LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

krb5: multiple vulnerabilities

Package(s):krb5 CVE #(s):CVE-2011-1527 CVE-2011-1528 CVE-2011-1529
Created:October 19, 2011 Updated:January 5, 2012
Description: From the Red Hat advisory:

Multiple NULL pointer dereference and assertion failure flaws were found in the MIT Kerberos KDC when it was configured to use an LDAP (Lightweight Directory Access Protocol) or Berkeley Database (Berkeley DB) back end. A remote attacker could use these flaws to crash the KDC. (CVE-2011-1527, CVE-2011-1528, CVE-2011-1529)

Red Hat would like to thank the MIT Kerberos project for reporting the CVE-2011-1527 issue. Upstream acknowledges Andrej Ota as the original reporter of CVE-2011-1527.

Alerts:
Fedora FEDORA-2011-14673 2011-10-20
Fedora FEDORA-2011-14650 2011-10-20
openSUSE openSUSE-SU-2011:1169-1 2011-10-24
Mandriva MDVSA-2011:160 2011-10-22
Mandriva MDVSA-2011:159 2011-10-22
Ubuntu USN-1233-1 2011-10-18
Scientific Linux SL-krb5-20111018 2011-10-18
Red Hat RHSA-2011:1379-01 2011-10-18
Debian DSA-2379-1 2012-01-04
Gentoo 201201-13 2012-01-23
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds