{"id":"MGASA-2014-0345","summary":"Updated krb5 package fixes security vulnerabilities","details":"MIT Kerberos 5 allows attackers to cause a denial of service via a buffer\nover-read or NULL pointer dereference, by injecting invalid tokens into a\nGSSAPI application session (CVE-2014-4341, CVE-2014-4342).\n\nMIT Kerberos 5 allows attackers to cause a denial of service via a\ndouble-free flaw or NULL pointer dereference, while processing invalid\nSPNEGO tokens (CVE-2014-4343, CVE-2014-4344).\n\nIn MIT Kerberos 5, when kadmind is configured to use LDAP for the KDC\ndatabase, an authenticated remote attacker can cause it to perform an\nout-of-bounds write (buffer overflow) (CVE-2014-4345).\n","modified":"2026-02-01T08:02:53.398672Z","published":"2014-08-22T10:58:14Z","related":["CVE-2014-4341","CVE-2014-4342","CVE-2014-4343","CVE-2014-4344","CVE-2014-4345"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0345.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13882"},{"type":"REPORT","url":"http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2014-001.txt"},{"type":"REPORT","url":"https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html"}],"affected":[{"package":{"name":"krb5","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/krb5?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.11.1-1.4.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0345.json"}},{"package":{"name":"krb5","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/krb5?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.11.4-1.1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0345.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}