4 Fév
2016
4 Fév
'16
23:44
apticron report [Thu, 04 Feb 2016 23:44:16 +0100]
========================================================================
apticron has detected that some packages need upgrading on:
baldrick.crans.org
[ 138.231.142.239 2a01:240:fe3d:4:62:61ff:fe6c:6401 138.231.142.239 ]
[ 2a01:240:fe3d:4:62:61ff:fe6c:6401 ]
The following packages are currently pending an upgrade:
krb5-locales 1.12.1+dfsg-19+deb8u2
krb5-multidev 1.12.1+dfsg-19+deb8u2
libgssapi-krb5-2 1.12.1+dfsg-19+deb8u2
libgssrpc4 1.12.1+dfsg-19+deb8u2
libk5crypto3 1.12.1+dfsg-19+deb8u2
libkadm5clnt-mit9 1.12.1+dfsg-19+deb8u2
libkadm5srv-mit9 1.12.1+dfsg-19+deb8u2
libkdb5-7 1.12.1+dfsg-19+deb8u2
libkrb5-3 1.12.1+dfsg-19+deb8u2
libkrb5-dev 1.12.1+dfsg-19+deb8u2
libkrb5support0 1.12.1+dfsg-19+deb8u2
========================================================================
Package Details:
Lecture des fichiers de modifications (« changelog »)...
--- Modifications pour krb5 (krb5-locales krb5-multidev libgssapi-krb5-2 libgssrpc4
libk5crypto3 libkadm5clnt-mit9 libkadm5srv-mit9 libkdb5-7 libkrb5-3 libkrb5-dev
libkrb5support0) ---
krb5 (1.12.1+dfsg-19+deb8u2) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* Verify decoded kadmin C strings [CVE-2015-8629]
CVE-2015-8629: An authenticated attacker can cause kadmind to read
beyond the end of allocated memory by sending a string without a
terminating zero byte. Information leakage may be possible for an
attacker with permission to modify the database. (Closes: #813296)
* Check for null kadm5 policy name [CVE-2015-8630]
CVE-2015-8630: An authenticated attacker with permission to modify a
principal entry can cause kadmind to dereference a null pointer by
supplying a null policy value but including KADM5_POLICY in the mask.
(Closes: #813127)
* Fix leaks in kadmin server stubs [CVE-2015-8631]
CVE-2015-8631: An authenticated attacker can cause kadmind to leak
memory by supplying a null principal name in a request which uses one.
Repeating these requests will eventually cause kadmind to exhaust all
available memory. (Closes: #813126)
-- Salvatore Bonaccorso <carnil(a)debian.org> Sun, 31 Jan 2016 11:48:01 +0100
========================================================================
You can perform the upgrade by issuing the command:
apt-get dist-upgrade
as root on baldrick.crans.org
--
apticron
Afficher les réponses par date
3367
jours sans activité
3367
depuis la dernière activité
0 commentaires
1 participants
participants (1)
-
root@baldrick.crans.org