Advisories » MGASA-2017-0256

Updated krb5 packages fix security vulnerability

Publication date: 12 Aug 2017
Modification date: 12 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-11368

Description

A denial of service flaw was found in MIT Kerberos krb5kdc service. An
authenticated attacker could use this flaw to cause krb5kdc to exit with
an assertion failure by making an invalid S4U2Self or S4U2Proxy request
(CVE-2017-11368).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21369
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4HNWXM6OQU7G23MG7XWIOBRGP43ECLDT/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11368

SRPMS

5/core

• krb5-1.12.5-1.2.mga5

6/core

• krb5-1.15.1-2.1.mga6