krb5 -- buffer overflows

2004-06-16T00:00:00
ID DSA-520
Type debian
Reporter Debian
Modified 2004-06-16T00:00:00

Description

In their advisory MITKRB5-SA-2004-001, the MIT Kerberos announced the existence of buffer overflow vulnerabilities in the krb5_aname_to_localname function. This function is only used if aname_to_localname is enabled in the configuration (this is not enabled by default).

For the current stable distribution (woody), this problem has been fixed in version 1.2.4-5woody5.

For the unstable distribution (sid), this problem has been fixed in version 1.3.3-2.

We recommend that you update your krb5 package.