Advisories » MGASA-2013-0335

Updated krb5 package fixes security vulnerabily

Publication date: 20 Nov 2013
Modification date: 20 Nov 2013
Type: security
Affected Mageia releases : 2
CVE: CVE-2013-1418

Description

If a KDC serves multiple realms, certain requests can cause
setup_server_realm() to dereference a null pointer, crashing the KDC.
This   can be triggered by an unauthenticated user (CVE-2013-1418).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=11668
• http://web.mit.edu/kerberos/krb5-1.11/README-1.11.4.txt
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1418
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418

SRPMS

2/core

• krb5-1.9.2-2.7.mga2