Main Vulnerability Database SB2015110508

SB2015110508 - Fedora 23 update for krb5

Published: November 5, 2015 Updated: April 24, 2025

Security Bulletin ID SB2015110508

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2015-2698)

The vulnerability allows a remote #AU# to execute arbitrary code.

The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2015-58ae075703