Security update for krb5 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:2302-1 Final 1 1 2015-12-18T15:43:38Z current 2015-12-18T15:43:38Z 2015-12-18T15:43:38Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for krb5 The krb5 package was updated to fix the following security issue: - CVE-2015-2698: Fixed a memory corruption regression introduced by resolving of CVE-2015-2698 (bsc#954204). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-2015-992,SUSE-SLE-DESKTOP-12-SP1-2015-992,SUSE-SLE-SDK-12-2015-992,SUSE-SLE-SDK-12-SP1-2015-992,SUSE-SLE-SERVER-12-2015-992,SUSE-SLE-SERVER-12-SP1-2015-992 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20152302-1/ Link for SUSE-SU-2015:2302-1 https://lists.suse.com/pipermail/sle-security-updates/2015-December/001738.html E-Mail link for SUSE-SU-2015:2302-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/954204 SUSE Bug 954204 https://www.suse.com/security/cve/CVE-2015-2698/ SUSE CVE CVE-2015-2698 page SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1 krb5-1.12.1-22.5 krb5-32bit-1.12.1-22.5 krb5-client-1.12.1-22.5 krb5-devel-1.12.1-22.5 krb5-doc-1.12.1-22.5 krb5-plugin-kdb-ldap-1.12.1-22.5 krb5-plugin-preauth-otp-1.12.1-22.5 krb5-plugin-preauth-pkinit-1.12.1-22.5 krb5-server-1.12.1-22.5 krb5-1.12.1-22.5 as a component of SUSE Linux Enterprise Desktop 12 krb5-32bit-1.12.1-22.5 as a component of SUSE Linux Enterprise Desktop 12 krb5-client-1.12.1-22.5 as a component of SUSE Linux Enterprise Desktop 12 krb5-1.12.1-22.5 as a component of SUSE Linux Enterprise Desktop 12 SP1 krb5-32bit-1.12.1-22.5 as a component of SUSE Linux Enterprise Desktop 12 SP1 krb5-client-1.12.1-22.5 as a component of SUSE Linux Enterprise Desktop 12 SP1 krb5-1.12.1-22.5 as a component of SUSE Linux Enterprise Server 12 krb5-32bit-1.12.1-22.5 as a component of SUSE Linux Enterprise Server 12 krb5-client-1.12.1-22.5 as a component of SUSE Linux Enterprise Server 12 krb5-doc-1.12.1-22.5 as a component of SUSE Linux Enterprise Server 12 krb5-plugin-kdb-ldap-1.12.1-22.5 as a component of SUSE Linux Enterprise Server 12 krb5-plugin-preauth-otp-1.12.1-22.5 as a component of SUSE Linux Enterprise Server 12 krb5-plugin-preauth-pkinit-1.12.1-22.5 as a component of SUSE Linux Enterprise Server 12 krb5-server-1.12.1-22.5 as a component of SUSE Linux Enterprise Server 12 krb5-1.12.1-22.5 as a component of SUSE Linux Enterprise Server 12 SP1 krb5-32bit-1.12.1-22.5 as a component of SUSE Linux Enterprise Server 12 SP1 krb5-client-1.12.1-22.5 as a component of SUSE Linux Enterprise Server 12 SP1 krb5-doc-1.12.1-22.5 as a component of SUSE Linux Enterprise Server 12 SP1 krb5-plugin-kdb-ldap-1.12.1-22.5 as a component of SUSE Linux Enterprise Server 12 SP1 krb5-plugin-preauth-otp-1.12.1-22.5 as a component of SUSE Linux Enterprise Server 12 SP1 krb5-plugin-preauth-pkinit-1.12.1-22.5 as a component of SUSE Linux Enterprise Server 12 SP1 krb5-server-1.12.1-22.5 as a component of SUSE Linux Enterprise Server 12 SP1 krb5-1.12.1-22.5 as a component of SUSE Linux Enterprise Server for SAP Applications 12 krb5-32bit-1.12.1-22.5 as a component of SUSE Linux Enterprise Server for SAP Applications 12 krb5-client-1.12.1-22.5 as a component of SUSE Linux Enterprise Server for SAP Applications 12 krb5-doc-1.12.1-22.5 as a component of SUSE Linux Enterprise Server for SAP Applications 12 krb5-plugin-kdb-ldap-1.12.1-22.5 as a component of SUSE Linux Enterprise Server for SAP Applications 12 krb5-plugin-preauth-otp-1.12.1-22.5 as a component of SUSE Linux Enterprise Server for SAP Applications 12 krb5-plugin-preauth-pkinit-1.12.1-22.5 as a component of SUSE Linux Enterprise Server for SAP Applications 12 krb5-server-1.12.1-22.5 as a component of SUSE Linux Enterprise Server for SAP Applications 12 krb5-1.12.1-22.5 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 krb5-32bit-1.12.1-22.5 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 krb5-client-1.12.1-22.5 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 krb5-doc-1.12.1-22.5 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 krb5-plugin-kdb-ldap-1.12.1-22.5 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 krb5-plugin-preauth-otp-1.12.1-22.5 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 krb5-plugin-preauth-pkinit-1.12.1-22.5 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 krb5-server-1.12.1-22.5 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 krb5-devel-1.12.1-22.5 as a component of SUSE Linux Enterprise Software Development Kit 12 krb5-devel-1.12.1-22.5 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696. CVE-2015-2698 SUSE Linux Enterprise Desktop 12 SP1:krb5-1.12.1-22.5 SUSE Linux Enterprise Desktop 12 SP1:krb5-32bit-1.12.1-22.5 SUSE Linux Enterprise Desktop 12 SP1:krb5-client-1.12.1-22.5 SUSE Linux Enterprise Desktop 12:krb5-1.12.1-22.5 SUSE Linux Enterprise Desktop 12:krb5-32bit-1.12.1-22.5 SUSE Linux Enterprise Desktop 12:krb5-client-1.12.1-22.5 SUSE Linux Enterprise Server 12 SP1:krb5-1.12.1-22.5 SUSE Linux Enterprise Server 12 SP1:krb5-32bit-1.12.1-22.5 SUSE Linux Enterprise Server 12 SP1:krb5-client-1.12.1-22.5 SUSE Linux Enterprise Server 12 SP1:krb5-doc-1.12.1-22.5 SUSE Linux Enterprise Server 12 SP1:krb5-plugin-kdb-ldap-1.12.1-22.5 SUSE Linux Enterprise Server 12 SP1:krb5-plugin-preauth-otp-1.12.1-22.5 SUSE Linux Enterprise Server 12 SP1:krb5-plugin-preauth-pkinit-1.12.1-22.5 SUSE Linux Enterprise Server 12 SP1:krb5-server-1.12.1-22.5 SUSE Linux Enterprise Server 12:krb5-1.12.1-22.5 SUSE Linux Enterprise Server 12:krb5-32bit-1.12.1-22.5 SUSE Linux Enterprise Server 12:krb5-client-1.12.1-22.5 SUSE Linux Enterprise Server 12:krb5-doc-1.12.1-22.5 SUSE Linux Enterprise Server 12:krb5-plugin-kdb-ldap-1.12.1-22.5 SUSE Linux Enterprise Server 12:krb5-plugin-preauth-otp-1.12.1-22.5 SUSE Linux Enterprise Server 12:krb5-plugin-preauth-pkinit-1.12.1-22.5 SUSE Linux Enterprise Server 12:krb5-server-1.12.1-22.5 SUSE Linux Enterprise Server for SAP Applications 12 SP1:krb5-1.12.1-22.5 SUSE Linux Enterprise Server for SAP Applications 12 SP1:krb5-32bit-1.12.1-22.5 SUSE Linux Enterprise Server for SAP Applications 12 SP1:krb5-client-1.12.1-22.5 SUSE Linux Enterprise Server for SAP Applications 12 SP1:krb5-doc-1.12.1-22.5 SUSE Linux Enterprise Server for SAP Applications 12 SP1:krb5-plugin-kdb-ldap-1.12.1-22.5 SUSE Linux Enterprise Server for SAP Applications 12 SP1:krb5-plugin-preauth-otp-1.12.1-22.5 SUSE Linux Enterprise Server for SAP Applications 12 SP1:krb5-plugin-preauth-pkinit-1.12.1-22.5 SUSE Linux Enterprise Server for SAP Applications 12 SP1:krb5-server-1.12.1-22.5 SUSE Linux Enterprise Server for SAP Applications 12:krb5-1.12.1-22.5 SUSE Linux Enterprise Server for SAP Applications 12:krb5-32bit-1.12.1-22.5 SUSE Linux Enterprise Server for SAP Applications 12:krb5-client-1.12.1-22.5 SUSE Linux Enterprise Server for SAP Applications 12:krb5-doc-1.12.1-22.5 SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-kdb-ldap-1.12.1-22.5 SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-otp-1.12.1-22.5 SUSE Linux Enterprise Server for SAP Applications 12:krb5-plugin-preauth-pkinit-1.12.1-22.5 SUSE Linux Enterprise Server for SAP Applications 12:krb5-server-1.12.1-22.5 SUSE Linux Enterprise Software Development Kit 12 SP1:krb5-devel-1.12.1-22.5 SUSE Linux Enterprise Software Development Kit 12:krb5-devel-1.12.1-22.5 moderate 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152302-1/ https://www.suse.com/security/cve/CVE-2015-2698.html CVE-2015-2698 https://bugzilla.suse.com/770172 SUSE Bug 770172 https://bugzilla.suse.com/954204 SUSE Bug 954204