-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 From: Lucas Kanashiro <kanash...@debian.org> To: debian-lts-announce@lists.debian.org Subject: [SECURITY] [DLA 1058-1] krb5 security update
Package : krb5 Version : 1.10.1+dfsg-5+deb7u8 CVE ID : CVE-2017-11368 Debian Bug : 869260 In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. For Debian 7 "Wheezy", these problems have been fixed in version 1.10.1+dfsg-5+deb7u8. We recommend that you upgrade your krb5 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAlmSDBMACgkQ+COicpiD yXxrIg//WM7WonHJWdDSzF1X1y8uGFwya/sJeZzB7pjVmAcmgCc+RDIn0lq4eO6X ZgKIXGxlFrn1BxHStz3Kz7kVYugX82bgoO99sgGsBouFqopAUfNUNlq3Ms0DCIvg sPtcmQdU6zXIpg14Qu6EuZIr/72MG2Qrsd1Hafr61l5j3IuFAIlK+G4bzYGFfauV iaLjOVYJ+Vx/Qj4ZaCnkHBdDc5RniDEMQqJYqwTzQV3q0XdZ2Ybk5M+VXgeu5hH+ fi6Pvfzgp/Hf+yjNMDv5Y/ZxyaZyVkC8xnGOAO1hn36UZDp6+71ZsZjxKcFpI3cB 3NS98Krj/rOtyXSr4gsC2mWOkmWbarue72mU3MuQ3Ul4e+WyY9UBUB7+jV8guVBR DcVC+Rzat77OGfdzqrKv+FKQ4BZUA5T98hyaawm22ISWSx/yfXZ0ciXP/TBCw7fY Tp5np8wmalFI+knIFJifXOMJ7xQQF5thRL3QKOIF6K2lT02alKXd8PPlR0tYP/Nx YLBg+5sP3JikAdezyD/T0dKbcvPcjIHefwpens1plt5dWy9/bSS72Q5o/Z9cmSe0 tHgg+0x92GaGAxTypW/O1XeJ41T0E1CAmqJLI+/w4AP8a+t8uUBG2Y0V2FCVVfsS DJSoAV2d6lTPnnGkSjO1ASIRUP9UygKWKjW8kMB/Ws74r+DnfpE= =ODGH -----END PGP SIGNATURE-----