19 Oct
2011
19 Oct
'11
4:45 a.m.
[2011-10-18 22:10:01 -0400] Stéphane Gaudreault:
This update apply an upstream patch that fix the following KDC denial of service vulnerabilities [1] :
CVE-2011-1527: In releases krb5-1.9 and later, the KDC can crash due to a null pointer dereference if configured to use the LDAP back end. A trigger condition is publicly known but not known to be widely circulated.
CVE-2011-1528: In releases krb5-1.8 and later, the KDC can crash due to an assertion failure. No exploit is known to exist, but there is public evidence that the unidentified trigger condition occurs in the field.
CVE-2011-1529: In releases krb5-1.8 and later, the KDC can crash due to a null pointer dereference. No exploit is known to exist.
Signoff x86_64. -- Gaetan