Multiple vulnerabilities have been found in krb5, the MIT implementation of Kerberos: CVE-2014-5352 Incorrect memory management in the libgssapi_krb5 library might result in denial of service or the execution of arbitrary code. CVE-2014-9421 Incorrect memory management in kadmind's processing of XDR data might result in denial of service or the execution of arbitrary code. CVE-2014-9422 Incorrect processing of two-component server principals might result in impersonation attacks. CVE-2014-9423 An information leak in the libgssrpc library.

For the stable distribution (wheezy), these problems have been fixed in version 1.10.1+dfsg-5+deb7u3. For the unstable distribution (sid), these problems have been fixed in version 1.12.1+dfsg-17. We recommend that you upgrade your krb5 packages.

Kerberos is a system for authenticating users and services on a network. Kerberos is a trusted third-party service.

krb5 on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2015/dsa-3153.html

---

Updated on 2015-03-25