CVE-2015-2698 (retired)

Priority
Description
The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in
MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a
certain pointer, which allows remote authenticated users to cause a denial
of service (memory corruption) or possibly have unspecified other impact by
interacting with an application that calls the gss_export_sec_context
function. NOTE: this vulnerability exists because of an incorrect fix for
CVE-2015-2696.
Notes
 tyhicks> We're not technically affected since CVE-2015-2696 hasn't been
  fixed yet. Marking as needed so that we don't miss this fix while fixing
  CVE-2015-2696.
Assigned-to
mdeslaur
Package
Source: krb5 (LP Ubuntu Debian)
Upstream:released (1.13.2+dfsg-4)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.13.2+dfsg-4)
Patches:
Upstream:https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd
More Information

Updated: 2019-08-23 09:06:15 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)