Advisories ยป MGASA-2013-0336

Updated krb5 package fixes security vulnerabilities

Publication date: 20 Nov 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-1417 , CVE-2013-1418

Description

An authenticated remote client can cause a KDC to crash by making a valid
TGS-REQ to a KDC serving a realm with a single-component name. The
process_tgs_req() function dereferences a null pointer because an unusual
failure condition causes a helper function to return success
(CVE-2013-1417).

If a KDC serves multiple realms, certain requests can cause
setup_server_realm() to dereference a null pointer, crashing the KDC.
This   can be triggered by an unauthenticated user (CVE-2013-1418).
                

References

SRPMS

3/core