krb5 - several vulnerabilities

Several vulnerabilities have been found in the MIT reference implementation
of Kerberos V5, a system for authenticating users and services on a network.
The Common Vulnerabilities and Exposures project identified the following
problems:

• CVE-2009-0844
  The Apple Product Security team discovered that the SPNEGO GSS-API mechanism
  suffers of a missing bounds check when reading a network input buffer which
  results in an invalid read crashing the application or possibly leaking
  information.
• CVE-2009-0845
  Under certain conditions the SPNEGO GSS-API mechanism references a null pointer
  which crashes the application using the library.
• CVE-2009-0847
  An incorrect length check inside the ASN.1 decoder of the MIT krb5
  implementation allows an unauthenticated remote attacker to crash of the kinit
  or KDC program.
• CVE-2009-0846
  Under certain conditions the the ASN.1 decoder of the MIT krb5 implementation
  frees an uninitialized pointer which could lead to denial of service and
  possibly arbitrary code execution.

For the oldstable distribution (etch), this problem has been fixed in
version 1.4.4-7etch7.

For the stable distribution (lenny), this problem has been fixed in
version 1.6.dfsg.4~beta1-5lenny1.

For the testing distribution (squeeze), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 1.6.dfsg.4~beta1-13.

We recommend that you upgrade your krb5 packages.