Package: krb5-kdc
Version: 1.10.1+dfsg-4+nmu1
Severity: serious
Upstream has patched against CVE-2013-1416; Debian should as well.
By sending an unusual but valid TGS-REQ, an authenticated remote attacker
can cause the KDC process to crash by dereferencing a null pointer.
Only krb5 releases 1.7 to 1.10 are affected; the code in question was
rewritten for 1.11.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
