krb5-appl-clients-1.0.3-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13497 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z krb5-appl-clients-1.0.3-1.1 on GA media These are all security issues fixed in the krb5-appl-clients-1.0.3-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13497 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13497 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2011-1526/ SUSE CVE CVE-2011-1526 page https://www.suse.com/security/cve/CVE-2011-4862/ SUSE CVE CVE-2011-4862 page openSUSE Tumbleweed krb5-appl-clients-1.0.3-1.1 krb5-appl-servers-1.0.3-1.1 krb5-appl-clients-1.0.3-1.1 as a component of openSUSE Tumbleweed krb5-appl-servers-1.0.3-1.1 as a component of openSUSE Tumbleweed ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script. CVE-2011-1526 openSUSE Tumbleweed:krb5-appl-clients-1.0.3-1.1 openSUSE Tumbleweed:krb5-appl-servers-1.0.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1526.html CVE-2011-1526 https://bugzilla.suse.com/698471 SUSE Bug 698471 Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. CVE-2011-4862 openSUSE Tumbleweed:krb5-appl-clients-1.0.3-1.1 openSUSE Tumbleweed:krb5-appl-servers-1.0.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-4862.html CVE-2011-4862 https://bugzilla.suse.com/738632 SUSE Bug 738632