[Secure-testing-team] Bug#575740: CVE-2010-0628 (MITKRB5-SA-2010-002)
Giuseppe Iuculano
iuculano at debian.org
Sun Mar 28 20:59:39 UTC 2010
Package: krb5
Version: 1.8+dfsg~alpha1-7
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for krb5.
CVE-2010-0628[0]:
| The spnego_gss_accept_sec_context function in
| lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in
| MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows
| remote attackers to cause a denial of service (assertion failure and
| daemon crash) via an invalid packet that triggers incorrect
| preparation of an error token.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0628
http://security-tracker.debian.org/tracker/CVE-2010-0628
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkuvwzgACgkQNxpp46476apSagCfbj0ouyXv6uz8gDdtq9uYC+xm
PmYAoJcaMNl/MUL0640VxwW4yZByKIjq
=0mge
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list