[Oraclevm-errata] OVMSA-2015-0054 Moderate: Oracle VM 3.3 krb5 security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Thu Apr 9 12:08:51 PDT 2015

Oracle VM Security Advisory OVMSA-2015-0054

The following updated rpms for Oracle VM 3.3 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

- fix for CVE-2014-5355 (#1193939) "krb5: unauthenticated
   denial of service in recvauth_common() and others"

- fix for CVE-2014-5353 (#1174543) "Fix LDAP misused policy
   name crash"

- Changelog fixes to make errata subsystem happy.

- fix for CVE-2014-5352 (#1179856) "gss_process_context_token()
   incorrectly frees context (MITKRB5-SA-2015-001)"
- fix for CVE-2014-9421 (#1179857) "kadmind doubly frees partial
   deserialization results (MITKRB5-SA-2015-001)"
- fix for CVE-2014-9422 (#1179861) "kadmind incorrectly
   validates server principal name (MITKRB5-SA-2015-001)"

More information about the Oraclevm-errata mailing list