Package: krb5-kdc Version: 1.10.1+dfsg-4+nmu1 Severity: serious
Upstream has patched against CVE-2013-1416; Debian should as well.By sending an unusual but valid TGS-REQ, an authenticated remote attacker can cause the KDC process to crash by dereferencing a null pointer.
Only krb5 releases 1.7 to 1.10 are affected; the code in question was rewritten for 1.11.
-- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
