Package: libgssapi-krb5-2 Version: 1.15-1 Tags: security Upstream has committed a change that causes libgssapi-krb5 to not automatically free a security context when an error is encountered on the second or subsequent call to gss_init_sec_context() or gss_accept_sec_context(), as this is frequently unexpected by application code and could lead to a double-free situation.
- Bug#873563: CVE-2017-11462 -- automatic sec context d... Benjamin Kaduk
- Bug#873563: CVE-2017-11462 -- automatic sec cont... Sam Hartman
- Bug#873563: CVE-2017-11462 -- automatic sec cont... Sam Hartman
- Bug#873563: CVE-2017-11462 -- automatic sec ... Benjamin Kaduk
- Bug#873563: CVE-2017-11462 -- automatic ... Sam Hartman
- Bug#873563: CVE-2017-11462 -- automatic ... Salvatore Bonaccorso
