CVE-2014-4341

Priority
Medium
Description
MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a
denial of service (buffer over-read and application crash) by injecting
invalid tokens into a GSSAPI application session.
References
Bugs
Assigned-to
mdeslaur
Package
Source: krb5 (LP Ubuntu Debian)
Upstream:released (1.12.1+dfsg-4)
Ubuntu 10.04 LTS (Lucid Lynx):released (1.8.1+dfsg-2ubuntu0.13)
Ubuntu 12.04 LTS (Precise Pangolin):released (1.10+dfsg~beta1-2ubuntu0.5)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.12+dfsg-2ubuntu4.2)
Ubuntu 14.10 (Utopic Unicorn):not-affected (1.12.1+dfsg-6)
Patches:
Upstream:https://github.com/krb5/krb5/commit/fb99962cbd063ac04c9a9d2cc7c75eab73f3533d
More Information

Valid XHTML 1.0 Strict

Updated: 2014-08-11 14:14:48 UTC (commit 8348)