MIT Kerberos 5 recvauth Denial Of Service (CVE-2014-5355)

A denial of service vulnerability exists in MIT Kerberos 5. The vulnerability occurs when recvauthcommon calls krb5readmessage to receive and process a crafted message causing it to return an invalid string that later causes a NULL pointer dereference or an attempt to read beyond the end of a...

krb5 security update

1.10.3-37 - fix for CVE-2014-5355 1193939 'krb5: unauthenticated denial of service in recvauthcommon and others' 1.10.3-36 - fix for CVE-2014-5353 1174543 'Fix LDAP misused policy name crash' 1.10.3-35 - Changelog fixes to make errata subsystem happy. 1.10.3-34 - fix for CVE-2014-5352 1179856...