[Oraclevm-errata] OVMSA-2015-0054 Moderate: Oracle VM 3.3 krb5 security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Thu Apr 9 12:08:51 PDT 2015
Oracle VM Security Advisory OVMSA-2015-0054
The following updated rpms for Oracle VM 3.3 have been uploaded to the
Unbreakable Linux Network:
x86_64:
krb5-libs-1.10.3-37.el6_6.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/krb5-1.10.3-37.el6_6.src.rpm
Description of changes:
[1.10.3-37]
- fix for CVE-2014-5355 (#1193939) "krb5: unauthenticated
denial of service in recvauth_common() and others"
[1.10.3-36]
- fix for CVE-2014-5353 (#1174543) "Fix LDAP misused policy
name crash"
[1.10.3-35]
- Changelog fixes to make errata subsystem happy.
[1.10.3-34]
- fix for CVE-2014-5352 (#1179856) "gss_process_context_token()
incorrectly frees context (MITKRB5-SA-2015-001)"
- fix for CVE-2014-9421 (#1179857) "kadmind doubly frees partial
deserialization results (MITKRB5-SA-2015-001)"
- fix for CVE-2014-9422 (#1179861) "kadmind incorrectly
validates server principal name (MITKRB5-SA-2015-001)"
More information about the Oraclevm-errata
mailing list