Shawn Emery discovered that in MIT Kerberos 5 , a system for authenticating users and services on a network, a null pointer dereference flaw in the Generic Security Service Application Program Interface library could allow an authenticated remote attacker to crash any server application using the GSS-API authentication mechanism, by sending a specially-crafted GSS-API token with a missing checksum field. For the stable distribution , this problem has been fixed in version 1.6.dfsg.4~beta1-5lenny4. For the testing distribution , this problem has been fixed in version 1.8.1+dfsg-3. For the testing distribution , this problem has been fixed in version 1.8.1+dfsg-3. We recommend that you upgrade your krb5 packages.