Gentoo Security Advisory GLSA 201201-13 (mit-krb5) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 201201-13.

Solution

All MIT Kerberos 5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-crypt/mit-krb5-1.9.2-r1' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201201-13 http://bugs.gentoo.org/show_bug.cgi?id=303723 http://bugs.gentoo.org/show_bug.cgi?id=308021 http://bugs.gentoo.org/show_bug.cgi?id=321935 http://bugs.gentoo.org/show_bug.cgi?id=323525 http://bugs.gentoo.org/show_bug.cgi?id=339866 http://bugs.gentoo.org/show_bug.cgi?id=347369 http://bugs.gentoo.org/show_bug.cgi?id=352859 http://bugs.gentoo.org/show_bug.cgi?id=359129 http://bugs.gentoo.org/show_bug.cgi?id=363507 http://bugs.gentoo.org/show_bug.cgi?id=387585 http://bugs.gentoo.org/show_bug.cgi?id=393429

Insight

Multiple vulnerabilities have been found in MIT Kerberos 5, the most severe of which may allow remote execution of arbitrary code.

Severity

Classification

Related Vulnerabilities

Gentoo Security Advisory GLSA 200408-08 (Cfengine)
Gentoo Security Advisory GLSA 200404-16 (monit)
Gentoo Security Advisory GLSA 200404-05 (ipsec-tools)
Gentoo Security Advisory GLSA 200404-11 (dev-libs/pwlib)
Gentoo Security Advisory GLSA 200405-13 (neon)

Take action and discover your vulnerabilities