Wind River Support Network

HomeDefectsLIN7-5117

Fixed

LIN7-5117 : Security Advisory - krb5 - CVE-2015-2695

Created: Nov 13, 2015 Updated: Sep 8, 2018

Resolved Date: Nov 24, 2015

Found In Version: 7.0.0.10

Fix Version: 7.0.0.12

Severity: Standard

Applicable for: Wind River Linux 7

Component/s: Userspace

Description

lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2695

Other Downloads

Wind River Linux 7.0.0.14
Wind River Linux 7.0.0.15
Wind River Linux 7.0.0.16
Wind River Linux 7.0.0.17
Wind River Linux 7.0.0.18
Wind River Linux 7.0.0.19
Wind River Linux 7.0.0.20
Wind River Linux 7.0.0.21
Wind River Linux 7.0.0.22
Wind River Linux 7.0.0.23
Wind River Linux 7.0.0.24
Wind River Linux 7.0.0.25
Wind River Linux 7.0.0.26
Wind River Linux 7.0.0.27
Wind River Linux 7.0.0.28
Wind River Linux 7.0.0.29
Wind River Linux 7.0.0.30
Wind River Linux 7.0.0.31

CVEs

CVE-2015-2695