[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1058-1] krb5 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

From: Lucas Kanashiro <kanashiro@debian.org>
To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1058-1] krb5 security update

Package        : krb5
Version        : 1.10.1+dfsg-5+deb7u8
CVE ID         : CVE-2017-11368
Debian Bug     : 869260


In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker
can cause a KDC assertion failure by sending invalid S4U2Self or
S4U2Proxy requests.

For Debian 7 "Wheezy", these problems have been fixed in version
1.10.1+dfsg-5+deb7u8.

We recommend that you upgrade your krb5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAlmSDBMACgkQ+COicpiD
yXxrIg//WM7WonHJWdDSzF1X1y8uGFwya/sJeZzB7pjVmAcmgCc+RDIn0lq4eO6X
ZgKIXGxlFrn1BxHStz3Kz7kVYugX82bgoO99sgGsBouFqopAUfNUNlq3Ms0DCIvg
sPtcmQdU6zXIpg14Qu6EuZIr/72MG2Qrsd1Hafr61l5j3IuFAIlK+G4bzYGFfauV
iaLjOVYJ+Vx/Qj4ZaCnkHBdDc5RniDEMQqJYqwTzQV3q0XdZ2Ybk5M+VXgeu5hH+
fi6Pvfzgp/Hf+yjNMDv5Y/ZxyaZyVkC8xnGOAO1hn36UZDp6+71ZsZjxKcFpI3cB
3NS98Krj/rOtyXSr4gsC2mWOkmWbarue72mU3MuQ3Ul4e+WyY9UBUB7+jV8guVBR
DcVC+Rzat77OGfdzqrKv+FKQ4BZUA5T98hyaawm22ISWSx/yfXZ0ciXP/TBCw7fY
Tp5np8wmalFI+knIFJifXOMJ7xQQF5thRL3QKOIF6K2lT02alKXd8PPlR0tYP/Nx
YLBg+5sP3JikAdezyD/T0dKbcvPcjIHefwpens1plt5dWy9/bSS72Q5o/Z9cmSe0
tHgg+0x92GaGAxTypW/O1XeJ41T0E1CAmqJLI+/w4AP8a+t8uUBG2Y0V2FCVVfsS
DJSoAV2d6lTPnnGkSjO1ASIRUP9UygKWKjW8kMB/Ws74r+DnfpE=
=ODGH
-----END PGP SIGNATURE-----


Reply to: