Advisories ยป MGASA-2016-0123

Updated krb5 packages fix security vulnerability

Publication date: 25 Mar 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-3119


It was reported that in all versions of MIT krb5, an authenticated
attacker with permission to modify a principal entry can cause kadmind to
dereference a null pointer by supplying an empty DB argument to the
modify_principal command, if kadmind is configured to use the LDAP KDB
module (CVE-2016-3119).

The krb5 package has been updated to version 1.12.5 and patched to fix
this issue and other bugs.