[arch-dev-public] [signoff] krb5-1.9.1-5
Ionut Biru
ibiru at archlinux.org
Wed Oct 19 16:38:51 EDT 2011
On 10/19/2011 05:10 AM, Stéphane Gaudreault wrote:
> This update apply an upstream patch that fix the following KDC denial of
> service vulnerabilities [1] :
>
> CVE-2011-1527: In releases krb5-1.9 and later, the KDC can crash due
> to a null pointer dereference if configured to use the LDAP back end.
> A trigger condition is publicly known but not known to be widely
> circulated.
>
> CVE-2011-1528: In releases krb5-1.8 and later, the KDC can crash due
> to an assertion failure. No exploit is known to exist, but there is
> public evidence that the unidentified trigger condition occurs in the
> field.
>
> CVE-2011-1529: In releases krb5-1.8 and later, the KDC can crash due
> to a null pointer dereference. No exploit is known to exist.
>
> Please test and signoff.
>
> I am not sure I will have internet access at the hotel in the next days, so
> feel free to move this to [core] once it gets the required signoffs.
>
> Cheers,
>
> Stéphane
>
> [1] http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt
signoff i686
--
Ionuț
More information about the arch-dev-public
mailing list