Source: krb5 Severity: grave Tags: security Hi,
the following CVE (Common Vulnerabilities & Exposures) id was published for krb5. CVE-2010-1321[0]: | Certain invalid GSS-API tokens can cause a GSS-API acceptor (server) | to crash due to a null pointer dereference in the GSS-API library. | | This is an implementation vulnerability in MIT krb5, and not a | vulnerability in the Kerberos protocol. | | An authenticated remote attacker can cause a GSS-API application | server (including the Kerberos administration daemon kadmind) to crash | by sending a malformed GSS-API token that induces a null pointer | dereference. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. There is a new upstream release which fixes these issues. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321 http://security-tracker.debian.net/tracker/CVE-2010-1321 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt Cheers, --Seb -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org