Source: krb5 Version: 1.16-2 Severity: important Tags: security upstream Hi,
the following vulnerability was published for krb5, filling a bug to track the issue once more details are available. CVE-2018-5710[0]: | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The | pre-defined function "strlen" is getting a "NULL" string as a parameter | value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key | Distribution Center (KDC), which allows remote authenticated users to | cause a denial of service (NULL pointer dereference) via a modified | kadmin client. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-5710 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5710 Please adjust the affected versions in the BTS as needed, once known. Regards, Salvatore _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team