CVE-2014-4342

Publication date 20 July 2014

Last updated 24 July 2024

Ubuntu priority

MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
krb5	14.04 LTS trusty	Fixed 1.12+dfsg-2ubuntu4.2
	13.10 saucy	Ignored end of life
	12.04 LTS precise	Fixed 1.10+dfsg~beta1-2ubuntu0.5
	10.04 LTS lucid	Fixed 1.8.1+dfsg-2ubuntu0.13

How can I get the fixes?
What do statuses mean?
Patch details

Notes

mdeslaur

same patch as CVE-2014-4341

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
krb5	Upstream: fb99962

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2310-1
Kerberos vulnerabilities
11 August 2014

Other references

https://www.cve.org/CVERecord?id=CVE-2014-4342