[arch-dev-public] [signoff] krb5-1.9.1-5
ibiru at archlinux.org
Wed Oct 19 16:38:51 EDT 2011
On 10/19/2011 05:10 AM, Stéphane Gaudreault wrote:
> This update apply an upstream patch that fix the following KDC denial of
> service vulnerabilities  :
> CVE-2011-1527: In releases krb5-1.9 and later, the KDC can crash due
> to a null pointer dereference if configured to use the LDAP back end.
> A trigger condition is publicly known but not known to be widely
> CVE-2011-1528: In releases krb5-1.8 and later, the KDC can crash due
> to an assertion failure. No exploit is known to exist, but there is
> public evidence that the unidentified trigger condition occurs in the
> CVE-2011-1529: In releases krb5-1.8 and later, the KDC can crash due
> to a null pointer dereference. No exploit is known to exist.
> Please test and signoff.
> I am not sure I will have internet access at the hotel in the next days, so
> feel free to move this to [core] once it gets the required signoffs.
>  http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt
More information about the arch-dev-public