5 Fév
2016
5 Fév
'16
09:48
apticron report [Fri, 05 Feb 2016 09:48:20 +0100]
========================================================================
apticron has detected that some packages need upgrading on:
hexagon.federez.net
[ 5.39.82.35 2001:41d0:8:9423::1 5.39.82.35 2001:41d0:8:9423::1 ]
The following packages are currently pending an upgrade:
krb5-multidev 1.12.1+dfsg-19+deb8u2
libgssapi-krb5-2 1.12.1+dfsg-19+deb8u2
libgssrpc4 1.12.1+dfsg-19+deb8u2
libk5crypto3 1.12.1+dfsg-19+deb8u2
libkadm5clnt-mit9 1.12.1+dfsg-19+deb8u2
libkadm5srv-mit9 1.12.1+dfsg-19+deb8u2
libkdb5-7 1.12.1+dfsg-19+deb8u2
libkrb5-3 1.12.1+dfsg-19+deb8u2
libkrb5-dev 1.12.1+dfsg-19+deb8u2
libkrb5support0 1.12.1+dfsg-19+deb8u2
========================================================================
Package Details:
Lecture des fichiers de modifications (« changelog »)...
--- Modifications pour krb5 (krb5-multidev libgssapi-krb5-2 libgssrpc4 libk5crypto3
libkadm5clnt-mit9 libkadm5srv-mit9 libkdb5-7 libkrb5-3 libkrb5-dev libkrb5support0) ---
krb5 (1.12.1+dfsg-19+deb8u2) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* Verify decoded kadmin C strings [CVE-2015-8629]
CVE-2015-8629: An authenticated attacker can cause kadmind to read
beyond the end of allocated memory by sending a string without a
terminating zero byte. Information leakage may be possible for an
attacker with permission to modify the database. (Closes: #813296)
* Check for null kadm5 policy name [CVE-2015-8630]
CVE-2015-8630: An authenticated attacker with permission to modify a
principal entry can cause kadmind to dereference a null pointer by
supplying a null policy value but including KADM5_POLICY in the mask.
(Closes: #813127)
* Fix leaks in kadmin server stubs [CVE-2015-8631]
CVE-2015-8631: An authenticated attacker can cause kadmind to leak
memory by supplying a null principal name in a request which uses one.
Repeating these requests will eventually cause kadmind to exhaust all
available memory. (Closes: #813126)
-- Salvatore Bonaccorso <carnil(a)debian.org> Sun, 31 Jan 2016 11:48:01 +0100
========================================================================
You can perform the upgrade by issuing the command:
apt-get dist-upgrade
as root on hexagon.federez.net
--
apticron
Afficher les réponses par date
3366
jours sans activité
3366
depuis la dernière activité
0 commentaires
1 participants
participants (1)
-
root@hexagon.federez.net