diff options
author | cy <cy@FreeBSD.org> | 2015-02-22 00:12:36 +0800 |
---|---|---|
committer | cy <cy@FreeBSD.org> | 2015-02-22 00:12:36 +0800 |
commit | 83661116818c167b007f4db897e3bbb50e15ca82 (patch) | |
tree | 1c611383c9c493d33dc950e39c8e431cf75ab2df | |
parent | 41d5ba7079658b5dc4bc84b6d24dc2cac6094cde (diff) | |
download | freebsd-ports-gnome-83661116818c167b007f4db897e3bbb50e15ca82.tar.gz freebsd-ports-gnome-83661116818c167b007f4db897e3bbb50e15ca82.tar.zst freebsd-ports-gnome-83661116818c167b007f4db897e3bbb50e15ca82.zip |
Kerberos Version 5, Release 1.12.3 is released affecting
security/krb5-112. This fixes multiple vulnerabilities, some previously
committed by point patches and others newly fixed in this release.
* Fix multiple vulnerabilities in the LDAP KDC back end.
[CVE-2014-5354] [CVE-2014-5353]
* Fix multiple kadmind vulnerabilities, some of which are based in the
gssrpc library. [CVE-2014-5352 CVE-2014-5352 CVE-2014-9421
CVE-2014-9422 CVE-2014-9423]
Security: CVE-2014-5354, CVE-2014-5353
Security: CVE-2014-5352, CVE-2014-5352, CVE-2014-9421
Security: CVE-2014-9422, CVE-2014-9423
-rw-r--r-- | security/vuxml/vuln.xml | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 56bbc0c157a5..3fe05fd67253 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -57,6 +57,35 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="63527d0d-b9de-11e4-8a48-206a8a720317"> + <topic>krb5 1.12 -- New release/fix multiple vulnerabilities</topic> + <affects> + <package> + <name>krb5-112</name> + <range><lt>1.12.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The MIT Kerberos team announces the availability of MIT Kerberos 5 Release 1.12.3:</p> + <blockquote cite="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt"> + <p>Fix multiple vulnerabilities in the LDAP KDC back end. + [CVE-2014-5354] [CVE-2014-5353]</p> + <p>Fix multiple kadmind vulnerabilities, some of which are based + in the gssrpc library. [CVE-2014-5352 CVE-2014-5352 + CVE-2014-9421 CVE-2014-9422 CVE-2014-9423]</p> + </blockquote> + </body> + </description> + <references> + <url>http://web.mit.edu/kerberos/krb5-1.12/README-1.12.3.txt</url> + </references> + <dates> + <discovery>2015-02-20</discovery> + <entry>2015-02-21</entry> + </dates> + </vuln> + <vuln vid="3680b234-b6f0-11e4-b7cc-d050992ecde8"> <topic>unzip -- heap based buffer overflow in iconv patch</topic> <affects> |