Updated krb5 packages fix security vulnerability
Publication date: 25 Mar 2016Modification date: 25 Mar 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-3119
Description
It was reported that in all versions of MIT krb5, an authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying an empty DB argument to the modify_principal command, if kadmind is configured to use the LDAP KDB module (CVE-2016-3119). The krb5 package has been updated to version 1.12.5 and patched to fix this issue and other bugs.
References
SRPMS
5/core
- krb5-1.12.5-1.mga5