remote code execution in krb5

2008-03-19T10:19:46
ID SUSE-SA:2008:016
Type suse
Reporter Suse
Modified 2008-03-19T10:19:46

Description

The krb5 package is the implementation of the Kerberos protocol suite from MIT. This update fixes three vulnerabilities, two of them are only possible if krb4 support is enabled: - CVE-2008-0062: null/dangling pointer (krb4) - CVE-2008-0063: operations on uninitialized buffer content, possible information leak (krb4) - CVE-2008-0947/8: out-of-bound array access in kadmind's RPC lib

Solution

Please install the new packages.