OpenSuSE has issue an advisory on March 19: http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html Upstream patch checked into Mageia 4 and Cauldron SVN. Freeze push requested. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA5TOO, MGA4TOO
CC: (none) => mageiaAssignee: bugsquad => guillomovitch
Patched packages uploaded for Mageia 4 and Cauldron. Advisory: ======================== Updated krb5 packages fix security vulnerability: MIT Kerberos 5 through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a zero-byte version string or cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c (CVE-2014-5355). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5355 http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html ======================== Updated packages in core/updates_testing: ======================== krb5-1.11.4-1.5.mga4 libkrb53-devel-1.11.4-1.5.mga4 libkrb53-1.11.4-1.5.mga4 krb5-server-1.11.4-1.5.mga4 krb5-server-ldap-1.11.4-1.5.mga4 krb5-workstation-1.11.4-1.5.mga4 krb5-pkinit-openssl-1.11.4-1.5.mga4 from krb5-1.11.4-1.5.mga4.src.rpm
Version: Cauldron => 4Assignee: guillomovitch => qa-bugsWhiteboard: MGA5TOO, MGA4TOO => (none)
Testing procedure: https://wiki.mageia.org/en/QA_procedure:Krb5
Whiteboard: (none) => has_procedure
CC: (none) => davidwhodginsWhiteboard: has_procedure => has_procedure advisory
Testing complete on Mageia 4 i586 and x86_64. Advisory committed to svn. Someone from the sysadmin team please push 15542.adv to updates.
Keywords: (none) => validated_updateWhiteboard: has_procedure advisory => has_procedure advisory MGA4-64-OK MGA4-32-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0119.html
Status: NEW => RESOLVEDResolution: (none) => FIXED