[Secure-testing-team] Bug#813127: krb5: CVE-2015-8630: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 29 16:41:41 UTC 2016
Source: krb5
Version: 1.12.1+dfsg-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for krb5.
CVE-2015-8630[0]:
krb5 doesn't check for null policy when KADM5_POLICY is set in the mask
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-8630
Please adjust the affected versions in the BTS as needed. Source seems
similar in older versions, so please double check if only 1.12 onwards
are affected.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list