[CVE-2007-5971] Kerberos vulnerability
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
krb5 (Ubuntu) |
Fix Released
|
Medium
|
Ubuntu Backporters |
Bug Description
Binary package hint: libkrb53
References:
GLSA 200803-31 (http://
MDVSA-2008:069 (http://
Quoting GLSA 200803-31:
"Venustech AD-LAB discovered multiple vulnerabilities in the GSSAPI library: usage of a freed variable in the gss_indicate_
Quoting MDVSA-2008:069:
"Multiple memory management flaws were found in the GSSAPI library
used by Kerberos that could result in the use of already freed memory
or an attempt to free already freed memory, possibly leading to a
crash or allowing the execution of arbitrary code (CVE-2007-5901,
CVE-2007-5971)."
The CVEs addressed in this bug have been resolved in the version now uploaded to hardy (1.6.dfsg. 3~beta1- 2ubuntu1) . However, that version should be backported to the remaining supported releases.