The remote host is missing an update to krb5 announced via advisory FEDORA-2009-2834.

Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update krb5' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-2834

Update Information: This update incorporates patches to fix potential read overflow and NULL pointer dereferences in the implementation of the SPNEGO GSSAPI mechanism (CVE-2009-0844, CVE-2009-0845), attempts to free an uninitialized pointer during protocol parsing (CVE-2009-0846), and a bug in length validation during protocol parsing (CVE-2009-0847). ChangeLog: * Tue Apr 7 2009 Nalin Dahyabhai 1.6.3-16 - add patches for read overflow and null pointer dereference in the implementation of the SPNEGO mechanism (CVE-2009-0844, CVE-2009-0845) - add patch for attempt to free uninitialized pointer in libkrb5 (CVE-2009-0846) - add patch to fix length validation bug in libkrb5 (CVE-2009-0847) * Mon Apr 6 2009 Nalin Dahyabhai - pull in a couple of defuzzed patches from the F-10 version of this package, dropping a redundant man page patch in the process

• https://bugzilla.redhat.com/show_bug.cgi?id=490634
• https://bugzilla.redhat.com/show_bug.cgi?id=491033
• https://bugzilla.redhat.com/show_bug.cgi?id=491034
• https://bugzilla.redhat.com/show_bug.cgi?id=491036

---

Updated on 2015-03-25