Package: libkrb5-3 Version: 1.8.3+dgsg-4squeeze7 Tags: security fixed-upstream
The build_principal_va() function uses strdup() on the supplied realm; in the TGS-REQ processing the KDC does this on an untrusted piece of data from the network, causing a mismatch between the length accessed and the length allocated, which could cause the KDC process to crash. Fixed in https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789 -Ben

