", name: "krb5-devel-32bit-1.15-1.1.s390x", product: { name: "krb5-devel-32bit-1.15-1.1.s390x", product_id: "krb5-devel-32bit-1.15-1.1.s390x", }, }, { category: "product_version", name: "krb5-doc-1.15-1.1.s390x", product: { name: "krb5-doc-1.15-1.1.s390x", product_id: "krb5-doc-1.15-1.1.s390x", }, }, { category: "product_version", name: "krb5-mini-1.15-1.1.s390x", product: { name: "krb5-mini-1.15-1.1.s390x", product_id: "krb5-mini-1.15-1.1.s390x", }, }, { category: "product_version", name: "krb5-mini-devel-1.15-1.1.s390x", product: { name: "krb5-mini-devel-1.15-1.1.s390x", product_id: "krb5-mini-devel-1.15-1.1.s390x", }, }, { category: "product_version", name: "krb5-plugin-kdb-ldap-1.15-1.1.s390x", product: { name: "krb5-plugin-kdb-ldap-1.15-1.1.s390x", product_id: "krb5-plugin-kdb-ldap-1.15-1.1.s390x", }, }, { category: "product_version", name: "krb5-plugin-preauth-otp-1.15-1.1.s390x", product: { name: "krb5-plugin-preauth-otp-1.15-1.1.s390x", product_id: "krb5-plugin-preauth-otp-1.15-1.1.s390x", }, }, { category: "product_version", name: "krb5-plugin-preauth-pkinit-1.15-1.1.s390x", product: { name: "krb5-plugin-preauth-pkinit-1.15-1.1.s390x", product_id: "krb5-plugin-preauth-pkinit-1.15-1.1.s390x", }, }, { category: "product_version", name: "krb5-server-1.15-1.1.s390x", product: { name: "krb5-server-1.15-1.1.s390x", product_id: "krb5-server-1.15-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "krb5-1.15-1.1.x86_64", product: { name: "krb5-1.15-1.1.x86_64", product_id: "krb5-1.15-1.1.x86_64", }, }, { category: "product_version", name: "krb5-32bit-1.15-1.1.x86_64", product: { name: "krb5-32bit-1.15-1.1.x86_64", product_id: "krb5-32bit-1.15-1.1.x86_64", }, }, { category: "product_version", name: "krb5-client-1.15-1.1.x86_64", product: { name: "krb5-client-1.15-1.1.x86_64", product_id: "krb5-client-1.15-1.1.x86_64", }, }, { category: "product_version", name: "krb5-devel-1.15-1.1.x86_64", product: { name: "krb5-devel-1.15-1.1.x86_64", product_id: "krb5-devel-1.15-1.1.x86_64", }, }, { category: "product_version", name: "krb5-devel-32bit-1.15-1.1.x86_64", product: { name: "krb5-devel-32bit-1.15-1.1.x86_64", product_id: "krb5-devel-32bit-1.15-1.1.x86_64", }, }, { category: "product_version", name: "krb5-doc-1.15-1.1.x86_64", product: { name: "krb5-doc-1.15-1.1.x86_64", product_id: "krb5-doc-1.15-1.1.x86_64", }, }, { category: "product_version", name: "krb5-mini-1.15-1.1.x86_64", product: { name: "krb5-mini-1.15-1.1.x86_64", product_id: "krb5-mini-1.15-1.1.x86_64", }, }, { category: "product_version", name: "krb5-mini-devel-1.15-1.1.x86_64", product: { name: "krb5-mini-devel-1.15-1.1.x86_64", product_id: "krb5-mini-devel-1.15-1.1.x86_64", }, }, { category: "product_version", name: "krb5-plugin-kdb-ldap-1.15-1.1.x86_64", product: { name: "krb5-plugin-kdb-ldap-1.15-1.1.x86_64", product_id: "krb5-plugin-kdb-ldap-1.15-1.1.x86_64", }, }, { category: "product_version", name: "krb5-plugin-preauth-otp-1.15-1.1.x86_64", product: { name: "krb5-plugin-preauth-otp-1.15-1.1.x86_64", product_id: "krb5-plugin-preauth-otp-1.15-1.1.x86_64", }, }, { category: "product_version", name: "krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", product: { name: "krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", product_id: "krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", }, }, { category: "product_version", name: "krb5-server-1.15-1.1.x86_64", product: { name: "krb5-server-1.15-1.1.x86_64", product_id: "krb5-server-1.15-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "krb5-1.15-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", }, product_reference: "krb5-1.15-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-1.15-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", }, product_reference: "krb5-1.15-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-1.15-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", }, product_reference: "krb5-1.15-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-1.15-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", }, product_reference: "krb5-1.15-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-32bit-1.15-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", }, product_reference: "krb5-32bit-1.15-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-32bit-1.15-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", }, product_reference: "krb5-32bit-1.15-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-32bit-1.15-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", }, product_reference: "krb5-32bit-1.15-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-32bit-1.15-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", }, product_reference: "krb5-32bit-1.15-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-client-1.15-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", }, product_reference: "krb5-client-1.15-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-client-1.15-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", }, product_reference: "krb5-client-1.15-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-client-1.15-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", }, product_reference: "krb5-client-1.15-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-client-1.15-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", }, product_reference: "krb5-client-1.15-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-1.15-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", }, product_reference: "krb5-devel-1.15-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-1.15-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", }, product_reference: "krb5-devel-1.15-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-1.15-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", }, product_reference: "krb5-devel-1.15-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-1.15-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", }, product_reference: "krb5-devel-1.15-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-32bit-1.15-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", }, product_reference: "krb5-devel-32bit-1.15-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-32bit-1.15-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", }, product_reference: "krb5-devel-32bit-1.15-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-32bit-1.15-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", }, product_reference: "krb5-devel-32bit-1.15-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-32bit-1.15-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", }, product_reference: "krb5-devel-32bit-1.15-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-doc-1.15-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", }, product_reference: "krb5-doc-1.15-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-doc-1.15-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", }, product_reference: "krb5-doc-1.15-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-doc-1.15-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", }, product_reference: "krb5-doc-1.15-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-doc-1.15-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", }, product_reference: "krb5-doc-1.15-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-mini-1.15-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", }, product_reference: "krb5-mini-1.15-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-mini-1.15-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", }, product_reference: "krb5-mini-1.15-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-mini-1.15-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", }, product_reference: "krb5-mini-1.15-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-mini-1.15-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", }, product_reference: "krb5-mini-1.15-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-mini-devel-1.15-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", }, product_reference: "krb5-mini-devel-1.15-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-mini-devel-1.15-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", }, product_reference: "krb5-mini-devel-1.15-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-mini-devel-1.15-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", }, product_reference: "krb5-mini-devel-1.15-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-mini-devel-1.15-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", }, product_reference: "krb5-mini-devel-1.15-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-kdb-ldap-1.15-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", }, product_reference: "krb5-plugin-kdb-ldap-1.15-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-kdb-ldap-1.15-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", }, product_reference: "krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-kdb-ldap-1.15-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", }, product_reference: "krb5-plugin-kdb-ldap-1.15-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-kdb-ldap-1.15-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", }, product_reference: "krb5-plugin-kdb-ldap-1.15-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-otp-1.15-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", }, product_reference: "krb5-plugin-preauth-otp-1.15-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-otp-1.15-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", }, product_reference: "krb5-plugin-preauth-otp-1.15-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-otp-1.15-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", }, product_reference: "krb5-plugin-preauth-otp-1.15-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-otp-1.15-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", }, product_reference: "krb5-plugin-preauth-otp-1.15-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-pkinit-1.15-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", }, product_reference: "krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", }, product_reference: "krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-pkinit-1.15-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", }, product_reference: "krb5-plugin-preauth-pkinit-1.15-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-pkinit-1.15-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", }, product_reference: "krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-server-1.15-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", }, product_reference: "krb5-server-1.15-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-server-1.15-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", }, product_reference: "krb5-server-1.15-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-server-1.15-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", }, product_reference: "krb5-server-1.15-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "krb5-server-1.15-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", }, product_reference: "krb5-server-1.15-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2002-2443", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2002-2443", }, ], notes: [ { category: "general", text: "schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2002-2443", url: "https://www.suse.com/security/cve/CVE-2002-2443", }, { category: "external", summary: "SUSE Bug 825985 for CVE-2002-2443", url: "https://bugzilla.suse.com/825985", }, { category: "external", summary: "SUSE Bug 871411 for CVE-2002-2443", url: "https://bugzilla.suse.com/871411", }, { category: "external", summary: "SUSE Bug 887734 for CVE-2002-2443", url: "https://bugzilla.suse.com/887734", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2002-2443", }, { cve: "CVE-2009-0844", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-0844", }, ], notes: [ { category: "general", text: "The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-0844", url: "https://www.suse.com/security/cve/CVE-2009-0844", }, { category: "external", summary: "SUSE Bug 486722 for CVE-2009-0844", url: "https://bugzilla.suse.com/486722", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2009-0844", }, { cve: "CVE-2009-0845", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-0845", }, ], notes: [ { category: "general", text: "The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-0845", url: "https://www.suse.com/security/cve/CVE-2009-0845", }, { category: "external", summary: "SUSE Bug 485894 for CVE-2009-0845", url: "https://bugzilla.suse.com/485894", }, { category: "external", summary: "SUSE Bug 486722 for CVE-2009-0845", url: "https://bugzilla.suse.com/486722", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2009-0845", }, { cve: "CVE-2009-0846", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-0846", }, ], notes: [ { category: "general", text: "The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-0846", url: "https://www.suse.com/security/cve/CVE-2009-0846", }, { category: "external", summary: "SUSE Bug 486723 for CVE-2009-0846", url: "https://bugzilla.suse.com/486723", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2009-0846", }, { cve: "CVE-2009-0847", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-0847", }, ], notes: [ { category: "general", text: "The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-0847", url: "https://www.suse.com/security/cve/CVE-2009-0847", }, { category: "external", summary: "SUSE Bug 486722 for CVE-2009-0847", url: "https://bugzilla.suse.com/486722", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2009-0847", }, { cve: "CVE-2009-3295", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-3295", }, ], notes: [ { category: "general", text: "The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-3295", url: "https://www.suse.com/security/cve/CVE-2009-3295", }, { category: "external", summary: "SUSE Bug 561347 for CVE-2009-3295", url: "https://bugzilla.suse.com/561347", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2009-3295", }, { cve: "CVE-2009-4212", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-4212", }, ], notes: [ { category: "general", text: "Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-4212", url: "https://www.suse.com/security/cve/CVE-2009-4212", }, { category: "external", summary: "SUSE Bug 561351 for CVE-2009-4212", url: "https://bugzilla.suse.com/561351", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2009-4212", }, { cve: "CVE-2010-0283", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-0283", }, ], notes: [ { category: "general", text: "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-0283", url: "https://www.suse.com/security/cve/CVE-2010-0283", }, { category: "external", summary: "SUSE Bug 571781 for CVE-2010-0283", url: "https://bugzilla.suse.com/571781", }, { category: "external", summary: "SUSE Bug 576524 for CVE-2010-0283", url: "https://bugzilla.suse.com/576524", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2010-0283", }, { cve: "CVE-2010-0628", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-0628", }, ], notes: [ { category: "general", text: "The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-0628", url: "https://www.suse.com/security/cve/CVE-2010-0628", }, { category: "external", summary: "SUSE Bug 582557 for CVE-2010-0628", url: "https://bugzilla.suse.com/582557", }, { category: "external", summary: "SUSE Bug 586981 for CVE-2010-0628", url: "https://bugzilla.suse.com/586981", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2010-0628", }, { cve: "CVE-2010-1320", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-1320", }, ], notes: [ { category: "general", text: "Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-1320", url: "https://www.suse.com/security/cve/CVE-2010-1320", }, { category: "external", summary: "SUSE Bug 596002 for CVE-2010-1320", url: "https://bugzilla.suse.com/596002", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2010-1320", }, { cve: "CVE-2010-1321", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-1321", }, ], notes: [ { category: "general", text: "The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-1321", url: "https://www.suse.com/security/cve/CVE-2010-1321", }, { category: "external", summary: "SUSE Bug 596826 for CVE-2010-1321", url: "https://bugzilla.suse.com/596826", }, { category: "external", summary: "SUSE Bug 611090 for CVE-2010-1321", url: "https://bugzilla.suse.com/611090", }, { category: "external", summary: "SUSE Bug 646073 for CVE-2010-1321", url: "https://bugzilla.suse.com/646073", }, { category: "external", summary: "SUSE Bug 648950 for CVE-2010-1321", url: "https://bugzilla.suse.com/648950", }, { category: "external", summary: "SUSE Bug 658525 for CVE-2010-1321", url: "https://bugzilla.suse.com/658525", }, { category: "external", summary: "SUSE Bug 659926 for CVE-2010-1321", url: "https://bugzilla.suse.com/659926", }, { category: "external", summary: "SUSE Bug 663953 for CVE-2010-1321", url: "https://bugzilla.suse.com/663953", }, { category: "external", summary: "SUSE Bug 679560 for CVE-2010-1321", url: "https://bugzilla.suse.com/679560", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2010-1321", }, { cve: "CVE-2010-1322", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-1322", }, ], notes: [ { category: "general", text: "The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-1322", url: "https://www.suse.com/security/cve/CVE-2010-1322", }, { category: "external", summary: "SUSE Bug 640990 for CVE-2010-1322", url: "https://bugzilla.suse.com/640990", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2010-1322", }, { cve: "CVE-2010-1323", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-1323", }, ], notes: [ { category: "general", text: "MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-1323", url: "https://www.suse.com/security/cve/CVE-2010-1323", }, { category: "external", summary: "SUSE Bug 650650 for CVE-2010-1323", url: "https://bugzilla.suse.com/650650", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2010-1323", }, { cve: "CVE-2010-1324", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-1324", }, ], notes: [ { category: "general", text: "MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-1324", url: "https://www.suse.com/security/cve/CVE-2010-1324", }, { category: "external", summary: "SUSE Bug 650650 for CVE-2010-1324", url: "https://bugzilla.suse.com/650650", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2010-1324", }, { cve: "CVE-2010-4020", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-4020", }, ], notes: [ { category: "general", text: "MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-4020", url: "https://www.suse.com/security/cve/CVE-2010-4020", }, { category: "external", summary: "SUSE Bug 650650 for CVE-2010-4020", url: "https://bugzilla.suse.com/650650", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2010-4020", }, { cve: "CVE-2010-4021", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-4021", }, ], notes: [ { category: "general", text: "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a \"KrbFastReq forgery issue.\"", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-4021", url: "https://www.suse.com/security/cve/CVE-2010-4021", }, { category: "external", summary: "SUSE Bug 650650 for CVE-2010-4021", url: "https://bugzilla.suse.com/650650", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2010-4021", }, { cve: "CVE-2010-4022", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-4022", }, ], notes: [ { category: "general", text: "The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process \"exits abnormally,\" which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-4022", url: "https://www.suse.com/security/cve/CVE-2010-4022", }, { category: "external", summary: "SUSE Bug 662665 for CVE-2010-4022", url: "https://bugzilla.suse.com/662665", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2010-4022", }, { cve: "CVE-2011-0281", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2011-0281", }, ], notes: [ { category: "general", text: "The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \\n sequence.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2011-0281", url: "https://www.suse.com/security/cve/CVE-2011-0281", }, { category: "external", summary: "SUSE Bug 663619 for CVE-2011-0281", url: "https://bugzilla.suse.com/663619", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2011-0281", }, { cve: "CVE-2011-0282", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2011-0282", }, ], notes: [ { category: "general", text: "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2011-0282", url: "https://www.suse.com/security/cve/CVE-2011-0282", }, { category: "external", summary: "SUSE Bug 663619 for CVE-2011-0282", url: "https://bugzilla.suse.com/663619", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2011-0282", }, { cve: "CVE-2011-0284", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2011-0284", }, ], notes: [ { category: "general", text: "Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2011-0284", url: "https://www.suse.com/security/cve/CVE-2011-0284", }, { category: "external", summary: "SUSE Bug 671717 for CVE-2011-0284", url: "https://bugzilla.suse.com/671717", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2011-0284", }, { cve: "CVE-2011-0285", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2011-0285", }, ], notes: [ { category: "general", text: "The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2011-0285", url: "https://www.suse.com/security/cve/CVE-2011-0285", }, { category: "external", summary: "SUSE Bug 687469 for CVE-2011-0285", url: "https://bugzilla.suse.com/687469", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2011-0285", }, { cve: "CVE-2011-1527", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2011-1527", }, ], notes: [ { category: "general", text: "The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2011-1527", url: "https://www.suse.com/security/cve/CVE-2011-1527", }, { category: "external", summary: "SUSE Bug 719393 for CVE-2011-1527", url: "https://bugzilla.suse.com/719393", }, { category: "external", summary: "SUSE Bug 743742 for CVE-2011-1527", url: "https://bugzilla.suse.com/743742", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2011-1527", }, { cve: "CVE-2011-1528", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2011-1528", }, ], notes: [ { category: "general", text: "The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2011-1528", url: "https://www.suse.com/security/cve/CVE-2011-1528", }, { category: "external", summary: "SUSE Bug 719393 for CVE-2011-1528", url: "https://bugzilla.suse.com/719393", }, { category: "external", summary: "SUSE Bug 743742 for CVE-2011-1528", url: "https://bugzilla.suse.com/743742", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2011-1528", }, { cve: "CVE-2011-1529", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2011-1529", }, ], notes: [ { category: "general", text: "The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2011-1529", url: "https://www.suse.com/security/cve/CVE-2011-1529", }, { category: "external", summary: "SUSE Bug 719393 for CVE-2011-1529", url: "https://bugzilla.suse.com/719393", }, { category: "external", summary: "SUSE Bug 743742 for CVE-2011-1529", url: "https://bugzilla.suse.com/743742", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2011-1529", }, { cve: "CVE-2011-1530", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2011-1530", }, ], notes: [ { category: "general", text: "The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2011-1530", url: "https://www.suse.com/security/cve/CVE-2011-1530", }, { category: "external", summary: "SUSE Bug 730393 for CVE-2011-1530", url: "https://bugzilla.suse.com/730393", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2011-1530", }, { cve: "CVE-2012-1012", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-1012", }, ], notes: [ { category: "general", text: "server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-1012", url: "https://www.suse.com/security/cve/CVE-2012-1012", }, { category: "external", summary: "SUSE Bug 766109 for CVE-2012-1012", url: "https://bugzilla.suse.com/766109", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2012-1012", }, { cve: "CVE-2012-1013", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-1013", }, ], notes: [ { category: "general", text: "The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-1013", url: "https://www.suse.com/security/cve/CVE-2012-1013", }, { category: "external", summary: "SUSE Bug 765485 for CVE-2012-1013", url: "https://bugzilla.suse.com/765485", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2012-1013", }, { cve: "CVE-2012-1016", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-1016", }, ], notes: [ { category: "general", text: "The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-1016", url: "https://www.suse.com/security/cve/CVE-2012-1016", }, { category: "external", summary: "SUSE Bug 807556 for CVE-2012-1016", url: "https://bugzilla.suse.com/807556", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2012-1016", }, { cve: "CVE-2013-1415", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-1415", }, ], notes: [ { category: "general", text: "The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-1415", url: "https://www.suse.com/security/cve/CVE-2013-1415", }, { category: "external", summary: "SUSE Bug 806715 for CVE-2013-1415", url: "https://bugzilla.suse.com/806715", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2013-1415", }, { cve: "CVE-2013-1417", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-1417", }, ], notes: [ { category: "general", text: "do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-1417", url: "https://www.suse.com/security/cve/CVE-2013-1417", }, { category: "external", summary: "SUSE Bug 850660 for CVE-2013-1417", url: "https://bugzilla.suse.com/850660", }, { category: "external", summary: "SUSE Bug 879587 for CVE-2013-1417", url: "https://bugzilla.suse.com/879587", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2013-1417", }, { cve: "CVE-2013-1418", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-1418", }, ], notes: [ { category: "general", text: "The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-1418", url: "https://www.suse.com/security/cve/CVE-2013-1418", }, { category: "external", summary: "SUSE Bug 849240 for CVE-2013-1418", url: "https://bugzilla.suse.com/849240", }, { category: "external", summary: "SUSE Bug 866059 for CVE-2013-1418", url: "https://bugzilla.suse.com/866059", }, { category: "external", summary: "SUSE Bug 879587 for CVE-2013-1418", url: "https://bugzilla.suse.com/879587", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2013-1418", }, { cve: "CVE-2014-4341", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-4341", }, ], notes: [ { category: "general", text: "MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-4341", url: "https://www.suse.com/security/cve/CVE-2014-4341", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2014-4341", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 886016 for CVE-2014-4341", url: "https://bugzilla.suse.com/886016", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-4341", }, { cve: "CVE-2014-4342", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-4342", }, ], notes: [ { category: "general", text: "MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-4342", url: "https://www.suse.com/security/cve/CVE-2014-4342", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2014-4342", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 886016 for CVE-2014-4342", url: "https://bugzilla.suse.com/886016", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-4342", }, { cve: "CVE-2014-4343", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-4343", }, ], notes: [ { category: "general", text: "Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-4343", url: "https://www.suse.com/security/cve/CVE-2014-4343", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2014-4343", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 888697 for CVE-2014-4343", url: "https://bugzilla.suse.com/888697", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2014-4343", }, { cve: "CVE-2014-4344", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-4344", }, ], notes: [ { category: "general", text: "The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-4344", url: "https://www.suse.com/security/cve/CVE-2014-4344", }, { category: "external", summary: "SUSE Bug 888697 for CVE-2014-4344", url: "https://bugzilla.suse.com/888697", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2014-4344", }, { cve: "CVE-2014-4345", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-4345", }, ], notes: [ { category: "general", text: "Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of \"cpw -keepold\" commands.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-4345", url: "https://www.suse.com/security/cve/CVE-2014-4345", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2014-4345", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 891082 for CVE-2014-4345", url: "https://bugzilla.suse.com/891082", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-4345", }, { cve: "CVE-2014-5351", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-5351", }, ], notes: [ { category: "general", text: "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-5351", url: "https://www.suse.com/security/cve/CVE-2014-5351", }, { category: "external", summary: "SUSE Bug 897874 for CVE-2014-5351", url: "https://bugzilla.suse.com/897874", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-5351", }, { cve: "CVE-2014-5352", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-5352", }, ], notes: [ { category: "general", text: "The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-5352", url: "https://www.suse.com/security/cve/CVE-2014-5352", }, { category: "external", summary: "SUSE Bug 1005509 for CVE-2014-5352", url: "https://bugzilla.suse.com/1005509", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2014-5352", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 912002 for CVE-2014-5352", url: "https://bugzilla.suse.com/912002", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-5352", }, { cve: "CVE-2014-5353", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-5353", }, ], notes: [ { category: "general", text: "The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-5353", url: "https://www.suse.com/security/cve/CVE-2014-5353", }, { category: "external", summary: "SUSE Bug 910457 for CVE-2014-5353", url: "https://bugzilla.suse.com/910457", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2014-5353", }, { cve: "CVE-2014-5354", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-5354", }, ], notes: [ { category: "general", text: "plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin \"add_principal -nokey\" or \"purgekeys -all\" command.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-5354", url: "https://www.suse.com/security/cve/CVE-2014-5354", }, { category: "external", summary: "SUSE Bug 910458 for CVE-2014-5354", url: "https://bugzilla.suse.com/910458", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2014-5354", }, { cve: "CVE-2014-5355", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-5355", }, ], notes: [ { category: "general", text: "MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-5355", url: "https://www.suse.com/security/cve/CVE-2014-5355", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2014-5355", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 918595 for CVE-2014-5355", url: "https://bugzilla.suse.com/918595", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-5355", }, { cve: "CVE-2014-9421", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-9421", }, ], notes: [ { category: "general", text: "The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-9421", url: "https://www.suse.com/security/cve/CVE-2014-9421", }, { category: "external", summary: "SUSE Bug 1005509 for CVE-2014-9421", url: "https://bugzilla.suse.com/1005509", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2014-9421", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 912002 for CVE-2014-9421", url: "https://bugzilla.suse.com/912002", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-9421", }, { cve: "CVE-2014-9422", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-9422", }, ], notes: [ { category: "general", text: "The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial \"kadmind\" substring, as demonstrated by a \"ka/x\" principal.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-9422", url: "https://www.suse.com/security/cve/CVE-2014-9422", }, { category: "external", summary: "SUSE Bug 1005509 for CVE-2014-9422", url: "https://bugzilla.suse.com/1005509", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2014-9422", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 912002 for CVE-2014-9422", url: "https://bugzilla.suse.com/912002", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-9422", }, { cve: "CVE-2014-9423", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-9423", }, ], notes: [ { category: "general", text: "The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-9423", url: "https://www.suse.com/security/cve/CVE-2014-9423", }, { category: "external", summary: "SUSE Bug 1005509 for CVE-2014-9423", url: "https://bugzilla.suse.com/1005509", }, { category: "external", summary: "SUSE Bug 912002 for CVE-2014-9423", url: "https://bugzilla.suse.com/912002", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-9423", }, { cve: "CVE-2015-2694", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-2694", }, ], notes: [ { category: "general", text: "The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-2694", url: "https://www.suse.com/security/cve/CVE-2015-2694", }, { category: "external", summary: "SUSE Bug 928978 for CVE-2015-2694", url: "https://bugzilla.suse.com/928978", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-2694", }, { cve: "CVE-2015-2695", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-2695", }, ], notes: [ { category: "general", text: "lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-2695", url: "https://www.suse.com/security/cve/CVE-2015-2695", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2015-2695", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 952188 for CVE-2015-2695", url: "https://bugzilla.suse.com/952188", }, { category: "external", summary: "SUSE Bug 969771 for CVE-2015-2695", url: "https://bugzilla.suse.com/969771", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-2695", }, { cve: "CVE-2015-2696", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-2696", }, ], notes: [ { category: "general", text: "lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-2696", url: "https://www.suse.com/security/cve/CVE-2015-2696", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2015-2696", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 952189 for CVE-2015-2696", url: "https://bugzilla.suse.com/952189", }, { category: "external", summary: "SUSE Bug 954204 for CVE-2015-2696", url: "https://bugzilla.suse.com/954204", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-2696", }, { cve: "CVE-2015-2697", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-2697", }, ], notes: [ { category: "general", text: "The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\\0' character in a long realm field within a TGS request.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-2697", url: "https://www.suse.com/security/cve/CVE-2015-2697", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2015-2697", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 952190 for CVE-2015-2697", url: "https://bugzilla.suse.com/952190", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-2697", }, { cve: "CVE-2015-2698", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-2698", }, ], notes: [ { category: "general", text: "The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-2698", url: "https://www.suse.com/security/cve/CVE-2015-2698", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2015-2698", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 954204 for CVE-2015-2698", url: "https://bugzilla.suse.com/954204", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-2698", }, { cve: "CVE-2015-8629", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8629", }, ], notes: [ { category: "general", text: "The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8629", url: "https://www.suse.com/security/cve/CVE-2015-8629", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2015-8629", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 963968 for CVE-2015-8629", url: "https://bugzilla.suse.com/963968", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-8629", }, { cve: "CVE-2015-8630", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8630", }, ], notes: [ { category: "general", text: "The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8630", url: "https://www.suse.com/security/cve/CVE-2015-8630", }, { category: "external", summary: "SUSE Bug 963964 for CVE-2015-8630", url: "https://bugzilla.suse.com/963964", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-8630", }, { cve: "CVE-2015-8631", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8631", }, ], notes: [ { category: "general", text: "Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8631", url: "https://www.suse.com/security/cve/CVE-2015-8631", }, { category: "external", summary: "SUSE Bug 963975 for CVE-2015-8631", url: "https://bugzilla.suse.com/963975", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8631", }, { cve: "CVE-2016-3119", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-3119", }, ], notes: [ { category: "general", text: "The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-3119", url: "https://www.suse.com/security/cve/CVE-2016-3119", }, { category: "external", summary: "SUSE Bug 971942 for CVE-2016-3119", url: "https://bugzilla.suse.com/971942", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-3119", }, { cve: "CVE-2016-3120", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-3120", }, ], notes: [ { category: "general", text: "The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-3120", url: "https://www.suse.com/security/cve/CVE-2016-3120", }, { category: "external", summary: "SUSE Bug 991088 for CVE-2016-3120", url: "https://bugzilla.suse.com/991088", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:krb5-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-client-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-client-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-client-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-devel-32bit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-doc-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-mini-devel-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-kdb-ldap-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-otp-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-plugin-preauth-pkinit-1.15-1.1.x86_64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.aarch64", "openSUSE Tumbleweed:krb5-server-1.15-1.1.ppc64le", "openSUSE Tumbleweed:krb5-server-1.15-1.1.s390x", "openSUSE Tumbleweed:krb5-server-1.15-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-3120", }, ], }
ghsa-j87f-3fmr-m923
Vulnerability from github
Published
2022-05-13 01:28
Modified
2022-05-13 01:28
Details
The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.
{ affected: [], aliases: [ "CVE-2014-5351", ], database_specific: { cwe_ids: [], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2014-10-10T01:55:00Z", severity: "LOW", }, details: "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.", id: "GHSA-j87f-3fmr-m923", modified: "2022-05-13T01:28:50Z", published: "2022-05-13T01:28:50Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-5351", }, { type: "WEB", url: "https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca", }, { type: "WEB", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1145425", }, { type: "WEB", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/97028", }, { type: "WEB", url: "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html", }, { type: "WEB", url: "http://advisories.mageia.org/MGASA-2014-0477.html", }, { type: "WEB", url: "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018", }, { type: "WEB", url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html", }, { type: "WEB", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html", }, { type: "WEB", url: "http://security.gentoo.org/glsa/glsa-201412-53.xml", }, { type: "WEB", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2014:224", }, { type: "WEB", url: "http://www.securityfocus.com/bid/70380", }, { type: "WEB", url: "http://www.securitytracker.com/id/1031003", }, { type: "WEB", url: "http://www.ubuntu.com/usn/USN-2498-1", }, ], schema_version: "1.4.0", severity: [], }
gsd-2014-5351
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.
Aliases
Aliases
{ GSD: { alias: "CVE-2014-5351", description: "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.", id: "GSD-2014-5351", references: [ "https://www.suse.com/security/cve/CVE-2014-5351.html", "https://ubuntu.com/security/CVE-2014-5351", "https://advisories.mageia.org/CVE-2014-5351.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2014-5351", ], details: "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.", id: "GSD-2014-5351", modified: "2023-12-13T01:22:52.547433Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-5351", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018", refsource: "CONFIRM", url: "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018", }, { name: "1031003", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1031003", }, { name: "FEDORA-2015-2382", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html", }, { name: "[debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html", }, { name: "openSUSE-SU-2015:0255", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html", }, { name: "http://advisories.mageia.org/MGASA-2014-0477.html", refsource: "CONFIRM", url: "http://advisories.mageia.org/MGASA-2014-0477.html", }, { name: "SUSE-SU-2015:0290", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1145425", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1145425", }, { name: "MDVSA-2014:224", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2014:224", }, { name: "GLSA-201412-53", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-201412-53.xml", }, { name: "USN-2498-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2498-1", }, { name: "70380", refsource: "BID", url: "http://www.securityfocus.com/bid/70380", }, { name: "kerberos-cve20145351-sec-bypass(97028)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/97028", }, { name: "https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca", refsource: "CONFIRM", url: "https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca", }, { name: "FEDORA-2014-11940", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:mit:kerberos_5:1.12.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-5351", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-255", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca", refsource: "CONFIRM", tags: [], url: "https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca", }, { name: "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018", refsource: "CONFIRM", tags: [], url: "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1145425", refsource: "CONFIRM", tags: [], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1145425", }, { name: "FEDORA-2014-11940", refsource: "FEDORA", tags: [], url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html", }, { name: "1031003", refsource: "SECTRACK", tags: [], url: "http://www.securitytracker.com/id/1031003", }, { name: "MDVSA-2014:224", refsource: "MANDRIVA", tags: [], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2014:224", }, { name: "http://advisories.mageia.org/MGASA-2014-0477.html", refsource: "CONFIRM", tags: [], url: "http://advisories.mageia.org/MGASA-2014-0477.html", }, { name: "70380", refsource: "BID", tags: [], url: "http://www.securityfocus.com/bid/70380", }, { name: "GLSA-201412-53", refsource: "GENTOO", tags: [], url: "http://security.gentoo.org/glsa/glsa-201412-53.xml", }, { name: "SUSE-SU-2015:0290", refsource: "SUSE", tags: [], url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html", }, { name: "FEDORA-2015-2382", refsource: "FEDORA", tags: [], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html", }, { name: "USN-2498-1", refsource: "UBUNTU", tags: [], url: "http://www.ubuntu.com/usn/USN-2498-1", }, { name: "openSUSE-SU-2015:0255", refsource: "SUSE", tags: [], url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html", }, { name: "kerberos-cve20145351-sec-bypass(97028)", refsource: "XF", tags: [], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/97028", }, { name: "[debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update", refsource: "MLIST", tags: [], url: "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", userInteractionRequired: false, }, }, lastModifiedDate: "2020-01-21T15:46Z", publishedDate: "2014-10-10T01:55Z", }, }, }
suse-su-2015:0290-1
Vulnerability from csaf_suse
Published
2015-01-21 10:07
Modified
2015-01-21 10:07
Summary
Security update for krb5
Notes
Title of the patch
Security update for krb5
Description of the patch
MIT kerberos krb5 was updated to fix several security issues and bugs.
Security issues fixed:
CVE-2014-5351: The kadm5_randkey_principal_3 function in
lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5)
sent old keys in a response to a -randkey -keepold request, which allowed
remote authenticated users to forge tickets by leveraging administrative
access.
CVE-2014-5352: In the MIT krb5 libgssapi_krb5 library, after
gss_process_context_token() is used to process a valid context
deletion token, the caller was left with a security context handle
containing a dangling pointer. Further uses of this handle would have
resulted in use-after-free and double-free memory access violations.
libgssrpc server applications such as kadmind were vulnerable as they
can be instructed to call gss_process_context_token().
CVE-2014-9421: If the MIT krb5 kadmind daemon receives invalid XDR
data from an authenticated user, it may have performed use-after-free and
double-free memory access violations while cleaning up the partial
deserialization results. Other libgssrpc server applications might also
been vulnerable if they contain insufficiently defensive XDR functions.
CVE-2014-9422: The MIT krb5 kadmind daemon incorrectly accepted
authentications to two-component server principals whose first
component is a left substring of 'kadmin' or whose realm is a left
prefix of the default realm.
CVE-2014-9423: libgssrpc applications including kadmind output four or
eight bytes of uninitialized memory to the network as part of an
unused 'handle' field in replies to clients.
Bugs fixed:
- Work around replay cache creation race; (bnc#898439).
Patchnames
SUSE-SLE-BSK-12-2015-74,SUSE-SLE-SDK-12-2015-74,SUSE-SLE-SERVER-12-2015-74
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for krb5", title: "Title of the patch", }, { category: "description", text: "\nMIT kerberos krb5 was updated to fix several security issues and bugs.\n\nSecurity issues fixed:\nCVE-2014-5351: The kadm5_randkey_principal_3 function in\nlib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5)\nsent old keys in a response to a -randkey -keepold request, which allowed\nremote authenticated users to forge tickets by leveraging administrative\naccess.\n\nCVE-2014-5352: In the MIT krb5 libgssapi_krb5 library, after\ngss_process_context_token() is used to process a valid context\ndeletion token, the caller was left with a security context handle\ncontaining a dangling pointer. Further uses of this handle would have\nresulted in use-after-free and double-free memory access violations.\nlibgssrpc server applications such as kadmind were vulnerable as they\ncan be instructed to call gss_process_context_token().\n\nCVE-2014-9421: If the MIT krb5 kadmind daemon receives invalid XDR\ndata from an authenticated user, it may have performed use-after-free and\ndouble-free memory access violations while cleaning up the partial\ndeserialization results. Other libgssrpc server applications might also\nbeen vulnerable if they contain insufficiently defensive XDR functions.\n\nCVE-2014-9422: The MIT krb5 kadmind daemon incorrectly accepted\nauthentications to two-component server principals whose first\ncomponent is a left substring of 'kadmin' or whose realm is a left\nprefix of the default realm.\n\nCVE-2014-9423: libgssrpc applications including kadmind output four or\neight bytes of uninitialized memory to the network as part of an\nunused 'handle' field in replies to clients.\n\nBugs fixed:\n- Work around replay cache creation race; (bnc#898439).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-SLE-BSK-12-2015-74,SUSE-SLE-SDK-12-2015-74,SUSE-SLE-SERVER-12-2015-74", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_0290-1.json", }, { category: "self", summary: "URL for SUSE-SU-2015:0290-1", url: "https://www.suse.com/support/update/announcement/2015/suse-su-20150290-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2015:0290-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2015-February/001224.html", }, { category: "self", summary: "SUSE Bug 897874", url: "https://bugzilla.suse.com/897874", }, { category: "self", summary: "SUSE Bug 898439", url: "https://bugzilla.suse.com/898439", }, { category: "self", summary: "SUSE Bug 912002", url: "https://bugzilla.suse.com/912002", }, { category: "self", summary: "SUSE CVE CVE-2014-5351 page", url: "https://www.suse.com/security/cve/CVE-2014-5351/", }, { category: "self", summary: "SUSE CVE CVE-2014-5352 page", url: "https://www.suse.com/security/cve/CVE-2014-5352/", }, { category: "self", summary: "SUSE CVE CVE-2014-9421 page", url: "https://www.suse.com/security/cve/CVE-2014-9421/", }, { category: "self", summary: "SUSE CVE CVE-2014-9422 page", url: "https://www.suse.com/security/cve/CVE-2014-9422/", }, { category: "self", summary: "SUSE CVE CVE-2014-9423 page", url: "https://www.suse.com/security/cve/CVE-2014-9423/", }, ], title: "Security update for krb5", tracking: { current_release_date: "2015-01-21T10:07:55Z", generator: { date: "2015-01-21T10:07:55Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2015:0290-1", initial_release_date: "2015-01-21T10:07:55Z", revision_history: [ { date: "2015-01-21T10:07:55Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "krb5-devel-1.12.1-9.1.ppc64le", product: { name: "krb5-devel-1.12.1-9.1.ppc64le", product_id: "krb5-devel-1.12.1-9.1.ppc64le", }, }, { category: "product_version", name: "krb5-1.12.1-9.1.ppc64le", product: { name: "krb5-1.12.1-9.1.ppc64le", product_id: "krb5-1.12.1-9.1.ppc64le", }, }, { category: "product_version", name: "krb5-client-1.12.1-9.1.ppc64le", product: { name: "krb5-client-1.12.1-9.1.ppc64le", product_id: "krb5-client-1.12.1-9.1.ppc64le", }, }, { category: "product_version", name: "krb5-doc-1.12.1-9.1.ppc64le", product: { name: "krb5-doc-1.12.1-9.1.ppc64le", product_id: "krb5-doc-1.12.1-9.1.ppc64le", }, }, { category: "product_version", name: "krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", product: { name: "krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", product_id: "krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", }, }, { category: "product_version", name: "krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", product: { name: "krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", product_id: "krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", }, }, { category: "product_version", name: "krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", product: { name: "krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", product_id: "krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", }, }, { category: "product_version", name: "krb5-server-1.12.1-9.1.ppc64le", product: { name: "krb5-server-1.12.1-9.1.ppc64le", product_id: "krb5-server-1.12.1-9.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "krb5-devel-1.12.1-9.1.s390x", product: { name: "krb5-devel-1.12.1-9.1.s390x", product_id: "krb5-devel-1.12.1-9.1.s390x", }, }, { category: "product_version", name: "krb5-1.12.1-9.1.s390x", product: { name: "krb5-1.12.1-9.1.s390x", product_id: "krb5-1.12.1-9.1.s390x", }, }, { category: "product_version", name: "krb5-32bit-1.12.1-9.1.s390x", product: { name: "krb5-32bit-1.12.1-9.1.s390x", product_id: "krb5-32bit-1.12.1-9.1.s390x", }, }, { category: "product_version", name: "krb5-client-1.12.1-9.1.s390x", product: { name: "krb5-client-1.12.1-9.1.s390x", product_id: "krb5-client-1.12.1-9.1.s390x", }, }, { category: "product_version", name: "krb5-doc-1.12.1-9.1.s390x", product: { name: "krb5-doc-1.12.1-9.1.s390x", product_id: "krb5-doc-1.12.1-9.1.s390x", }, }, { category: "product_version", name: "krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", product: { name: "krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", product_id: "krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", }, }, { category: "product_version", name: "krb5-plugin-preauth-otp-1.12.1-9.1.s390x", product: { name: "krb5-plugin-preauth-otp-1.12.1-9.1.s390x", product_id: "krb5-plugin-preauth-otp-1.12.1-9.1.s390x", }, }, { category: "product_version", name: "krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", product: { name: "krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", product_id: "krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", }, }, { category: "product_version", name: "krb5-server-1.12.1-9.1.s390x", product: { name: "krb5-server-1.12.1-9.1.s390x", product_id: "krb5-server-1.12.1-9.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "krb5-devel-1.12.1-9.1.x86_64", product: { name: "krb5-devel-1.12.1-9.1.x86_64", product_id: "krb5-devel-1.12.1-9.1.x86_64", }, }, { category: "product_version", name: "krb5-1.12.1-9.1.x86_64", product: { name: "krb5-1.12.1-9.1.x86_64", product_id: "krb5-1.12.1-9.1.x86_64", }, }, { category: "product_version", name: "krb5-32bit-1.12.1-9.1.x86_64", product: { name: "krb5-32bit-1.12.1-9.1.x86_64", product_id: "krb5-32bit-1.12.1-9.1.x86_64", }, }, { category: "product_version", name: "krb5-client-1.12.1-9.1.x86_64", product: { name: "krb5-client-1.12.1-9.1.x86_64", product_id: "krb5-client-1.12.1-9.1.x86_64", }, }, { category: "product_version", name: "krb5-doc-1.12.1-9.1.x86_64", product: { name: "krb5-doc-1.12.1-9.1.x86_64", product_id: "krb5-doc-1.12.1-9.1.x86_64", }, }, { category: "product_version", name: "krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", product: { name: "krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", product_id: "krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", }, }, { category: "product_version", name: "krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", product: { name: "krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", product_id: "krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", }, }, { category: "product_version", name: "krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", product: { name: "krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", product_id: "krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", }, }, { category: "product_version", name: "krb5-server-1.12.1-9.1.x86_64", product: { name: "krb5-server-1.12.1-9.1.x86_64", product_id: "krb5-server-1.12.1-9.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 12", product: { name: "SUSE Linux Enterprise Software Development Kit 12", product_id: "SUSE Linux Enterprise Software Development Kit 12", product_identification_helper: { cpe: "cpe:/o:suse:sle-sdk:12", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12", product: { name: "SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12", product_identification_helper: { cpe: "cpe:/o:suse:sles:12", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "krb5-devel-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12", product_id: "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.ppc64le", }, product_reference: "krb5-devel-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12", product_id: "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.s390x", }, product_reference: "krb5-devel-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12", product_id: "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.x86_64", }, product_reference: "krb5-devel-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12", }, { category: "default_component_of", full_product_name: { name: "krb5-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.ppc64le", }, product_reference: "krb5-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.s390x", }, product_reference: "krb5-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.x86_64", }, product_reference: "krb5-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-32bit-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.s390x", }, product_reference: "krb5-32bit-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-32bit-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.x86_64", }, product_reference: "krb5-32bit-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-client-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.ppc64le", }, product_reference: "krb5-client-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-client-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.s390x", }, product_reference: "krb5-client-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-client-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.x86_64", }, product_reference: "krb5-client-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-doc-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.ppc64le", }, product_reference: "krb5-doc-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-doc-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.s390x", }, product_reference: "krb5-doc-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-doc-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.x86_64", }, product_reference: "krb5-doc-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", }, product_reference: "krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-kdb-ldap-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", }, product_reference: "krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", }, product_reference: "krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", }, product_reference: "krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-otp-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", }, product_reference: "krb5-plugin-preauth-otp-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-otp-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", }, product_reference: "krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", }, product_reference: "krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", }, product_reference: "krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", }, product_reference: "krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-server-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.ppc64le", }, product_reference: "krb5-server-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-server-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.s390x", }, product_reference: "krb5-server-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-server-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.x86_64", }, product_reference: "krb5-server-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.ppc64le", }, product_reference: "krb5-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.s390x", }, product_reference: "krb5-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.x86_64", }, product_reference: "krb5-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-32bit-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.s390x", }, product_reference: "krb5-32bit-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-32bit-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.x86_64", }, product_reference: "krb5-32bit-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-client-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.ppc64le", }, product_reference: "krb5-client-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-client-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.s390x", }, product_reference: "krb5-client-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-client-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.x86_64", }, product_reference: "krb5-client-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-doc-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.ppc64le", }, product_reference: "krb5-doc-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-doc-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.s390x", }, product_reference: "krb5-doc-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-doc-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.x86_64", }, product_reference: "krb5-doc-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", }, product_reference: "krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-kdb-ldap-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", }, product_reference: "krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", }, product_reference: "krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", }, product_reference: "krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-otp-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", }, product_reference: "krb5-plugin-preauth-otp-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-otp-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", }, product_reference: "krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", }, product_reference: "krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", }, product_reference: "krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", }, product_reference: "krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-server-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.ppc64le", }, product_reference: "krb5-server-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-server-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.s390x", }, product_reference: "krb5-server-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-server-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.x86_64", }, product_reference: "krb5-server-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, ], }, vulnerabilities: [ { cve: "CVE-2014-5351", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-5351", }, ], notes: [ { category: "general", text: "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-5351", url: "https://www.suse.com/security/cve/CVE-2014-5351", }, { category: "external", summary: "SUSE Bug 897874 for CVE-2014-5351", url: "https://bugzilla.suse.com/897874", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-01-21T10:07:55Z", details: "moderate", }, ], title: "CVE-2014-5351", }, { cve: "CVE-2014-5352", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-5352", }, ], notes: [ { category: "general", text: "The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-5352", url: "https://www.suse.com/security/cve/CVE-2014-5352", }, { category: "external", summary: "SUSE Bug 1005509 for CVE-2014-5352", url: "https://bugzilla.suse.com/1005509", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2014-5352", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 912002 for CVE-2014-5352", url: "https://bugzilla.suse.com/912002", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-01-21T10:07:55Z", details: "moderate", }, ], title: "CVE-2014-5352", }, { cve: "CVE-2014-9421", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-9421", }, ], notes: [ { category: "general", text: "The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-9421", url: "https://www.suse.com/security/cve/CVE-2014-9421", }, { category: "external", summary: "SUSE Bug 1005509 for CVE-2014-9421", url: "https://bugzilla.suse.com/1005509", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2014-9421", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 912002 for CVE-2014-9421", url: "https://bugzilla.suse.com/912002", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-01-21T10:07:55Z", details: "moderate", }, ], title: "CVE-2014-9421", }, { cve: "CVE-2014-9422", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-9422", }, ], notes: [ { category: "general", text: "The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial \"kadmind\" substring, as demonstrated by a \"ka/x\" principal.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-9422", url: "https://www.suse.com/security/cve/CVE-2014-9422", }, { category: "external", summary: "SUSE Bug 1005509 for CVE-2014-9422", url: "https://bugzilla.suse.com/1005509", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2014-9422", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 912002 for CVE-2014-9422", url: "https://bugzilla.suse.com/912002", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-01-21T10:07:55Z", details: "moderate", }, ], title: "CVE-2014-9422", }, { cve: "CVE-2014-9423", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-9423", }, ], notes: [ { category: "general", text: "The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-9423", url: "https://www.suse.com/security/cve/CVE-2014-9423", }, { category: "external", summary: "SUSE Bug 1005509 for CVE-2014-9423", url: "https://bugzilla.suse.com/1005509", }, { category: "external", summary: "SUSE Bug 912002 for CVE-2014-9423", url: "https://bugzilla.suse.com/912002", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-01-21T10:07:55Z", details: "moderate", }, ], title: "CVE-2014-9423", }, ], }
suse-su-2015:0290-2
Vulnerability from csaf_suse
Published
2015-01-21 10:07
Modified
2015-01-21 10:07
Summary
Security update for krb5
Notes
Title of the patch
Security update for krb5
Description of the patch
MIT kerberos krb5 was updated to fix several security issues and bugs.
Security issues fixed:
CVE-2014-5351: The kadm5_randkey_principal_3 function in
lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5)
sent old keys in a response to a -randkey -keepold request, which allowed
remote authenticated users to forge tickets by leveraging administrative
access.
CVE-2014-5352: In the MIT krb5 libgssapi_krb5 library, after
gss_process_context_token() is used to process a valid context
deletion token, the caller was left with a security context handle
containing a dangling pointer. Further uses of this handle would have
resulted in use-after-free and double-free memory access violations.
libgssrpc server applications such as kadmind were vulnerable as they
can be instructed to call gss_process_context_token().
CVE-2014-9421: If the MIT krb5 kadmind daemon receives invalid XDR
data from an authenticated user, it may have performed use-after-free and
double-free memory access violations while cleaning up the partial
deserialization results. Other libgssrpc server applications might also
been vulnerable if they contain insufficiently defensive XDR functions.
CVE-2014-9422: The MIT krb5 kadmind daemon incorrectly accepted
authentications to two-component server principals whose first
component is a left substring of 'kadmin' or whose realm is a left
prefix of the default realm.
CVE-2014-9423: libgssrpc applications including kadmind output four or
eight bytes of uninitialized memory to the network as part of an
unused 'handle' field in replies to clients.
Bugs fixed:
- Work around replay cache creation race; (bnc#898439).
Patchnames
SUSE-SLE-BSK-12-2015-74,SUSE-SLE-DESKTOP-12-2015-74,SUSE-SLE-SDK-12-2015-74,SUSE-SLE-SERVER-12-2015-74
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for krb5", title: "Title of the patch", }, { category: "description", text: "\nMIT kerberos krb5 was updated to fix several security issues and bugs.\n\nSecurity issues fixed:\nCVE-2014-5351: The kadm5_randkey_principal_3 function in\nlib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5)\nsent old keys in a response to a -randkey -keepold request, which allowed\nremote authenticated users to forge tickets by leveraging administrative\naccess.\n\nCVE-2014-5352: In the MIT krb5 libgssapi_krb5 library, after\ngss_process_context_token() is used to process a valid context\ndeletion token, the caller was left with a security context handle\ncontaining a dangling pointer. Further uses of this handle would have\nresulted in use-after-free and double-free memory access violations.\nlibgssrpc server applications such as kadmind were vulnerable as they\ncan be instructed to call gss_process_context_token().\n\nCVE-2014-9421: If the MIT krb5 kadmind daemon receives invalid XDR\ndata from an authenticated user, it may have performed use-after-free and\ndouble-free memory access violations while cleaning up the partial\ndeserialization results. Other libgssrpc server applications might also\nbeen vulnerable if they contain insufficiently defensive XDR functions.\n\nCVE-2014-9422: The MIT krb5 kadmind daemon incorrectly accepted\nauthentications to two-component server principals whose first\ncomponent is a left substring of 'kadmin' or whose realm is a left\nprefix of the default realm.\n\nCVE-2014-9423: libgssrpc applications including kadmind output four or\neight bytes of uninitialized memory to the network as part of an\nunused 'handle' field in replies to clients.\n\nBugs fixed:\n- Work around replay cache creation race; (bnc#898439).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-SLE-BSK-12-2015-74,SUSE-SLE-DESKTOP-12-2015-74,SUSE-SLE-SDK-12-2015-74,SUSE-SLE-SERVER-12-2015-74", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_0290-2.json", }, { category: "self", summary: "URL for SUSE-SU-2015:0290-2", url: "https://www.suse.com/support/update/announcement/2015/suse-su-20150290-2/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2015:0290-2", url: "https://lists.suse.com/pipermail/sle-security-updates/2015-February/001225.html", }, { category: "self", summary: "SUSE Bug 897874", url: "https://bugzilla.suse.com/897874", }, { category: "self", summary: "SUSE Bug 898439", url: "https://bugzilla.suse.com/898439", }, { category: "self", summary: "SUSE Bug 912002", url: "https://bugzilla.suse.com/912002", }, { category: "self", summary: "SUSE CVE CVE-2014-5351 page", url: "https://www.suse.com/security/cve/CVE-2014-5351/", }, { category: "self", summary: "SUSE CVE CVE-2014-5352 page", url: "https://www.suse.com/security/cve/CVE-2014-5352/", }, { category: "self", summary: "SUSE CVE CVE-2014-9421 page", url: "https://www.suse.com/security/cve/CVE-2014-9421/", }, { category: "self", summary: "SUSE CVE CVE-2014-9422 page", url: "https://www.suse.com/security/cve/CVE-2014-9422/", }, { category: "self", summary: "SUSE CVE CVE-2014-9423 page", url: "https://www.suse.com/security/cve/CVE-2014-9423/", }, ], title: "Security update for krb5", tracking: { current_release_date: "2015-01-21T10:07:55Z", generator: { date: "2015-01-21T10:07:55Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2015:0290-2", initial_release_date: "2015-01-21T10:07:55Z", revision_history: [ { date: "2015-01-21T10:07:55Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "krb5-devel-1.12.1-9.1.ppc64le", product: { name: "krb5-devel-1.12.1-9.1.ppc64le", product_id: "krb5-devel-1.12.1-9.1.ppc64le", }, }, { category: "product_version", name: "krb5-1.12.1-9.1.ppc64le", product: { name: "krb5-1.12.1-9.1.ppc64le", product_id: "krb5-1.12.1-9.1.ppc64le", }, }, { category: "product_version", name: "krb5-client-1.12.1-9.1.ppc64le", product: { name: "krb5-client-1.12.1-9.1.ppc64le", product_id: "krb5-client-1.12.1-9.1.ppc64le", }, }, { category: "product_version", name: "krb5-doc-1.12.1-9.1.ppc64le", product: { name: "krb5-doc-1.12.1-9.1.ppc64le", product_id: "krb5-doc-1.12.1-9.1.ppc64le", }, }, { category: "product_version", name: "krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", product: { name: "krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", product_id: "krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", }, }, { category: "product_version", name: "krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", product: { name: "krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", product_id: "krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", }, }, { category: "product_version", name: "krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", product: { name: "krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", product_id: "krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", }, }, { category: "product_version", name: "krb5-server-1.12.1-9.1.ppc64le", product: { name: "krb5-server-1.12.1-9.1.ppc64le", product_id: "krb5-server-1.12.1-9.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "krb5-devel-1.12.1-9.1.s390x", product: { name: "krb5-devel-1.12.1-9.1.s390x", product_id: "krb5-devel-1.12.1-9.1.s390x", }, }, { category: "product_version", name: "krb5-1.12.1-9.1.s390x", product: { name: "krb5-1.12.1-9.1.s390x", product_id: "krb5-1.12.1-9.1.s390x", }, }, { category: "product_version", name: "krb5-32bit-1.12.1-9.1.s390x", product: { name: "krb5-32bit-1.12.1-9.1.s390x", product_id: "krb5-32bit-1.12.1-9.1.s390x", }, }, { category: "product_version", name: "krb5-client-1.12.1-9.1.s390x", product: { name: "krb5-client-1.12.1-9.1.s390x", product_id: "krb5-client-1.12.1-9.1.s390x", }, }, { category: "product_version", name: "krb5-doc-1.12.1-9.1.s390x", product: { name: "krb5-doc-1.12.1-9.1.s390x", product_id: "krb5-doc-1.12.1-9.1.s390x", }, }, { category: "product_version", name: "krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", product: { name: "krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", product_id: "krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", }, }, { category: "product_version", name: "krb5-plugin-preauth-otp-1.12.1-9.1.s390x", product: { name: "krb5-plugin-preauth-otp-1.12.1-9.1.s390x", product_id: "krb5-plugin-preauth-otp-1.12.1-9.1.s390x", }, }, { category: "product_version", name: "krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", product: { name: "krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", product_id: "krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", }, }, { category: "product_version", name: "krb5-server-1.12.1-9.1.s390x", product: { name: "krb5-server-1.12.1-9.1.s390x", product_id: "krb5-server-1.12.1-9.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "krb5-1.12.1-9.1.x86_64", product: { name: "krb5-1.12.1-9.1.x86_64", product_id: "krb5-1.12.1-9.1.x86_64", }, }, { category: "product_version", name: "krb5-32bit-1.12.1-9.1.x86_64", product: { name: "krb5-32bit-1.12.1-9.1.x86_64", product_id: "krb5-32bit-1.12.1-9.1.x86_64", }, }, { category: "product_version", name: "krb5-client-1.12.1-9.1.x86_64", product: { name: "krb5-client-1.12.1-9.1.x86_64", product_id: "krb5-client-1.12.1-9.1.x86_64", }, }, { category: "product_version", name: "krb5-devel-1.12.1-9.1.x86_64", product: { name: "krb5-devel-1.12.1-9.1.x86_64", product_id: "krb5-devel-1.12.1-9.1.x86_64", }, }, { category: "product_version", name: "krb5-doc-1.12.1-9.1.x86_64", product: { name: "krb5-doc-1.12.1-9.1.x86_64", product_id: "krb5-doc-1.12.1-9.1.x86_64", }, }, { category: "product_version", name: "krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", product: { name: "krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", product_id: "krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", }, }, { category: "product_version", name: "krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", product: { name: "krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", product_id: "krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", }, }, { category: "product_version", name: "krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", product: { name: "krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", product_id: "krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", }, }, { category: "product_version", name: "krb5-server-1.12.1-9.1.x86_64", product: { name: "krb5-server-1.12.1-9.1.x86_64", product_id: "krb5-server-1.12.1-9.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Desktop 12", product: { name: "SUSE Linux Enterprise Desktop 12", product_id: "SUSE Linux Enterprise Desktop 12", product_identification_helper: { cpe: "cpe:/o:suse:sled:12", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 12", product: { name: "SUSE Linux Enterprise Software Development Kit 12", product_id: "SUSE Linux Enterprise Software Development Kit 12", product_identification_helper: { cpe: "cpe:/o:suse:sle-sdk:12", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12", product: { name: "SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12", product_identification_helper: { cpe: "cpe:/o:suse:sles:12", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "krb5-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Desktop 12", product_id: "SUSE Linux Enterprise Desktop 12:krb5-1.12.1-9.1.x86_64", }, product_reference: "krb5-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12", }, { category: "default_component_of", full_product_name: { name: "krb5-32bit-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Desktop 12", product_id: "SUSE Linux Enterprise Desktop 12:krb5-32bit-1.12.1-9.1.x86_64", }, product_reference: "krb5-32bit-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12", }, { category: "default_component_of", full_product_name: { name: "krb5-client-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Desktop 12", product_id: "SUSE Linux Enterprise Desktop 12:krb5-client-1.12.1-9.1.x86_64", }, product_reference: "krb5-client-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12", product_id: "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.ppc64le", }, product_reference: "krb5-devel-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12", product_id: "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.s390x", }, product_reference: "krb5-devel-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12", }, { category: "default_component_of", full_product_name: { name: "krb5-devel-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12", product_id: "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.x86_64", }, product_reference: "krb5-devel-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12", }, { category: "default_component_of", full_product_name: { name: "krb5-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.ppc64le", }, product_reference: "krb5-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.s390x", }, product_reference: "krb5-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.x86_64", }, product_reference: "krb5-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-32bit-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.s390x", }, product_reference: "krb5-32bit-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-32bit-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.x86_64", }, product_reference: "krb5-32bit-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-client-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.ppc64le", }, product_reference: "krb5-client-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-client-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.s390x", }, product_reference: "krb5-client-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-client-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.x86_64", }, product_reference: "krb5-client-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-doc-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.ppc64le", }, product_reference: "krb5-doc-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-doc-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.s390x", }, product_reference: "krb5-doc-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-doc-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.x86_64", }, product_reference: "krb5-doc-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", }, product_reference: "krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-kdb-ldap-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", }, product_reference: "krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", }, product_reference: "krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", }, product_reference: "krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-otp-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", }, product_reference: "krb5-plugin-preauth-otp-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-otp-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", }, product_reference: "krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", }, product_reference: "krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", }, product_reference: "krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", }, product_reference: "krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-server-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.ppc64le", }, product_reference: "krb5-server-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-server-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.s390x", }, product_reference: "krb5-server-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-server-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.x86_64", }, product_reference: "krb5-server-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "krb5-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.ppc64le", }, product_reference: "krb5-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.s390x", }, product_reference: "krb5-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.x86_64", }, product_reference: "krb5-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-32bit-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.s390x", }, product_reference: "krb5-32bit-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-32bit-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.x86_64", }, product_reference: "krb5-32bit-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-client-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.ppc64le", }, product_reference: "krb5-client-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-client-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.s390x", }, product_reference: "krb5-client-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-client-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.x86_64", }, product_reference: "krb5-client-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-doc-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.ppc64le", }, product_reference: "krb5-doc-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-doc-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.s390x", }, product_reference: "krb5-doc-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-doc-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.x86_64", }, product_reference: "krb5-doc-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", }, product_reference: "krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-kdb-ldap-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", }, product_reference: "krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", }, product_reference: "krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", }, product_reference: "krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-otp-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", }, product_reference: "krb5-plugin-preauth-otp-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-otp-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", }, product_reference: "krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", }, product_reference: "krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", }, product_reference: "krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", }, product_reference: "krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-server-1.12.1-9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.ppc64le", }, product_reference: "krb5-server-1.12.1-9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-server-1.12.1-9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.s390x", }, product_reference: "krb5-server-1.12.1-9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "krb5-server-1.12.1-9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.x86_64", }, product_reference: "krb5-server-1.12.1-9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, ], }, vulnerabilities: [ { cve: "CVE-2014-5351", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-5351", }, ], notes: [ { category: "general", text: "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Desktop 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Desktop 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-5351", url: "https://www.suse.com/security/cve/CVE-2014-5351", }, { category: "external", summary: "SUSE Bug 897874 for CVE-2014-5351", url: "https://bugzilla.suse.com/897874", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Desktop 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Desktop 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-01-21T10:07:55Z", details: "moderate", }, ], title: "CVE-2014-5351", }, { cve: "CVE-2014-5352", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-5352", }, ], notes: [ { category: "general", text: "The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Desktop 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Desktop 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-5352", url: "https://www.suse.com/security/cve/CVE-2014-5352", }, { category: "external", summary: "SUSE Bug 1005509 for CVE-2014-5352", url: "https://bugzilla.suse.com/1005509", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2014-5352", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 912002 for CVE-2014-5352", url: "https://bugzilla.suse.com/912002", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Desktop 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Desktop 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-01-21T10:07:55Z", details: "moderate", }, ], title: "CVE-2014-5352", }, { cve: "CVE-2014-9421", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-9421", }, ], notes: [ { category: "general", text: "The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Desktop 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Desktop 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-9421", url: "https://www.suse.com/security/cve/CVE-2014-9421", }, { category: "external", summary: "SUSE Bug 1005509 for CVE-2014-9421", url: "https://bugzilla.suse.com/1005509", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2014-9421", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 912002 for CVE-2014-9421", url: "https://bugzilla.suse.com/912002", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Desktop 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Desktop 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-01-21T10:07:55Z", details: "moderate", }, ], title: "CVE-2014-9421", }, { cve: "CVE-2014-9422", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-9422", }, ], notes: [ { category: "general", text: "The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial \"kadmind\" substring, as demonstrated by a \"ka/x\" principal.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Desktop 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Desktop 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-9422", url: "https://www.suse.com/security/cve/CVE-2014-9422", }, { category: "external", summary: "SUSE Bug 1005509 for CVE-2014-9422", url: "https://bugzilla.suse.com/1005509", }, { category: "external", summary: "SUSE Bug 770172 for CVE-2014-9422", url: "https://bugzilla.suse.com/770172", }, { category: "external", summary: "SUSE Bug 912002 for CVE-2014-9422", url: "https://bugzilla.suse.com/912002", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Desktop 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Desktop 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-01-21T10:07:55Z", details: "moderate", }, ], title: "CVE-2014-9422", }, { cve: "CVE-2014-9423", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-9423", }, ], notes: [ { category: "general", text: "The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Desktop 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Desktop 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-9423", url: "https://www.suse.com/security/cve/CVE-2014-9423", }, { category: "external", summary: "SUSE Bug 1005509 for CVE-2014-9423", url: "https://bugzilla.suse.com/1005509", }, { category: "external", summary: "SUSE Bug 912002 for CVE-2014-9423", url: "https://bugzilla.suse.com/912002", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Desktop 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Desktop 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-9.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.s390x", "SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-01-21T10:07:55Z", details: "moderate", }, ], title: "CVE-2014-9423", }, ], }
fkie_cve-2014-5351
Vulnerability from fkie_nvd
Published
2014-10-10 01:55
Modified
2025-04-12 10:46
Severity ?
Summary
The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mit | kerberos_5 | 1.12.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mit:kerberos_5:1.12.2:*:*:*:*:*:*:*", matchCriteriaId: "9D0A28CB-173D-4676-B083-E3718213B840", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.", }, { lang: "es", value: "La función kadm5_randkey_principal_3 en lib/kadm5/srv/svr_principal.c en kadmind en MIT Kerberos 5 (también conocido como krb5) anterior a 1.13 envía claves viejas en respuesta a una solicitud -randkey -keepold, lo que permite a usuarios remotos autenticados falsificar tickets mediante el aprovechamiento del acceso administrativo.", }, ], id: "CVE-2014-5351", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-10-10T01:55:11.307", references: [ { source: "cve@mitre.org", url: "http://advisories.mageia.org/MGASA-2014-0477.html", }, { source: "cve@mitre.org", url: "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018", }, { source: "cve@mitre.org", url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html", }, { source: "cve@mitre.org", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-201412-53.xml", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2014:224", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/70380", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1031003", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-2498-1", }, { source: "cve@mitre.org", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1145425", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/97028", }, { source: "cve@mitre.org", url: "https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://advisories.mageia.org/MGASA-2014-0477.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-201412-53.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2014:224", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/70380", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1031003", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2498-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1145425", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/97028", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-255", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.