01:20 cy 

Update 1.11.5 --> 1.11.6

This is a bugfix release.  The krb5-1.11 release series has reached
the end of its maintenance period, and krb5-1.11.6 is the last planned
release in the krb5-1.11 series.  For new deployments, installers
should prefer the krb5-1.13 release series or later.
This commit deprecates this port.

* Work around a gcc optimizer bug that could cause DB2 KDC database
  operations to spin in an infinite loop

* Fix a backward compatibility problem with the LDAP KDB schema that
  could prevent krb5-1.11 and later from decoding entries created by
  krb5-1.6.

* Handle certain invalid RFC 1964 GSS tokens correctly to avoid
  invalid memory reference vulnerabilities.  [CVE-2014-4341
  CVE-2014-4342]

* Fix memory management vulnerabilities in GSSAPI SPNEGO.
  [CVE-2014-4343 CVE-2014-4344]

* Fix buffer overflow vulnerability in LDAP KDB back end.
  [CVE-2014-4345]

* Fix multiple vulnerabilities in the LDAP KDC back end.
  [CVE-2014-5354 CVE-2014-5353]

* Fix multiple kadmind vulnerabilities, some of which are based in the
  gssrpc library. [CVE-2014-5352 CVE-2014-9421 CVE-2014-9422
  CVE-2014-9423]

Security:	dbf9e66c-bd50-11e4-a7ba-206a8a720317
		CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344
		CVE-2014-4345, CVE-2014-5354, CVE-2014-5353, CVE-2014-5352
		CVE-2014-9421, CVE-2014-9422, CVE-2014-9423

 

20:47 cy 

Address: krb5 -- Vulnerabilities in kadmind, libgssrpc,
gss_process_context_token VU#540092

CVE-2014-5352: gss_process_context_token() incorrectly frees context

CVE-2014-9421: kadmind doubly frees partial deserialization results

CVE-2014-9422: kadmind incorrectly validates server principal name

CVE-2014-9423: libgssrpc server applications leak uninitialized bytes

Security:	VUXML: 24ce5597-acab-11e4-a847-206a8a720317
Security:	MIT KRB5: VU#540092
Security:	CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423