[arch-dev-public] [signoff] krb5-1.9.1-5
bisson at archlinux.org
Wed Oct 19 00:45:55 EDT 2011
[2011-10-18 22:10:01 -0400] Stéphane Gaudreault:
> This update apply an upstream patch that fix the following KDC denial of
> service vulnerabilities  :
> CVE-2011-1527: In releases krb5-1.9 and later, the KDC can crash due
> to a null pointer dereference if configured to use the LDAP back end.
> A trigger condition is publicly known but not known to be widely
> CVE-2011-1528: In releases krb5-1.8 and later, the KDC can crash due
> to an assertion failure. No exploit is known to exist, but there is
> public evidence that the unidentified trigger condition occurs in the
> CVE-2011-1529: In releases krb5-1.8 and later, the KDC can crash due
> to a null pointer dereference. No exploit is known to exist.
More information about the arch-dev-public