{"id":"MGASA-2015-0119","summary":"Updated krb5 package fixes security vulnerability","details":"MIT Kerberos 5 through 1.13.1 incorrectly expects that a krb5_read_message\ndata field is represented as a string ending with a '\\0' character, which\nallows remote attackers to cause a denial of service (NULL pointer\ndereference) via a zero-byte version string or cause a denial of service\n(out-of-bounds read) by omitting the '\\0' character, related to\nappl/user_user/server.c and lib/krb5/krb/recvauth.c (CVE-2014-5355).\n","modified":"2026-04-16T01:47:19.186142236Z","published":"2015-03-27T21:12:10Z","upstream":["CVE-2014-5355"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0119.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=15542"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html"}],"affected":[{"package":{"name":"krb5","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/krb5?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.11.4-1.5.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0119.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}