Your submission was sent successfully! Close

CVE-2015-2696

Published: 8 November 2015

lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.

Priority

Medium

Status

Package Release Status
krb5
Launchpad, Ubuntu, Debian
precise
Released (1.10+dfsg~beta1-2ubuntu0.7)
trusty
Released (1.12+dfsg-2ubuntu5.2)
upstream
Released (1.13.2+dfsg-3)
vivid
Released (1.12.1+dfsg-18ubuntu0.1)
wily
Released (1.13.2+dfsg-2ubuntu0.1)