Package : krb5
Vulnerability : null pointer dereference
Problem type : remote
Debian-specific: no
CVE Id : CVE-2010-1321
Debian Bug : 582261
Shawn Emery discovered that in MIT Kerberos 5 (krb5), a system for authenticating users and services on a network, a null pointer
dereference flaw in the Generic Security Service Application Program
Interface (GSS-API) library could allow an authenticated remote attacker
to crash any server application using the GSS-API authentication
mechanism, by sending a specially-crafted GSS-API token with a missing
checksum field.
For the stable distribution (lenny), this problem has been fixed in
version 1.6.dfsg.4~beta1-5lenny4.
For the testing distribution (squeeze), this problem has been fixed in
version 1.8.1+dfsg-3.
For the testing distribution (sid), this problem has been fixed in
version 1.8.1+dfsg-3.
We recommend that you upgrade your krb5 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Package : krb5
Vulnerability : null pointer dereference
Problem type : remote
Debian-specific: no
CVE Id : CVE-2010-1321
Debian Bug : 582261
Shawn Emery discovered that in MIT Kerberos 5 (krb5), a system for authenticating users and services on a network, a null pointer
dereference flaw in the Generic Security Service Application Program
Interface (GSS-API) library could allow an authenticated remote attacker
to crash any server application using the GSS-API authentication
mechanism, by sending a specially-crafted GSS-API token with a missing
checksum field.
For the stable distribution (lenny), this problem has been fixed in
version 1.6.dfsg.4~beta1-5lenny4.
For the testing distribution (squeeze), this problem has been fixed in
version 1.8.1+dfsg-3.
For the testing distribution (sid), this problem has been fixed in
version 1.8.1+dfsg-3.
We recommend that you upgrade your krb5 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------