Updated krb5 package fixes security vulnerabily: If a KDC serves multiple realms, certain requests can cause setup_server_realm to dereference a null pointer, crashing the KDC. This can be triggered by an unauthenticated user .