krb5 - security update

Several vulnerabilities were discovered in krb5, the MIT implementation
of Kerberos. The Common Vulnerabilities and Exposures project identifies
the following problems:

• CVE-2014-4341
  An unauthenticated remote attacker with the ability to inject
  packets into a legitimately established GSSAPI application session
  can cause a program crash due to invalid memory references when
  attempting to read beyond the end of a buffer.
• CVE-2014-4342
  An unauthenticated remote attacker with the ability to inject
  packets into a legitimately established GSSAPI application session
  can cause a program crash due to invalid memory references when
  reading beyond the end of a buffer or by causing a null pointer
  dereference.
• CVE-2014-4343
  An unauthenticated remote attacker with the ability to spoof packets
  appearing to be from a GSSAPI acceptor can cause a double-free
  condition in GSSAPI initiators (clients) which are using the SPNEGO
  mechanism, by returning a different underlying mechanism than was
  proposed by the initiator. A remote attacker could exploit this flaw
  to cause an application crash or potentially execute arbitrary code.
• CVE-2014-4344
  An unauthenticated or partially authenticated remote attacker can
  cause a NULL dereference and application crash during a SPNEGO
  negotiation by sending an empty token as the second or later context
  token from initiator to acceptor.
• CVE-2014-4345
  When kadmind is configured to use LDAP for the KDC database, an
  authenticated remote attacker can cause it to perform an
  out-of-bounds write (buffer overflow).

For the stable distribution (wheezy), these problems have been fixed in
version 1.10.1+dfsg-5+deb7u2.

For the unstable distribution (sid), these problems have been fixed in
version 1.12.1+dfsg-7.

We recommend that you upgrade your krb5 packages.